mirror of
https://github.com/goreleaser/goreleaser.git
synced 2025-01-16 03:52:12 +02:00
012cfc391c
This changes the Dockerfile to pull the cosign container image from GHCR instead of Google Cloud. This helps the Sigstore team manage their cloud spend (as GHCR is provided for free and Google Cloud Artifact Registry is not). Note the container hash does not change and images are posted to both locations upon cosign's release process.
30 lines
776 B
Docker
30 lines
776 B
Docker
FROM golang:1.23.2-alpine@sha256:9dd2625a1ff2859b8d8b01d8f7822c0f528942fe56cfe7a1e7c38d3b8d72d679
|
|
|
|
RUN apk add --no-cache bash \
|
|
curl \
|
|
docker-cli \
|
|
docker-cli-buildx \
|
|
git \
|
|
gpg \
|
|
mercurial \
|
|
make \
|
|
openssh-client \
|
|
build-base \
|
|
tini \
|
|
upx
|
|
|
|
# install cosign
|
|
COPY --from=ghcr.io/sigstore/cosign/cosign:v2.4.0@sha256:9d50ceb15f023eda8f58032849eedc0216236d2e2f4cfe1cdf97c00ae7798cfe /ko-app/cosign /usr/bin/cosign
|
|
|
|
# install syft
|
|
RUN curl -sSfL https://raw.githubusercontent.com/anchore/syft/v0.84.1/install.sh | sh -s -- -b /usr/local/bin
|
|
|
|
ENTRYPOINT ["/sbin/tini", "--", "/entrypoint.sh"]
|
|
CMD [ "-h" ]
|
|
|
|
COPY scripts/entrypoint.sh /entrypoint.sh
|
|
RUN chmod +x /entrypoint.sh
|
|
|
|
COPY goreleaser_*.apk /tmp/
|
|
RUN apk add --no-cache --allow-untrusted /tmp/goreleaser_*.apk
|