-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathslim.dockerfile
More file actions
81 lines (62 loc) · 2.38 KB
/
slim.dockerfile
File metadata and controls
81 lines (62 loc) · 2.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
#
# Step 1
#
# Specify the version of Go to use
FROM golang:1.23-bookworm AS builder
# Install upx (upx.github.io) to compress the compiled action
RUN apt-get update && \
apt-get --no-install-recommends -y install ca-certificates wget xz-utils && \
LATEST_VERSION=$(wget -qO- https://api.github.com/repos/upx/upx/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")') && \
wget -q https://github.com/upx/upx/releases/download/${LATEST_VERSION}/upx-${LATEST_VERSION#v}-amd64_linux.tar.xz && \
mkdir -p /tmp/upx && \
tar -xf upx-${LATEST_VERSION#v}-amd64_linux.tar.xz -C /tmp/upx --strip-components=1 && \
mv /tmp/upx/upx /usr/local/bin/ && \
chmod +x /usr/local/bin/upx && \
rm -rf /tmp/upx && \
rm -rf /var/lib/apt/lists/*
# Install kubectl
RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" && \
install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
# Install yq
RUN curl -L "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64" -o yq && \
install -o root -g root -m 0755 yq /usr/local/bin/yq
# Disable CGO
ENV CGO_ENABLED=0
# Copy src files from the host into the container
WORKDIR /src
COPY src .
# Compile the action - the added flags instruct Go to produce a
# standalone binary
RUN go build \
-a \
-trimpath \
-ldflags "-s -w -extldflags '-static'" \
-installsuffix cgo \
-tags netgo \
-o /bin/action \
.
# Strip any symbols - this is not a library
RUN strip /bin/action
# Compress the compiled action
RUN upx -q -9 /bin/action
# Step 2
# Use the most basic and empty container - this container has no
# runtime, files, shell, libraries, etc.
FROM scratch
# set envs
ENV TEMPLATES_DIR=/src/templates
ENV DEPLOYMENT_DIR=/tmp/k8s-deploy
# Copy over SSL certificates from the first step - this is required
# if our code makes any outbound SSL connections because it contains
# the root CA bundle.
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy the kubectl
COPY --from=builder /usr/local/bin/kubectl /usr/local/bin/kubectl
# Copy the yq
COPY --from=builder /usr/local/bin/yq /usr/local/bin/yq
# Copy over the compiled action from the first step
COPY --from=builder /bin/action /bin/action
# Copy the templates
COPY --from=builder /src/templates /src/templates
# Specify the container's entrypoint as the action
ENTRYPOINT ["/bin/action"]