-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathDockerfile
26 lines (25 loc) · 1.14 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
FROM --platform=$BUILDPLATFORM golang:1.22.5-alpine3.19 as builder
ARG TARGETARCH
WORKDIR /go/src/github.com/mendersoftware/deviceauth
RUN mkdir -p /etc_extra
RUN echo "nobody:x:65534:" > /etc_extra/group
RUN echo "nobody:!::0:::::" > /etc_extra/shadow
RUN echo "nobody:x:65534:65534:Nobody:/:" > /etc_extra/passwd
RUN mkdir -p /tmp_extra && chown nobody:nobody /tmp_extra
RUN chown -R nobody:nobody /etc_extra
RUN apk add --no-cache ca-certificates
COPY ./ .
RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=cache,target=/root/.cache/go-build \
CGO_ENABLED=0 GOARCH=$TARGETARCH go build -trimpath -o deviceauth .
FROM scratch
EXPOSE 8080
COPY --from=builder /etc_extra/ /etc/
COPY --from=builder --chown=nobody /tmp_extra/ /tmp/
USER 65534
# mount your private key at /etc/deviceauth/rsa/private.pem
WORKDIR /etc/deviceauth/rsa
COPY --from=builder --chown=nobody /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --chown=nobody ./config.yaml /etc/deviceauth/
COPY --from=builder --chown=nobody /go/src/github.com/mendersoftware/deviceauth/deviceauth /usr/bin/
ENTRYPOINT ["/usr/bin/deviceauth", "--config", "/etc/deviceauth/config.yaml"]