-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathDockerfile
More file actions
111 lines (97 loc) · 4.32 KB
/
Dockerfile
File metadata and controls
111 lines (97 loc) · 4.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Copyright 2023 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This is the Dockerfile for the Builder Image that is used by the CI
# pipelines.
# If you make changes to this Dockerfile run `make builder-image-push`.
# Install Lychee
FROM docker.io/library/alpine:3.23.2 AS lychee
# update: datasource=github-tags depName=lycheeverse/lychee versioning=semver
ENV LYCHEE_VERSION="v0.15.1"
# hadolint ignore=DL3018
# update: datasource=github-tags depName=lycheeverse/lychee versioning=semver
ENV LYCHEE_VERSION="v0.15.1"
RUN apk add --no-cache curl && \
curl -L -o /tmp/lychee-${LYCHEE_VERSION}.tgz https://github.com/lycheeverse/lychee/releases/download/${LYCHEE_VERSION}/lychee-${LYCHEE_VERSION}-x86_64-unknown-linux-gnu.tar.gz && \
tar -xz -C /tmp -f /tmp/lychee-${LYCHEE_VERSION}.tgz && \
mv /tmp/lychee /usr/bin/lychee && \
rm -rf /tmp/linux-amd64 /tmp/lychee-${LYCHEE_VERSION}.tgz
FROM cgr.dev/chainguard/wolfi-base:latest AS wolfi
# update: datasource=github-tags depName=kubernetes-sigs/cluster-api
ARG CLUSTERCTL_VERSION="v1.10.4"
# update: datasource=github-tags depName=helm/helm
ENV HELM_VERSION="v4.0.5"
# update: datasource=github-tags depName=kubernetes-sigs/kind
ARG KIND_VERSION="v0.30.0"
# update: datasource=github-tags depName=kubernetes/kubernetes
ARG KUBECTL_VERSION="v1.34.0"
# update: datasource=github-tags depName=kubernetes-sigs/kustomize extractVersion=^kustomize\/v(?<version>.+)$
ARG KUSTOMIZE_VERSION="v5.7.1"
# update: datasource=github-tags depName=aquasecurity/trivy
ARG TRIVY_VERSION="v0.66.0"
# update: datasource=github-tags depName=kubernetes-sigs/controller-tools
ARG CONTROLLER_GEN_VERSION="v0.19.0"
# hadolint ignore=DL3018
RUN apk add -U --no-cache \
curl \
clusterctl=~${CLUSTERCTL_VERSION#v} \
controller-gen=~${CONTROLLER_GEN_VERSION#v} \
helm=~${HELM_VERSION#v} \
kind=~${KIND_VERSION#v} \
kubectl=~${KUBECTL_VERSION#v} \
kustomize=~${KUSTOMIZE_VERSION#v} \
trivy=~${TRIVY_VERSION#v}
# Install Golang CI Lint
FROM docker.io/library/alpine:3.23.2 AS golangci
# update: datasource=github-tags depName=golangci/golangci-lint versioning=semver
ENV GOLANGCI_VERSION="v2.8.0"
WORKDIR /
# hadolint ignore=DL3018,DL4006
RUN apk add --no-cache curl && \
curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s ${GOLANGCI_VERSION}
# Install Hadolint
FROM docker.io/hadolint/hadolint:v2.14.0-alpine@sha256:7aba693c1442eb31c0b015c129697cb3b6cb7da589d85c7562f9deb435a6657c AS hadolint
# Install Trivy
FROM docker.io/aquasec/trivy:0.68.2 AS trivy
############################
# CSO Build Image Base #
############################
FROM docker.io/library/golang:1.24.6-bullseye
# update: datasource=github-tags depName=adrienverge/yamllint versioning=semver
ENV YAMLLINT_VERSION="v1.38.0"
# update: datasource=github-tags depName=opt-nc/yamlfixer versioning=semver
ENV YAMLFIXER_VERSION="0.9.15"
# hadolint ignore=DL3008
RUN apt-get update && \
apt-get install -qy --no-install-recommends \
gnupg python3 python3-pip \
file zip unzip jq gettext \
libsystemd-dev jq && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
pip install --no-cache-dir \
yamllint==${YAMLLINT_VERSION} \
yamlfixer-opt-nc==${YAMLFIXER_VERSION}
COPY --from=wolfi /usr/bin/clusterctl /usr/bin/clusterctl
COPY --from=wolfi /usr/bin/controller-gen /usr/bin/controller-gen
COPY --from=wolfi /usr/bin/helm /usr/bin/helm
COPY --from=wolfi /usr/bin/kubectl /usr/bin/kubectl
COPY --from=wolfi /usr/bin/kind /usr/bin/kind
COPY --from=wolfi /usr/bin/kustomize /usr/bin/kustomize
COPY --from=wolfi /usr/bin/trivy /usr/bin/trivy
COPY --from=lychee /usr/bin/lychee /usr/bin/lychee
COPY --from=golangci /bin/golangci-lint /usr/local/bin
COPY --from=hadolint /bin/hadolint /usr/bin/hadolint
ENV GOCACHE=/go/cache
COPY build.sh /
RUN chmod +x /build.sh
ENTRYPOINT ["/build.sh"]