mirrors/at-container-registry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
at-container-registry/Dockerfile.scanner

54 lines
1.7 KiB
Docker
Raw Permalink Blame History

FROM docker.io/golang:1.25.7-trixie AS builder
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
apt-get install -y --no-install-recommends sqlite3 libsqlite3-dev && \
rm -rf /var/lib/apt/lists/*
WORKDIR /build
# Disable workspace mode — go.work references modules not in the Docker context
ENV GOWORK=off
# Copy module definitions first for layer caching
COPY go.mod go.sum ./
COPY scanner/go.mod scanner/go.sum ./scanner/
RUN cd scanner && go mod download
# Copy full source
COPY . .
RUN cd scanner && CGO_ENABLED=1 go build \
-ldflags="-s -w -linkmode external -extldflags '-static'" \
-trimpath \
-o /build/atcr-scanner ./cmd/scanner
# ==========================================
# Stage 2: Minimal FROM scratch runtime
# ==========================================
FROM scratch
# Copy CA certificates for HTTPS (presigned URL downloads)
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy timezone data for timestamp formatting
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
# Copy binary
COPY --from=builder /build/atcr-scanner /atcr-scanner
# Expose health endpoint port
EXPOSE 9090
# OCI image annotations
LABEL org.opencontainers.image.title="ATCR Scanner" \
org.opencontainers.image.description="ATCR Scanner - container image vulnerability scanner with Syft and Grype" \
org.opencontainers.image.authors="ATCR Contributors" \
org.opencontainers.image.source="https://tangled.org/evan.jarrett.net/at-container-registry" \
org.opencontainers.image.documentation="https://tangled.org/evan.jarrett.net/at-container-registry" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.version="0.1.0"
ENTRYPOINT ["/atcr-scanner"]
CMD ["serve"]
Reference in New Issue View Git Blame Copy Permalink