FROM golang:1.23.1-alpine@sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3dc451bda6aa5a87bc06 RUN apk add --no-cache bash \ curl \ docker-cli \ docker-cli-buildx \ git \ gpg \ mercurial \ make \ openssh-client \ build-base \ tini \ upx # install cosign COPY --from=gcr.io/projectsigstore/cosign:v2.4.0@sha256:9d50ceb15f023eda8f58032849eedc0216236d2e2f4cfe1cdf97c00ae7798cfe /ko-app/cosign /usr/bin/cosign # install syft RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh | sh -s -- -b /usr/local/bin ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"] CMD [ "-h" ] COPY scripts/entrypoint.sh /entrypoint.sh RUN chmod +x /entrypoint.sh COPY goreleaser_*.apk /tmp/ RUN apk add --no-cache --allow-untrusted /tmp/goreleaser_*.apk