mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2024-11-30 09:16:52 +02:00
ff03c43842
* Fix vulnerabilities on crypto, net and sys packages and change go version on Docker builder stage * Changelog related PR $1774 Co-authored-by: Felipe Bonvicini Conti <felipe.conti@totvs.com.br>
55 lines
2.1 KiB
Docker
55 lines
2.1 KiB
Docker
# This ARG has to be at the top, otherwise the docker daemon does not known what to do with FROM ${RUNTIME_IMAGE}
|
|
ARG RUNTIME_IMAGE=alpine:3.15
|
|
|
|
# All builds should be done using the platform native to the build node to allow
|
|
# cache sharing of the go mod download step.
|
|
# Go cross compilation is also faster than emulation the go compilation across
|
|
# multiple platforms.
|
|
FROM --platform=${BUILDPLATFORM} golang:1.18-buster AS builder
|
|
|
|
# Copy sources
|
|
WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
|
|
|
|
# Fetch dependencies
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
# Now pull in our code
|
|
COPY . .
|
|
|
|
# Arguments go here so that the previous steps can be cached if no external
|
|
# sources have changed.
|
|
ARG VERSION
|
|
ARG TARGETPLATFORM
|
|
ARG BUILDPLATFORM
|
|
|
|
# Build binary and make sure there is at least an empty key file.
|
|
# This is useful for GCP App Engine custom runtime builds, because
|
|
# you cannot use multiline variables in their app.yaml, so you have to
|
|
# build the key into the container and then tell it where it is
|
|
# by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
|
|
# in app.yaml instead.
|
|
# Set the cross compilation arguments based on the TARGETPLATFORM which is
|
|
# automatically set by the docker engine.
|
|
RUN case ${TARGETPLATFORM} in \
|
|
"linux/amd64") GOARCH=amd64 ;; \
|
|
# arm64 and arm64v8 are equivilant in go and do not require a goarm
|
|
# https://github.com/golang/go/wiki/GoArm
|
|
"linux/arm64" | "linux/arm64/v8") GOARCH=arm64 ;; \
|
|
"linux/ppc64le") GOARCH=ppc64le ;; \
|
|
"linux/arm/v6") GOARCH=arm GOARM=6 ;; \
|
|
esac && \
|
|
printf "Building OAuth2 Proxy for arch ${GOARCH}\n" && \
|
|
GOARCH=${GOARCH} VERSION=${VERSION} make build && touch jwt_signing_key.pem
|
|
|
|
# Copy binary to alpine
|
|
FROM ${RUNTIME_IMAGE}
|
|
COPY nsswitch.conf /etc/nsswitch.conf
|
|
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
|
|
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
|
|
|
|
# UID/GID 65532 is also known as nonroot user in distroless image
|
|
USER 65532:65532
|
|
|
|
ENTRYPOINT ["/bin/oauth2-proxy"]
|