Refactor Dockerfile (#245)

* ignore the temporary image file used for builds

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* no need for GOPATH in the Dockerfile

It is already set in the golang:1.10.3-alpine3.8 image.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* no need for GOROOT in Dockerfile

The correct value is embedded in the go tool.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* bump Dockerfile golang to 1.10.4

The latest golang version thus far.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* replace docker-entrypoint.sh with the gosec binary

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* git ignore gosec binary

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* refactor Dockerfile into multi-stage

First stage does the build in a pristine alpine environment. Second
stage is a minimal image with just the necessary stuff to run the
compiled binary. Also added packages for gcc and musl-dev so cgo can do
its thang.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>

* fix the image execution example in README.md

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
This commit is contained in:
Andrew Hsu 2018-09-25 22:09:20 -07:00 committed by Cosmin Cojocar
parent 7f6509a916
commit 5f98926a7b
5 changed files with 16 additions and 13 deletions

4
.gitignore vendored
View file

@ -1,8 +1,12 @@
# transient files
/image
# Compiled Object files, Static and Dynamic libs (Shared Objects) # Compiled Object files, Static and Dynamic libs (Shared Objects)
*.o *.o
*.a *.a
*.so *.so
*.swp *.swp
/gosec
# Folders # Folders
_obj _obj

View file

@ -1,10 +1,11 @@
FROM golang:1.10.3-alpine3.8 FROM golang:1.10.4-alpine3.8 as build
WORKDIR /go/src/github.com/securego/gosec
COPY . .
RUN apk add -U git make
RUN go get -u github.com/golang/dep/cmd/dep
RUN make
ENV BIN=gosec FROM golang:1.10.4-alpine3.8
ENV GOROOT=/usr/local/go RUN apk add -U gcc musl-dev
ENV GOPATH=/go COPY --from=build /go/src/github.com/securego/gosec/gosec /usr/local/bin/gosec
ENTRYPOINT ["gosec"]
COPY $BIN /go/bin/$BIN
COPY docker-entrypoint.sh /usr/local/bin
ENTRYPOINT ["docker-entrypoint.sh"]

View file

@ -33,7 +33,7 @@ release: bootstrap
build-linux: build-linux:
CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags $(BUILDFLAGS) -o $(BIN) ./cmd/gosec/ CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags $(BUILDFLAGS) -o $(BIN) ./cmd/gosec/
image: build-linux image:
@echo "Building the Docker image..." @echo "Building the Docker image..."
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) . docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest

View file

@ -186,7 +186,7 @@ You can run the `gosec` tool in a container against your local Go project. You j
`GOPATH` of the container: `GOPATH` of the container:
``` ```
docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec /go/src/<YOUR PROJECT PATH> docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec ./...
``` ```
#### Generate TLS rule #### Generate TLS rule

View file

@ -1,2 +0,0 @@
#!/usr/bin/env sh
${BIN} "$@"