diff --git a/Dockerfile b/Dockerfile index 5ff46747..44b580ef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -25,7 +25,7 @@ RUN echo '{\n\ # --- # Stage 2: Final image with nothing but certs, binary, and default config file # --- -FROM scratch AS final +FROM gcr.io/distroless/base AS final ARG OS ARG ARCH COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt diff --git a/Dockerfile-conformance b/Dockerfile-conformance index 9c8e42cb..0d89a180 100644 --- a/Dockerfile-conformance +++ b/Dockerfile-conformance @@ -20,7 +20,7 @@ storage:\n\ # --- # Stage 2: Final image with nothing but certs, binary, and default config file # --- -FROM scratch AS final +FROM gcr.io/distroless/base AS final COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=builder /go/src/github.com/project-zot/zot/bin/zot-linux-amd64 /usr/bin/zot COPY --from=builder /go/src/github.com/project-zot/zot/config.yml /etc/zot/config.yml diff --git a/Dockerfile-minimal b/Dockerfile-minimal index 862a1a5a..fbd7b428 100644 --- a/Dockerfile-minimal +++ b/Dockerfile-minimal @@ -25,7 +25,7 @@ RUN echo '{\n\ # --- # Stage 2: Final image with nothing but certs, binary, and default config file # --- -FROM scratch AS final +FROM gcr.io/distroless/base AS final ARG OS ARG ARCH COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt diff --git a/Dockerfile-zb b/Dockerfile-zb index 235c8eb8..7e721744 100644 --- a/Dockerfile-zb +++ b/Dockerfile-zb @@ -13,7 +13,7 @@ RUN make COMMIT=$COMMIT OS=$OS ARCH=$ARCH clean bench # --- # Stage 2: Final image with nothing but certs, binary, and default config file # --- -FROM scratch AS final +FROM gcr.io/distroless/base AS final ARG OS ARG ARCH COPY --from=builder /go/src/github.com/project-zot/zot/bin/zb-$OS-$ARCH /usr/bin/zb diff --git a/Dockerfile-zxp b/Dockerfile-zxp index c26394d2..e3fb6ca7 100644 --- a/Dockerfile-zxp +++ b/Dockerfile-zxp @@ -26,7 +26,7 @@ RUN echo '{\n\ # --- # Stage 2: Final image with nothing but binary and default config file # --- -FROM scratch AS final +FROM gcr.io/distroless/base AS final ARG OS ARG ARCH COPY --from=builder /go/src/github.com/project-zot/zot/bin/zxp-$OS-$ARCH /zxp diff --git a/Makefile b/Makefile index e215c97b..dbadaf0a 100644 --- a/Makefile +++ b/Makefile @@ -24,27 +24,27 @@ modcheck: .PHONY: binary-debug binary-debug: modcheck swagger - env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH)-debug -tags extended,containers_image_openpgp -v -gcflags all='-N -l' -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=extended -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION}" ./cmd/zot + env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH)-debug -buildmode=pie -tags extended,containers_image_openpgp -v -gcflags all='-N -l' -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=extended -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION}" ./cmd/zot .PHONY: binary-minimal binary-minimal: modcheck swagger - env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH)-minimal -tags minimal,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=minimal -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zot + env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH)-minimal -buildmode=pie -tags minimal,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=minimal -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zot .PHONY: binary binary: modcheck swagger - env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH) -tags extended,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=extended -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zot + env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zot-$(OS)-$(ARCH) -buildmode=pie -tags extended,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=extended -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zot .PHONY: cli cli: modcheck - env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zli-$(OS)-$(ARCH) -tags extended,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=extended -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zli + env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zli-$(OS)-$(ARCH) -buildmode=pie -tags extended,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=extended -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zli .PHONY: bench bench: modcheck - env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zb-$(OS)-$(ARCH) -tags extended,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=extended -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zb + env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zb-$(OS)-$(ARCH) -buildmode=pie -tags extended,containers_image_openpgp -v -trimpath -ldflags "-X zotregistry.io/zot/pkg/api/config.Commit=${COMMIT} -X zotregistry.io/zot/pkg/api/config.BinaryType=extended -X zotregistry.io/zot/pkg/api/config.GoVersion=${GO_VERSION} -s -w" ./cmd/zb .PHONY: exporter-minimal exporter-minimal: modcheck - env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zxp-$(OS)-$(ARCH) -tags minimal,containers_image_openpgp -v -trimpath ./cmd/zxp + env CGO_ENABLED=0 GOOS=$(OS) GOARCH=$(ARCH) go build -o bin/zxp-$(OS)-$(ARCH) -buildmode=pie -tags minimal,containers_image_openpgp -v -trimpath ./cmd/zxp .PHONY: test test: check-skopeo $(NOTATION)