-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile.bins
39 lines (34 loc) · 1.75 KB
/
Dockerfile.bins
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
ARG BUILDKIT_SBOM_SCAN_CONTEXT=true
FROM goreleaser/nfpm@sha256:b842811abdab5c694f69f04683abaac8298086809d939e7e94a129ed596148fe AS nfpm
FROM --platform=$BUILDPLATFORM tonistiigi/xx@sha256:923441d7c25f1e2eb5789f82d987693c47b8ed987c4ab3b075d6ed2b5d6779a3 AS xx
ARG TARGETPLATFORM
FROM --platform=$BUILDPLATFORM rust:alpine@sha256:18be086bb0b8b45a04e6cb1a55863852cfdf81d7abed75ea588acb7f4aa6748e AS builder
ARG BUILDKIT_SBOM_SCAN_STAGE=true
RUN apk add clang lld openssl-dev curl bash
# copy xx scripts to your build stage
COPY --from=xx / /
ARG TARGETPLATFORM
ARG VER
ENV VER=$VER
COPY --from=nfpm "/usr/bin/nfpm" "/usr/bin/nfpm"
RUN xx-apk add --no-cache musl-dev zlib-dev zlib-static openssl-dev openssl-libs-static pkgconfig alpine-sdk
WORKDIR /app
RUN cargo new --lib whatismyip
WORKDIR /app/whatismyip
COPY Cargo.toml ./Cargo.toml
COPY Cargo.lock ./Cargo.lock
RUN xx-cargo build --release --target-dir ./build
COPY . ./
RUN xx-cargo build --release --target-dir ./build && \
xx-verify --static "./build/$(xx-cargo --print-target-triple)/release/whatismyip" && \
cp -v "./build/$(xx-cargo --print-target-triple)/release/whatismyip" "./whatismyip"
COPY nfpm.yaml nfpm.yaml
RUN mkdir /PACKS && \
GOARCH="$(xx-info arch)" GOOS="$(xx-info os)" nfpm pkg --packager archlinux --config="nfpm.yaml" --target="/PACKS" && \
GOARCH="$(xx-info arch)" GOOS="$(xx-info os)" nfpm pkg --packager rpm --config="nfpm.yaml" --target="/PACKS" && \
GOARCH="$(xx-info arch)" GOOS="$(xx-info os)" nfpm pkg --packager apk --config="nfpm.yaml" --target="/PACKS" && \
GOARCH="$(xx-info arch)" GOOS="$(xx-info os)" nfpm pkg --packager deb --config="nfpm.yaml" --target="/PACKS"
FROM scratch
USER nonroot
COPY --from=builder /PACKS .
COPY --from=builder /app/whatismyip/whatismyip .