Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor Dockerfile #245

Merged
merged 8 commits into from
Sep 26, 2018
Merged

refactor Dockerfile #245

merged 8 commits into from
Sep 26, 2018

Conversation

andrewhsu
Copy link
Contributor

Refactor the Dockerfile:

  • added gcc and musl-dev so cgo can operate
  • update golang to latest 1.10.x
  • multi-stage builds to have a minimal final image
  • replace docker-entrypoint.sh (doesn't seem to be needed) with gosec binary

Final docker image built should be the same interface.

$ make image
Building the Docker image...
docker build -t securego/gosec:1.1.0-13-g6ca6e09 .
[+] Building 0.1s (14/14) FINISHED                                              
 => [internal] load Dockerfile                                             0.0s
 => => transferring dockerfile: 38B                                        0.0s
 => [internal] load .dockerignore                                          0.0s
 => => transferring context: 2B                                            0.0s
 => [internal] load metadata for docker.io/library/golang:1.10.4-alpine3.  0.0s
 => [internal] load metadata for docker.io/library/golang:1.10.4-alpine3.  0.0s
 => [internal] load build context                                          0.0s
 => => transferring context: 10.39kB                                       0.0s
 => [stage-1 1/3] FROM docker.io/library/golang:1.10.4-alpine3.8           0.0s
 => [internal] helper image for file operations                            0.0s
 => CACHED [stage-1 2/3] RUN apk add -U gcc musl-dev                       0.0s
 => CACHED [build 2/5] COPY . .                                            0.0s
 => CACHED [build 3/5] RUN apk add -U git make                             0.0s
 => CACHED [build 4/5] RUN go get -u github.com/golang/dep/cmd/dep         0.0s
 => CACHED [build 5/5] RUN make                                            0.0s
 => CACHED [stage-1 3/3] COPY --from=build /go/src/github.com/securego/go  0.0s
 => exporting to image                                                     0.0s
 => => exporting layers                                                    0.0s
 => => writing image sha256:2981dd166c325d76df902ea1087c0dad119b9d45af606  0.0s
 => => naming to docker.io/securego/gosec:1.1.0-13-g6ca6e09                0.0s
docker tag securego/gosec:1.1.0-13-g6ca6e09 securego/gosec:latest
touch image
$ make bootstrap
dep ensure
$ docker run --rm -it \
  -v "$GOPATH/src/github.com/securego/gosec:/go/src/github.com/securego/gosec" \
  -w /go/src/github.com/securego/gosec \
  securego/gosec:latest ./...
[gosec] 2018/09/25 04:28:27 including rules: default
[gosec] 2018/09/25 04:28:27 excluding rules: default
[gosec] 2018/09/25 04:28:27 Searching directory: /go/src/github.com/securego/gosec
...
Results:

Summary:
   Files: 44
   Lines: 5612
   Nosec: 16
  Issues: 0

@andrewhsu
ignore the temporary image file used for builds
b193fc6 
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
@andrewhsu
git ignore gosec binary
e1c5495 
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
@andrewhsu
no need for GOPATH in the Dockerfile
291a6e7 
It is already set in the golang:1.10.3-alpine3.8 image.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
@andrewhsu
no need for GOROOT in Dockerfile
a81f338 
The correct value is embedded in the go tool.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
@andrewhsu
bump Dockerfile golang to 1.10.4
d12f53c 
The latest golang version thus far.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
@andrewhsu
replace docker-entrypoint.sh with the gosec binary
2c7e0a4 
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
@andrewhsu
refactor Dockerfile into multi-stage
f859701 
First stage does the build in a pristine alpine environment. Second
stage is a minimal image with just the necessary stuff to run the
compiled binary. Also added packages for gcc and musl-dev so cgo can do
its thang.

Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
ccojocar
ccojocar requested changes Sep 25, 2018
View reviewed changes
README.md Outdated
@@ -183,7 +183,7 @@ You can run the `gosec` tool in a container against your local Go project. You j
`GOPATH` of the container:

```
docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> securego/gosec /go/src/<YOUR PROJECT PATH>
docker run -it -v $GOPATH/src/<YOUR PROJECT PATH>:/go/src/<YOUR PROJECT PATH> ./...
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You missed the image from the command. I think it this remain the same securego/gosec.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

Dockerfile Show resolved Hide resolved
@andrewhsu
fix the image execution example in README.md
b24e3ef 
Signed-off-by: Andrew Hsu <andrewhsu@docker.com>
@ccojocar ccojocar merged commit 5f98926 into securego:master Sep 26, 2018
@andrewhsu andrewhsu deleted the image branch September 26, 2018 19:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ccojocar ccojocar ccojocar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@andrewhsu @ccojocar