goreleaser/Dockerfile

FROM golang:1.20.6-alpine@sha256:7839c9f01b5502d7cb5198b2c032857023424470b3e31ae46a8261ffca72912a

RUN apk add --no-cache bash \
	curl \
	docker-cli \
	docker-cli-buildx \
	git \
	gpg \
	mercurial \
	make \
	openssh-client \
	build-base \
	tini

# install cosign
COPY --from=gcr.io/projectsigstore/cosign:v1.12.1@sha256:ac8e08a2141e093f4fd7d1d0b05448804eb3771b66574b13ad73e31b460af64d /ko-app/cosign /usr/bin/cosign

# install syft
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh | sh -s -- -b /usr/local/bin

ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
CMD [ "-h" ]

COPY scripts/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh

COPY goreleaser_*.apk /tmp/
RUN apk add --no-cache --allow-untrusted /tmp/goreleaser_*.apk
feat(deps): bump golang from `e959001` to `7839c9f` (#4189) Bumps golang from `e959001` to `7839c9f`. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.20.6-alpine&new-version=1.20.6-alpine)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2023-07-14 19:05:39 +02:00			`FROM golang:1.20.6-alpine@sha256:7839c9f01b5502d7cb5198b2c032857023424470b3e31ae46a8261ffca72912a`
Optimized Dockerfile layers and added fingerprint checking Layers are now cleaned up and ordered in a way to minimize breaking of the cache. Additional Docker key fingerprint checking has been added to ensure that we get the eky we are expecting from Docker website. 2018-11-27 16:49:25 +02:00
fix: convert docker images to Alpine (#884) This should signifficantly reduce the image size of the Docker images needed to use Goreleaser Resolves #882 2018-11-29 20:40:04 +02:00			`RUN apk add --no-cache bash \`
feat: use go 1.17 (#2408) * feat: use go 1.17 Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * fix: go mod tidy Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix failing test Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * ci: increase lint timeout Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * ci: increase lint timeout Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> 2021-08-25 01:49:11 +02:00			`curl \`
			`docker-cli \`
			`docker-cli-buildx \`
			`git \`
feat: adds gpg to Docker image for signing of artifacts (#2905) 2022-02-13 18:37:38 +02:00			`gpg \`
feat: use go 1.17 (#2408) * feat: use go 1.17 Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * fix: go mod tidy Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix failing test Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * ci: increase lint timeout Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * ci: increase lint timeout Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> 2021-08-25 01:49:11 +02:00			`mercurial \`
			`make \`
feat: adds openssh-client to docker images (#3077) closes #3076 Signed-off-by: Carlos A Becker <caarlos0@gmail.com> 2022-04-29 14:32:24 +02:00			`openssh-client \`
feat(docker): install tini to handle Ctrl+C (#2501) https://github.com/krallin/tini/issues/8 Signed-off-by: Artur Troian <troian.ap@gmail.com> 2021-09-22 03:17:42 +02:00			`build-base \`
			`tini`
Optimized Dockerfile layers and added fingerprint checking Layers are now cleaned up and ordered in a way to minimize breaking of the cache. Additional Docker key fingerprint checking has been added to ensure that we get the eky we are expecting from Docker website. 2018-11-27 16:49:25 +02:00
feat: add cosign tool in the goreleaser image (#2542) Signed-off-by: Carlos Panato <ctadeu@gmail.com> 2021-11-18 14:54:54 +02:00			`# install cosign`
fix: do not put binaries in /usr/local/bin (#3677) 2022-12-31 17:17:38 +02:00			`COPY --from=gcr.io/projectsigstore/cosign:v1.12.1@sha256:ac8e08a2141e093f4fd7d1d0b05448804eb3771b66574b13ad73e31b460af64d /ko-app/cosign /usr/bin/cosign`
feat: add cosign tool in the goreleaser image (#2542) Signed-off-by: Carlos Panato <ctadeu@gmail.com> 2021-11-18 14:54:54 +02:00
feat: adds syft to docker image (#4182) <!-- Hi, thanks for contributing! Please make sure you read our CONTRIBUTING guide. Also, add tests and the respective documentation changes as well. --> <!-- If applied, this commit will... --> As discussed in #4176, this PR adds syft to the Docker image. <!-- Why is this change being made? --> As mentioned in #4176, it simplifies CI when SBOM generation is needed. <!-- # Provide links to any relevant tickets, URLs or other resources --> I tried to test by running `task goreleaser` in my dev environment. The amd64 image has been built properly and syft is available: ``` docker run --rm -it --entrypoint="" goreleaser/goreleaser:v1.19.2-amd64 sh /go # syft --version syft 0.84.1 ``` However I couldn't test other platforms since I got unrelated errors when it tried to build the arm64 image. 2023-07-12 14:47:37 +02:00			`# install syft`
			`RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh \| sh -s -- -b /usr/local/bin`

feat(docker): install tini to handle Ctrl+C (#2501) https://github.com/krallin/tini/issues/8 Signed-off-by: Artur Troian <troian.ap@gmail.com> 2021-09-22 03:17:42 +02:00			`ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]`
feat: docker in docker support (#785) * feat: docker in docker support * fix: pr comments 2018-09-04 14:19:01 +02:00			`CMD [ "-h" ]`
Optimized Dockerfile layers and added fingerprint checking Layers are now cleaned up and ordered in a way to minimize breaking of the cache. Additional Docker key fingerprint checking has been added to ensure that we get the eky we are expecting from Docker website. 2018-11-27 16:49:25 +02:00
fix: improvements on docker extra_files 2018-12-16 15:11:01 +02:00			`COPY scripts/entrypoint.sh /entrypoint.sh`
Optimized Dockerfile layers and added fingerprint checking Layers are now cleaned up and ordered in a way to minimize breaking of the cache. Additional Docker key fingerprint checking has been added to ensure that we get the eky we are expecting from Docker website. 2018-11-27 16:49:25 +02:00			`RUN chmod +x /entrypoint.sh`
fix: improvements on docker extra_files 2018-12-16 15:11:01 +02:00
feat: allow to use nfpm packages in the docker pipe (#2003) * feat: copy nfpms to docker image too Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: wip Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * fix: logs Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fixes Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: improving Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * docs: deprecations and docker improvements Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * fix: revert .goreleaser.yml changes Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * docs: fix syntax Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * docs: fixed deprecation warnings Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: coverage Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: add one more test case Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> * test: fix Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com> Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> 2021-01-07 21:21:12 +02:00			`COPY goreleaser_*.apk /tmp/`
fix: apk add --no-cache (#2672) 2021-11-17 20:00:10 +02:00			`RUN apk add --no-cache --allow-untrusted /tmp/goreleaser_*.apk`