-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathDockerfile
41 lines (30 loc) · 1.42 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
ARG VERSION=0.2.8
FROM alpine:3@sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454 as downloader
ARG VERSION
ARG TARGETPLATFORM
WORKDIR /tmp
# install cosign
COPY --from=gcr.io/projectsigstore/cosign:v1.8.0@sha256:12b4d428529654c95a7550a936cbb5c6fe93a046ea7454676cb6fb0ce566d78c /ko-app/cosign /usr/local/bin/cosign
RUN \
case ${TARGETPLATFORM} in \
"linux/amd64") DOWNLOAD_ARCH="linux-amd64" ;; \
"linux/arm64") DOWNLOAD_ARCH="linux-arm64" ;; \
esac && \
apk add --no-cache curl upx && \
curl -sLO https://github.com/zntrio/harp/releases/download/v${VERSION}/harp-${DOWNLOAD_ARCH}.tar.gz && \
curl -sLO https://github.com/zntrio/harp/releases/download/v${VERSION}/harp-${DOWNLOAD_ARCH}.tar.gz.sig && \
curl -sLO https://raw.githubusercontent.com/elastic/harp/v${VERSION}/build/artifact/cosign.pub && \
cosign verify-blob --key /tmp/cosign.pub --signature harp-${DOWNLOAD_ARCH}.tar.gz.sig harp-${DOWNLOAD_ARCH}.tar.gz && \
tar -vxf harp-${DOWNLOAD_ARCH}.tar.gz && \
mv /tmp/harp-${DOWNLOAD_ARCH} /tmp/harp && \
upx -9 /tmp/harp && \
chmod +x /tmp/harp
FROM alpine:3@sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454
ARG VERSION
RUN apk update --no-cache && \
apk add --no-cache ca-certificates && \
rm -rf /var/cache/apk/*
RUN addgroup -S harp && adduser -S -G harp harp
COPY --from=downloader /tmp/harp /usr/bin/harp
USER harp
ENTRYPOINT [ "/usr/bin/harp" ]