mirror of
https://github.com/siderolabs/discovery-service.git
synced 2025-03-14 09:55:08 +00:00
Rekres, bump dependencies. Security CVE-2023-44487 Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
126 lines
4.9 KiB
Docker
126 lines
4.9 KiB
Docker
# syntax = docker/dockerfile-upstream:1.6.0-labs
|
|
|
|
# THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
|
|
#
|
|
# Generated on 2023-10-10T17:36:54Z by kres latest.
|
|
|
|
ARG TOOLCHAIN
|
|
|
|
# cleaned up specs and compiled versions
|
|
FROM scratch AS generate
|
|
|
|
FROM ghcr.io/siderolabs/ca-certificates:v1.6.0-alpha.0-10-gd3d7d29 AS image-ca-certificates
|
|
|
|
FROM ghcr.io/siderolabs/fhs:v1.6.0-alpha.0-10-gd3d7d29 AS image-fhs
|
|
|
|
# runs markdownlint
|
|
FROM docker.io/node:20.8.0-alpine3.18 AS lint-markdown
|
|
WORKDIR /src
|
|
RUN npm i -g markdownlint-cli@0.37.0
|
|
RUN npm i sentences-per-line@0.2.1
|
|
COPY .markdownlint.json .
|
|
COPY ./README.md ./README.md
|
|
RUN markdownlint --ignore "CHANGELOG.md" --ignore "**/node_modules/**" --ignore '**/hack/chglog/**' --rules node_modules/sentences-per-line/index.js .
|
|
|
|
# base toolchain image
|
|
FROM ${TOOLCHAIN} AS toolchain
|
|
RUN apk --update --no-cache add bash curl build-base protoc protobuf-dev
|
|
|
|
# build tools
|
|
FROM --platform=${BUILDPLATFORM} toolchain AS tools
|
|
ENV GO111MODULE on
|
|
ARG CGO_ENABLED
|
|
ENV CGO_ENABLED ${CGO_ENABLED}
|
|
ARG GOTOOLCHAIN
|
|
ENV GOTOOLCHAIN ${GOTOOLCHAIN}
|
|
ARG GOEXPERIMENT
|
|
ENV GOEXPERIMENT ${GOEXPERIMENT}
|
|
ENV GOPATH /go
|
|
ARG DEEPCOPY_VERSION
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg go install github.com/siderolabs/deep-copy@${DEEPCOPY_VERSION} \
|
|
&& mv /go/bin/deep-copy /bin/deep-copy
|
|
ARG GOLANGCILINT_VERSION
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg go install github.com/golangci/golangci-lint/cmd/golangci-lint@${GOLANGCILINT_VERSION} \
|
|
&& mv /go/bin/golangci-lint /bin/golangci-lint
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg go install golang.org/x/vuln/cmd/govulncheck@latest \
|
|
&& mv /go/bin/govulncheck /bin/govulncheck
|
|
ARG GOIMPORTS_VERSION
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg go install golang.org/x/tools/cmd/goimports@${GOIMPORTS_VERSION} \
|
|
&& mv /go/bin/goimports /bin/goimports
|
|
ARG GOFUMPT_VERSION
|
|
RUN go install mvdan.cc/gofumpt@${GOFUMPT_VERSION} \
|
|
&& mv /go/bin/gofumpt /bin/gofumpt
|
|
|
|
# tools and sources
|
|
FROM tools AS base
|
|
WORKDIR /src
|
|
COPY go.mod go.mod
|
|
COPY go.sum go.sum
|
|
RUN cd .
|
|
RUN --mount=type=cache,target=/go/pkg go mod download
|
|
RUN --mount=type=cache,target=/go/pkg go mod verify
|
|
COPY ./cmd ./cmd
|
|
COPY ./internal ./internal
|
|
COPY ./pkg ./pkg
|
|
RUN --mount=type=cache,target=/go/pkg go list -mod=readonly all >/dev/null
|
|
|
|
# builds discovery-service-linux-amd64
|
|
FROM base AS discovery-service-linux-amd64-build
|
|
COPY --from=generate / /
|
|
WORKDIR /src/cmd/discovery-service
|
|
ARG GO_BUILDFLAGS
|
|
ARG GO_LDFLAGS
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /discovery-service-linux-amd64
|
|
|
|
# runs gofumpt
|
|
FROM base AS lint-gofumpt
|
|
RUN FILES="$(gofumpt -l .)" && test -z "${FILES}" || (echo -e "Source code is not formatted with 'gofumpt -w .':\n${FILES}"; exit 1)
|
|
|
|
# runs goimports
|
|
FROM base AS lint-goimports
|
|
RUN FILES="$(goimports -l -local github.com/siderolabs/discovery-service/ .)" && test -z "${FILES}" || (echo -e "Source code is not formatted with 'goimports -w -local github.com/siderolabs/discovery-service/ .':\n${FILES}"; exit 1)
|
|
|
|
# runs golangci-lint
|
|
FROM base AS lint-golangci-lint
|
|
WORKDIR /src
|
|
COPY .golangci.yml .
|
|
ENV GOGC 50
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/root/.cache/golangci-lint --mount=type=cache,target=/go/pkg golangci-lint run --config .golangci.yml
|
|
|
|
# runs govulncheck
|
|
FROM base AS lint-govulncheck
|
|
WORKDIR /src
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg govulncheck ./...
|
|
|
|
# runs unit-tests with race detector
|
|
FROM base AS unit-tests-race
|
|
WORKDIR /src
|
|
ARG TESTPKGS
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg --mount=type=cache,target=/tmp CGO_ENABLED=1 go test -v -race -count 1 ${TESTPKGS}
|
|
|
|
# runs unit-tests
|
|
FROM base AS unit-tests-run
|
|
WORKDIR /src
|
|
ARG TESTPKGS
|
|
RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg --mount=type=cache,target=/tmp go test -v -covermode=atomic -coverprofile=coverage.txt -coverpkg=${TESTPKGS} -count 1 ${TESTPKGS}
|
|
|
|
FROM scratch AS discovery-service-linux-amd64
|
|
COPY --from=discovery-service-linux-amd64-build /discovery-service-linux-amd64 /discovery-service-linux-amd64
|
|
|
|
FROM scratch AS unit-tests
|
|
COPY --from=unit-tests-run /src/coverage.txt /coverage-unit-tests.txt
|
|
|
|
FROM discovery-service-linux-${TARGETARCH} AS discovery-service
|
|
|
|
FROM scratch AS discovery-service-all
|
|
COPY --from=discovery-service-linux-amd64 / /
|
|
|
|
FROM scratch AS image-discovery-service
|
|
ARG TARGETARCH
|
|
COPY --from=discovery-service discovery-service-linux-${TARGETARCH} /discovery-service
|
|
COPY --from=image-fhs / /
|
|
COPY --from=image-ca-certificates / /
|
|
LABEL org.opencontainers.image.source https://github.com/siderolabs/discovery-service
|
|
ENTRYPOINT ["/discovery-service"]
|
|
|