-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
71 lines (64 loc) · 2.73 KB
/
Dockerfile
File metadata and controls
71 lines (64 loc) · 2.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# ─────────────────────────────────────────────────────────────────────────────
# tcwlab/helm4
#
# Lean Alpine image with pinned Helm version.
# Image tag corresponds to Helm version: tcwlab/helm4:4.1.4
#
# Supported platforms: linux/amd64, linux/arm64
#
# Build (multi-arch):
# docker buildx build --platform linux/amd64,linux/arm64 \
# --build-arg HELM_VERSION=4.1.4 \
# -t tcwlab/helm4:4.1.4 --push .
# ─────────────────────────────────────────────────────────────────────────────
#####
# STAGE 1: base image
#####
FROM --platform=$BUILDPLATFORM alpine:3.23 AS base
ARG BUILDPLATFORM
# hadolint ignore=DL3018
RUN apk add -U --no-cache curl tar git bash ca-certificates && \
apk upgrade && \
rm -rf /var/cache/apk/*
#####
# STAGE 2: download Helm binary (architecture-aware)
#####
FROM base AS dependencies
ARG HELM_VERSION=4.1.4
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN case "$(apk --print-arch)" in \
aarch64) LOCAL_ARCH="arm64" ;; \
x86_64) LOCAL_ARCH="amd64" ;; \
*) echo "Unsupported architecture: $(apk --print-arch)" && exit 1 ;; \
esac && \
curl -fsSL \
"https://get.helm.sh/helm-v${HELM_VERSION}-linux-${LOCAL_ARCH}.tar.gz" \
-o /tmp/helm.tar.gz && \
tar -xzf /tmp/helm.tar.gz -C /tmp && \
mv "/tmp/linux-${LOCAL_ARCH}/helm" /usr/local/bin/helm && \
rm -rf /tmp/helm.tar.gz "/tmp/linux-${LOCAL_ARCH}" && \
chmod +x /usr/local/bin/helm && \
helm version --short
#####
# STAGE 3: production image
#####
FROM base AS release
ARG HELM_VERSION=4.1.4
LABEL org.opencontainers.image.title="helm4" \
org.opencontainers.image.description="Helm 4 — pinned version for reproducible CI" \
org.opencontainers.image.vendor="The Chameleon Way" \
org.opencontainers.image.url="https://hub.docker.com/r/tcwlab/helm4" \
org.opencontainers.image.source="https://github.com/tcwlab/helm4" \
org.opencontainers.image.version="${HELM_VERSION}"
COPY --from=dependencies /usr/local/bin/helm /usr/local/bin/helm
# Non-root user. Pre-create the Helm cache/config directories Helm 3+ expects
# under $HOME so that consumer pipelines do not have to write to $HOME from
# read-only mounts.
RUN addgroup -S helmusr && adduser -S helmusr -G helmusr && \
mkdir -p /home/helmusr/.config/helm \
/home/helmusr/.cache/helm \
/home/helmusr/.local/share/helm && \
chown -R helmusr:helmusr /home/helmusr
USER helmusr
WORKDIR /workspace
ENTRYPOINT ["helm"]