mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Refactor Dockerfile (#245)
* ignore the temporary image file used for builds Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * no need for GOPATH in the Dockerfile It is already set in the golang:1.10.3-alpine3.8 image. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * no need for GOROOT in Dockerfile The correct value is embedded in the go tool. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * bump Dockerfile golang to 1.10.4 The latest golang version thus far. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * replace docker-entrypoint.sh with the gosec binary Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * git ignore gosec binary Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * refactor Dockerfile into multi-stage First stage does the build in a pristine alpine environment. Second stage is a minimal image with just the necessary stuff to run the compiled binary. Also added packages for gcc and musl-dev so cgo can do its thang. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * fix the image execution example in README.md Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
This commit is contained in:
parent
7f6509a916
commit
5f98926a7b
5 changed files with 16 additions and 13 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1,8 +1,12 @@
|
||||||
|
# transient files
|
||||||
|
/image
|
||||||
|
|
||||||
# Compiled Object files, Static and Dynamic libs (Shared Objects)
|
# Compiled Object files, Static and Dynamic libs (Shared Objects)
|
||||||
*.o
|
*.o
|
||||||
*.a
|
*.a
|
||||||
*.so
|
*.so
|
||||||
*.swp
|
*.swp
|
||||||
|
/gosec
|
||||||
|
|
||||||
# Folders
|
# Folders
|
||||||
_obj
|
_obj
|
||||||
|
|
19
Dockerfile
19
Dockerfile
|
@ -1,10 +1,11 @@
|
||||||
FROM golang:1.10.3-alpine3.8
|
FROM golang:1.10.4-alpine3.8 as build
|
||||||
|
WORKDIR /go/src/github.com/securego/gosec
|
||||||
|
COPY . .
|
||||||
|
RUN apk add -U git make
|
||||||
|
RUN go get -u github.com/golang/dep/cmd/dep
|
||||||
|
RUN make
|
||||||
|
|
||||||
ENV BIN=gosec
|
FROM golang:1.10.4-alpine3.8
|
||||||
ENV GOROOT=/usr/local/go
|
RUN apk add -U gcc musl-dev
|
||||||
ENV GOPATH=/go
|
COPY --from=build /go/src/github.com/securego/gosec/gosec /usr/local/bin/gosec
|
||||||
|
ENTRYPOINT ["gosec"]
|
||||||
COPY $BIN /go/bin/$BIN
|
|
||||||
COPY docker-entrypoint.sh /usr/local/bin
|
|
||||||
|
|
||||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
|
||||||
|
|
2
Makefile
2
Makefile
|
@ -33,7 +33,7 @@ release: bootstrap
|
||||||
build-linux:
|
build-linux:
|
||||||
CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags $(BUILDFLAGS) -o $(BIN) ./cmd/gosec/
|
CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags $(BUILDFLAGS) -o $(BIN) ./cmd/gosec/
|
||||||
|
|
||||||
image: build-linux
|
image:
|
||||||
@echo "Building the Docker image..."
|
@echo "Building the Docker image..."
|
||||||
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
|
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
|
||||||
docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
|
docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
|
||||||
|
|
|
@ -186,7 +186,7 @@ You can run the `gosec` tool in a container against your local Go project. You j
|
||||||
`GOPATH` of the container:
|
`GOPATH` of the container:
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec /go/src/<YOUR PROJECT PATH>
|
docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec ./...
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Generate TLS rule
|
#### Generate TLS rule
|
||||||
|
|
|
@ -1,2 +0,0 @@
|
||||||
#!/usr/bin/env sh
|
|
||||||
${BIN} "$@"
|
|
Loading…
Reference in a new issue