From 5f98926a7be81fd2fcb25b535e2b4e30406a8af0 Mon Sep 17 00:00:00 2001 From: Andrew Hsu Date: Tue, 25 Sep 2018 22:09:20 -0700 Subject: [PATCH] Refactor Dockerfile (#245) * ignore the temporary image file used for builds Signed-off-by: Andrew Hsu * no need for GOPATH in the Dockerfile It is already set in the golang:1.10.3-alpine3.8 image. Signed-off-by: Andrew Hsu * no need for GOROOT in Dockerfile The correct value is embedded in the go tool. Signed-off-by: Andrew Hsu * bump Dockerfile golang to 1.10.4 The latest golang version thus far. Signed-off-by: Andrew Hsu * replace docker-entrypoint.sh with the gosec binary Signed-off-by: Andrew Hsu * git ignore gosec binary Signed-off-by: Andrew Hsu * refactor Dockerfile into multi-stage First stage does the build in a pristine alpine environment. Second stage is a minimal image with just the necessary stuff to run the compiled binary. Also added packages for gcc and musl-dev so cgo can do its thang. Signed-off-by: Andrew Hsu * fix the image execution example in README.md Signed-off-by: Andrew Hsu --- .gitignore | 4 ++++ Dockerfile | 19 ++++++++++--------- Makefile | 2 +- README.md | 2 +- docker-entrypoint.sh | 2 -- 5 files changed, 16 insertions(+), 13 deletions(-) delete mode 100755 docker-entrypoint.sh diff --git a/.gitignore b/.gitignore index ee144d51b8..f282cda248 100644 --- a/.gitignore +++ b/.gitignore @@ -1,8 +1,12 @@ +# transient files +/image + # Compiled Object files, Static and Dynamic libs (Shared Objects) *.o *.a *.so *.swp +/gosec # Folders _obj diff --git a/Dockerfile b/Dockerfile index 8bdf4313f4..24c089d161 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,11 @@ -FROM golang:1.10.3-alpine3.8 +FROM golang:1.10.4-alpine3.8 as build +WORKDIR /go/src/github.com/securego/gosec +COPY . . +RUN apk add -U git make +RUN go get -u github.com/golang/dep/cmd/dep +RUN make -ENV BIN=gosec -ENV GOROOT=/usr/local/go -ENV GOPATH=/go - -COPY $BIN /go/bin/$BIN -COPY docker-entrypoint.sh /usr/local/bin - -ENTRYPOINT ["docker-entrypoint.sh"] +FROM golang:1.10.4-alpine3.8 +RUN apk add -U gcc musl-dev +COPY --from=build /go/src/github.com/securego/gosec/gosec /usr/local/bin/gosec +ENTRYPOINT ["gosec"] diff --git a/Makefile b/Makefile index 1aca3df656..1ed0069425 100644 --- a/Makefile +++ b/Makefile @@ -33,7 +33,7 @@ release: bootstrap build-linux: CGO_ENABLED=$(CGO_ENABLED) GOOS=linux GOARCH=amd64 go build -ldflags $(BUILDFLAGS) -o $(BIN) ./cmd/gosec/ -image: build-linux +image: @echo "Building the Docker image..." docker build -t $(IMAGE_REPO)/$(BIN):$(GIT_TAG) . docker tag $(IMAGE_REPO)/$(BIN):$(GIT_TAG) $(IMAGE_REPO)/$(BIN):latest diff --git a/README.md b/README.md index 713ee7ea38..e438750d57 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,7 @@ You can run the `gosec` tool in a container against your local Go project. You j `GOPATH` of the container: ``` -docker run -it -v $GOPATH/src/:/go/src/ securego/gosec /go/src/ +docker run -it -v $GOPATH/src/:/go/src/ securego/gosec ./... ``` #### Generate TLS rule diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh deleted file mode 100755 index 52bb267999..0000000000 --- a/docker-entrypoint.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env sh -${BIN} "$@"