mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2024-11-28 09:08:44 +02:00
308bcc06a4
Use simple USER directive. Using `addgroup` in final `arm` image when building on amd64 doesn't work. I must have made a mistake during cross build verification. Alternative is to use qemu-static but it's not worth it for this.
31 lines
1.1 KiB
Docker
31 lines
1.1 KiB
Docker
FROM golang:1.12-stretch AS builder
|
|
|
|
# Download tools
|
|
RUN wget -O $GOPATH/bin/dep https://github.com/golang/dep/releases/download/v0.5.0/dep-linux-amd64
|
|
RUN chmod +x $GOPATH/bin/dep
|
|
|
|
# Copy sources
|
|
WORKDIR $GOPATH/src/github.com/pusher/oauth2_proxy
|
|
COPY . .
|
|
|
|
# Fetch dependencies
|
|
RUN dep ensure --vendor-only
|
|
|
|
# Build binary and make sure there is at least an empty key file.
|
|
# This is useful for GCP App Engine custom runtime builds, because
|
|
# you cannot use multiline variables in their app.yaml, so you have to
|
|
# build the key into the container and then tell it where it is
|
|
# by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
|
|
# in app.yaml instead.
|
|
RUN ./configure && make build && touch jwt_signing_key.pem
|
|
|
|
# Copy binary to alpine
|
|
FROM alpine:3.8
|
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
|
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/oauth2_proxy /bin/oauth2_proxy
|
|
COPY --from=builder /go/src/github.com/pusher/oauth2_proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
|
|
|
|
USER 2000:2000
|
|
|
|
ENTRYPOINT ["/bin/oauth2_proxy"]
|