mirror of
https://github.com/securego/gosec.git
synced 2024-12-24 11:35:52 +00:00
Refactor Dockerfile (#245)
* ignore the temporary image file used for builds Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * no need for GOPATH in the Dockerfile It is already set in the golang:1.10.3-alpine3.8 image. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * no need for GOROOT in Dockerfile The correct value is embedded in the go tool. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * bump Dockerfile golang to 1.10.4 The latest golang version thus far. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * replace docker-entrypoint.sh with the gosec binary Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * git ignore gosec binary Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * refactor Dockerfile into multi-stage First stage does the build in a pristine alpine environment. Second stage is a minimal image with just the necessary stuff to run the compiled binary. Also added packages for gcc and musl-dev so cgo can do its thang. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * fix the image execution example in README.md Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
This commit is contained in:
parent
7f6509a916
commit
5f98926a7b
5 changed files with 16 additions and 13 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -1,8 +1,12 @@
|
|||
# transient files
|
||||
/image
|
||||
|
||||
# Compiled Object files, Static and Dynamic libs (Shared Objects)
|
||||
*.o
|
||||
*.a
|
||||
*.so
|
||||
*.swp
|
||||
/gosec
|
||||
|
||||
# Folders
|
||||
_obj
|
||||
|
|
19
Dockerfile
19
Dockerfile
|
@ -1,10 +1,11 @@
|
|||
FROM golang:1.10.3-alpine3.8
|
||||
FROM golang:1.10.4-alpine3.8 as build
|
||||
WORKDIR /go/src/github.com/securego/gosec
|
||||
COPY . .
|
||||
RUN apk add -U git make
|
||||
RUN go get -u github.com/golang/dep/cmd/dep
|
||||
RUN make
|
||||
|
||||
ENV BIN=gosec
|
||||
ENV GOROOT=/usr/local/go
|
||||
ENV GOPATH=/go
|
||||
|
||||
COPY $BIN /go/bin/$BIN
|
||||
COPY docker-entrypoint.sh /usr/local/bin
|
||||
|
||||
ENTRYPOINT ["docker-entrypoint.sh"]
|
||||
FROM golang:1.10.4-alpine3.8
|
||||
RUN apk add -U gcc musl-dev
|
||||
COPY --from=build /go/src/github.com/securego/gosec/gosec /usr/local/bin/gosec
|
||||
ENTRYPOINT ["gosec"]
|
||||
|
|
2
Makefile
2
Makefile
|
@ -33,7 +33,7 @@ release: bootstrap
|
|||
build-linux:
|
||||
CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags $(BUILDFLAGS) -o $(BIN) ./cmd/gosec/
|
||||
|
||||
image: build-linux
|
||||
image:
|
||||
@echo "Building the Docker image..."
|
||||
docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
|
||||
docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest
|
||||
|
|
|
@ -186,7 +186,7 @@ You can run the `gosec` tool in a container against your local Go project. You j
|
|||
`GOPATH` of the container:
|
||||
|
||||
```
|
||||
docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec /go/src/<YOUR PROJECT PATH>
|
||||
docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec ./...
|
||||
```
|
||||
|
||||
#### Generate TLS rule
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
#!/usr/bin/env sh
|
||||
${BIN} "$@"
|
Loading…
Reference in a new issue