forked from temporalio/cli
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcli.Dockerfile
More file actions
34 lines (24 loc) · 951 Bytes
/
cli.Dockerfile
File metadata and controls
34 lines (24 loc) · 951 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# syntax=docker/dockerfile:1
ARG ALPINE_IMAGE
ARG BUILDARCH
# Build stage - copy binaries from goreleaser output
FROM --platform=$BUILDARCH scratch AS dist
COPY dist/nix_linux_amd64_v1/temporal /dist/amd64/temporal
COPY dist/nix_linux_arm64_v8.0/temporal /dist/arm64/temporal
# Stage to extract CA certificates and create user files
FROM ${ALPINE_IMAGE} AS certs
RUN apk add --no-cache ca-certificates && \
adduser -u 1000 -D temporal
# Final stage - minimal scratch-based image
FROM scratch
ARG TARGETARCH
# Copy CA certificates from certs stage
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy passwd and group files for non-root user
COPY --from=certs /etc/passwd /etc/passwd
COPY --from=certs /etc/group /etc/group
# Copy the appropriate binary for target architecture
COPY --from=dist /dist/$TARGETARCH/temporal /temporal
# Run as non-root user temporal (uid 1000)
USER 1000:1000
ENTRYPOINT ["/temporal"]