goreleaser/Dockerfile

FROM golang:1.23.3-alpine@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574

RUN apk add --no-cache bash \
	curl \
	docker-cli \
	docker-cli-buildx \
	git \
	gpg \
	mercurial \
	make \
	openssh-client \
	build-base \
	tini \
	upx

# install cosign
COPY --from=ghcr.io/sigstore/cosign/cosign:v2.4.0@sha256:9d50ceb15f023eda8f58032849eedc0216236d2e2f4cfe1cdf97c00ae7798cfe /ko-app/cosign /usr/bin/cosign

# install syft
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh | sh -s -- -b /usr/local/bin

ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
CMD [ "-h" ]

COPY scripts/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

COPY goreleaser_*.apk /tmp/
RUN apk add --no-cache --allow-untrusted /tmp/goreleaser_*.apk
chore(deps): bump golang from `0974259` to `c5eb6fe` (#5267) Bumps golang from `0974259` to `c5eb6fe`. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.23.3-alpine&new-version=1.23.3-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2024-11-14 05:05:44 +02:00			`FROM golang:1.23.3-alpine@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574`
Optimized Dockerfile layers and added fingerprint checking Layers are now cleaned up and ordered in a way to minimize breaking of the cache. Additional Docker key fingerprint checking has been added to ensure that we get the eky we are expecting from Docker website. 2018-11-27 16:49:25 +02:00
fix: convert docker images to Alpine (#884) This should signifficantly reduce the image size of the Docker images needed to use Goreleaser Resolves #882 2018-11-29 20:40:04 +02:00			`RUN apk add --no-cache bash \`
feat: use go 1.17 (#2408) * feat: use go 1.17 Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * fix: go mod tidy Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix failing test Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * ci: increase lint timeout Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * ci: increase lint timeout Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> 2021-08-25 01:49:11 +02:00			`curl \`
			`docker-cli \`
			`docker-cli-buildx \`
			`git \`
feat: adds gpg to Docker image for signing of artifacts (#2905) 2022-02-13 18:37:38 +02:00			`gpg \`
feat: use go 1.17 (#2408) * feat: use go 1.17 Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * fix: go mod tidy Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix failing test Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * ci: increase lint timeout Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * ci: increase lint timeout Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> 2021-08-25 01:49:11 +02:00			`mercurial \`
			`make \`
feat: adds openssh-client to docker images (#3077) closes #3076 Signed-off-by: Carlos A Becker <caarlos0@gmail.com> 2022-04-29 14:32:24 +02:00			`openssh-client \`
feat(docker): install tini to handle Ctrl+C (#2501) https://github.com/krallin/tini/issues/8 Signed-off-by: Artur Troian <troian.ap@gmail.com> 2021-09-22 03:17:42 +02:00			`build-base \`
feat: add upx to our docker images (#5131) I like to use the goreleaser for my private project and would like to have the binary scaled down with the UPX in the GitLab build pipeline. Therefore, it would be nice if the UPX tool is pre-installed in the Docker container. Signed-off-by: Andrej Giesbrecht <giesan@gmx.net> 2024-09-12 16:24:54 +02:00			`tini \`
			`upx`
Optimized Dockerfile layers and added fingerprint checking Layers are now cleaned up and ordered in a way to minimize breaking of the cache. Additional Docker key fingerprint checking has been added to ensure that we get the eky we are expecting from Docker website. 2018-11-27 16:49:25 +02:00
feat: add cosign tool in the goreleaser image (#2542) Signed-off-by: Carlos Panato <ctadeu@gmail.com> 2021-11-18 14:54:54 +02:00			`# install cosign`
point to GHCR instead of GCR for cosign container (#5176) This changes the Dockerfile to pull the cosign container image from GHCR instead of Google Cloud. This helps the Sigstore team manage their cloud spend (as GHCR is provided for free and Google Cloud Artifact Registry is not). Note the container hash does not change and images are posted to both locations upon cosign's release process. 2024-10-07 13:25:15 +02:00			`COPY --from=ghcr.io/sigstore/cosign/cosign:v2.4.0@sha256:9d50ceb15f023eda8f58032849eedc0216236d2e2f4cfe1cdf97c00ae7798cfe /ko-app/cosign /usr/bin/cosign`
feat: add cosign tool in the goreleaser image (#2542) Signed-off-by: Carlos Panato <ctadeu@gmail.com> 2021-11-18 14:54:54 +02:00
feat: adds syft to docker image (#4182) <!-- Hi, thanks for contributing! Please make sure you read our CONTRIBUTING guide. Also, add tests and the respective documentation changes as well. --> <!-- If applied, this commit will... --> As discussed in #4176, this PR adds syft to the Docker image. <!-- Why is this change being made? --> As mentioned in #4176, it simplifies CI when SBOM generation is needed. <!-- # Provide links to any relevant tickets, URLs or other resources --> I tried to test by running `task goreleaser` in my dev environment. The amd64 image has been built properly and syft is available: ``` docker run --rm -it --entrypoint="" goreleaser/goreleaser:v1.19.2-amd64 sh /go # syft --version syft 0.84.1 ``` However I couldn't test other platforms since I got unrelated errors when it tried to build the arm64 image. 2023-07-12 14:47:37 +02:00			`# install syft`
			`RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh \| sh -s -- -b /usr/local/bin`

feat(docker): install tini to handle Ctrl+C (#2501) https://github.com/krallin/tini/issues/8 Signed-off-by: Artur Troian <troian.ap@gmail.com> 2021-09-22 03:17:42 +02:00			`ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]`
feat: docker in docker support (#785) * feat: docker in docker support * fix: pr comments 2018-09-04 14:19:01 +02:00			`CMD [ "-h" ]`
Optimized Dockerfile layers and added fingerprint checking Layers are now cleaned up and ordered in a way to minimize breaking of the cache. Additional Docker key fingerprint checking has been added to ensure that we get the eky we are expecting from Docker website. 2018-11-27 16:49:25 +02:00
fix: improvements on docker extra_files 2018-12-16 15:11:01 +02:00			`COPY scripts/entrypoint.sh /entrypoint.sh`
Optimized Dockerfile layers and added fingerprint checking Layers are now cleaned up and ordered in a way to minimize breaking of the cache. Additional Docker key fingerprint checking has been added to ensure that we get the eky we are expecting from Docker website. 2018-11-27 16:49:25 +02:00			`RUN chmod +x /entrypoint.sh`
fix: improvements on docker extra_files 2018-12-16 15:11:01 +02:00
feat: allow to use nfpm packages in the docker pipe (#2003) * feat: copy nfpms to docker image too Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: wip Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * fix: logs Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fixes Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: improving Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * docs: deprecations and docker improvements Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * fix: revert .goreleaser.yml changes Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * docs: fix syntax Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * docs: fixed deprecation warnings Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: coverage Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: add one more test case Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2021-01-07 21:21:12 +02:00			`COPY goreleaser_*.apk /tmp/`
fix: apk add --no-cache (#2672) 2021-11-17 20:00:10 +02:00			`RUN apk add --no-cache --allow-untrusted /tmp/goreleaser_*.apk`