-
Notifications
You must be signed in to change notification settings - Fork 65
/
Dockerfile
120 lines (97 loc) · 4.15 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
FROM bitwalker/alpine-elixir:1.13.4 AS builder
# The following are build arguments used to change variable parts of the image.
# The name of your application/release (required)
ARG APP_NAME
# The environment to build with
ARG MIX_ENV=prod
ENV APP_NAME=${APP_NAME} \
MIX_ENV=${MIX_ENV}
# By convention, /opt is typically used for applications
WORKDIR /opt/app
# This step installs all the build tools we'll need
RUN apk update --allow-untrusted && \
apk upgrade --no-cache && \
apk add --no-cache \
git \
build-base && \
mix local.rebar --force && \
mix local.hex --force
# This copies our app source code into the build container
COPY . .
# needed so that we can get the app version from the git tag
RUN git config --global --add safe.directory '/opt/app'
RUN mix do deps.get, compile
RUN \
mkdir -p /opt/built && \
mix distillery.release --name ${APP_NAME} && \
cp _build/${MIX_ENV}/rel/${APP_NAME}/releases/*/${APP_NAME}.tar.gz /opt/built && \
cd /opt/built && \
tar -xzf ${APP_NAME}.tar.gz && \
rm ${APP_NAME}.tar.gz
FROM alpine:3.17.0 as tools
ARG TARGETARCH
# renovate: datasource=github-releases depName=helm/helm
ENV HELM_VERSION=v3.11.0
# renovate: datasource=github-releases depName=alco/goon
ENV GOON_VERSION=v1.1.1
# renovate: datasource=github-releases depName=pluralsh/plural-cli
ENV CLI_VERSION=v0.7.8
# renovate: datasource=github-releases depName=accurics/terrascan
ENV TERRASCAN_VERSION=v1.17.1
# renovate: datasource=github-releases depName=aquasecurity/trivy
ENV TRIVY_VERSION=v0.36.1
RUN apk add --update --no-cache curl ca-certificates unzip wget openssl && \
# download helm
curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | tar xvz && \
mv linux-${TARGETARCH}/helm /usr/local/bin/helm && \
# download goon
curl -L https://github.com/alco/goon/releases/download/${GOON_VERSION}/goon_linux_${TARGETARCH}.tar.gz | tar xvz && \
mv goon /usr/local/bin/goon && \
# download plural cli
curl -L https://github.com/pluralsh/plural-cli/releases/download/${CLI_VERSION}/plural-cli_console_${CLI_VERSION/v/}_Linux_${TARGETARCH}.tar.gz | tar xvz plural && \
mv plural /usr/local/bin/plural && \
# download terrascan
if [ "$TARGETARCH" = "amd64" ]; then \
curl -L https://github.com/accurics/terrascan/releases/download/${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION/v/}_Linux_x86_64.tar.gz > terrascan.tar.gz; \
else \
curl -L https://github.com/accurics/terrascan/releases/download/${TERRASCAN_VERSION}/terrascan_${TERRASCAN_VERSION/v/}_Linux_${TARGETARCH}.tar.gz > terrascan.tar.gz; \
fi && \
tar -xf terrascan.tar.gz terrascan && rm terrascan.tar.gz && \
mv terrascan /usr/local/bin/terrascan && \
# download trivy
if [ "$TARGETARCH" = "amd64" ]; then \
curl -L https://github.com/aquasecurity/trivy/releases/download/${TRIVY_VERSION}/trivy_${TRIVY_VERSION/v/}_Linux-64bit.tar.gz > trivy.tar.gz; \
elif [ "$TARGETARCH" = "arm64" ]; then \
curl -L https://github.com/aquasecurity/trivy/releases/download/${TRIVY_VERSION}/trivy_${TRIVY_VERSION/v/}_Linux-ARM64.tar.gz > trivy.tar.gz; \
fi && \
tar -xf trivy.tar.gz trivy && rm trivy.tar.gz && \
mv trivy /usr/local/bin/trivy && \
# make tools executable
chmod +x /usr/local/bin/helm && \
chmod +x /usr/local/bin/goon && \
chmod +x /usr/local/bin/plural && \
chmod +x /usr/local/bin/terrascan && \
chmod +x /usr/local/bin/trivy
FROM erlang:24.3.4.6-alpine
# The name of your application/release (required)
ARG APP_NAME
ARG GIT_COMMIT
RUN apk update && \
apk add --no-cache \
bash \
curl \
busybox \
openssl-dev \
ca-certificates \
git
ENV REPLACE_OS_VARS=true \
APP_NAME=${APP_NAME} \
GIT_COMMIT=${GIT_COMMIT}
WORKDIR /opt/app
COPY --from=tools /usr/local/bin/plural /usr/local/bin/plural
COPY --from=tools /usr/local/bin/helm /usr/local/bin/helm
COPY --from=tools /usr/local/bin/goon /usr/local/bin/goon
COPY --from=tools /usr/local/bin/terrascan /usr/local/bin/terrascan
COPY --from=tools /usr/local/bin/trivy /usr/local/bin/trivy
COPY --from=builder /opt/built .
CMD trap 'exit' INT; /opt/app/bin/${APP_NAME} foreground