Refactor Dockerfile (securego#245)

* ignore the temporary image file used for builds Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * no need for GOPATH in the Dockerfile It is already set in the golang:1.10.3-alpine3.8 image. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * no need for GOROOT in Dockerfile The correct value is embedded in the go tool. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * bump Dockerfile golang to 1.10.4 The latest golang version thus far. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * replace docker-entrypoint.sh with the gosec binary Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * git ignore gosec binary Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * refactor Dockerfile into multi-stage First stage does the build in a pristine alpine environment. Second stage is a minimal image with just the necessary stuff to run the compiled binary. Also added packages for gcc and musl-dev so cgo can do its thang. Signed-off-by: Andrew Hsu <andrewhsu@docker.com> * fix the image execution example in README.md Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
holyspectral · Sep 26, 2018 · 5f98926 · 5f98926
1 parent 7f6509a
commit 5f98926
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 13 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,8 +1,12 @@
+# transient files
+/image
+
 # Compiled Object files, Static and Dynamic libs (Shared Objects)
 *.o
 *.a
 *.so
 *.swp
+/gosec
 
 # Folders
 _obj

diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,11 @@
-FROM golang:1.10.3-alpine3.8
+FROM golang:1.10.4-alpine3.8 as build
+WORKDIR /go/src/github.com/securego/gosec
+COPY . .
+RUN apk add -U git make
+RUN go get -u github.com/golang/dep/cmd/dep
+RUN make
 
-ENV BIN=gosec
-ENV GOROOT=/usr/local/go
-ENV GOPATH=/go
-
-COPY $BIN /go/bin/$BIN
-COPY docker-entrypoint.sh /usr/local/bin
-
-ENTRYPOINT ["docker-entrypoint.sh"]
+FROM golang:1.10.4-alpine3.8
+RUN apk add -U gcc musl-dev
+COPY --from=build /go/src/github.com/securego/gosec/gosec /usr/local/bin/gosec
+ENTRYPOINT ["gosec"]
diff --git a/Makefile b/Makefile
@@ -33,7 +33,7 @@ release: bootstrap
 build-linux:
 	CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags $(BUILDFLAGS) -o $(BIN) ./cmd/gosec/
 
-image: build-linux
+image:
 	@echo "Building the Docker image..."
 	docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) .
 	docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest

diff --git a/README.md b/README.md
@@ -186,7 +186,7 @@ You can run the `gosec` tool in a container against your local Go project. You j
 `GOPATH` of the container:
 
 ```
-docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec /go/src/<YOUR PROJECT PATH>
+docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec ./...
 ```
 
 #### Generate TLS rule

diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh