github.com/crowdsecurity/crowdsec@v1.6.1/Dockerfile

github.com/crowdsecurity/crowdsec@v1.6.1/Dockerfile (about)

     1  # vim: set ft=dockerfile:
     2  FROM golang:1.21.9-alpine3.18 AS build
     3  
     4  ARG BUILD_VERSION
     5  
     6  WORKDIR /go/src/crowdsec
     7  
     8  # We like to choose the release of re2 to use, and Alpine does not ship a static version anyway.
     9  ENV RE2_VERSION=2023-03-01
    10  ENV BUILD_VERSION=${BUILD_VERSION}
    11  
    12  # wizard.sh requires GNU coreutils
    13  RUN apk add --no-cache git g++ gcc libc-dev make bash gettext binutils-gold coreutils pkgconfig && \
    14      wget https://github.com/google/re2/archive/refs/tags/${RE2_VERSION}.tar.gz && \
    15      tar -xzf ${RE2_VERSION}.tar.gz && \
    16      cd re2-${RE2_VERSION} && \
    17      make install && \
    18      echo "githubciXXXXXXXXXXXXXXXXXXXXXXXX" > /etc/machine-id && \
    19      go install github.com/mikefarah/yq/v4@v4.40.4
    20  
    21  COPY . .
    22  
    23  RUN make clean release DOCKER_BUILD=1 BUILD_STATIC=1 && \
    24      cd crowdsec-v* && \
    25      ./wizard.sh --docker-mode && \
    26      cd - >/dev/null && \
    27      cscli hub update && \
    28      ./docker/preload-hub-items && \
    29      cscli collections install crowdsecurity/linux && \
    30      cscli parsers install crowdsecurity/whitelists
    31  
    32      # In case we need to remove agents here..
    33      # cscli machines list -o json | yq '.[].machineId' | xargs -r cscli machines delete
    34  
    35  FROM alpine:latest as slim
    36  
    37  RUN apk add --no-cache --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community tzdata bash rsync && \
    38      mkdir -p /staging/etc/crowdsec && \
    39      mkdir -p /staging/etc/crowdsec/acquis.d && \
    40      mkdir -p /staging/var/lib/crowdsec && \
    41      mkdir -p /var/lib/crowdsec/data
    42  
    43  COPY --from=build /go/bin/yq /usr/local/bin/crowdsec /usr/local/bin/cscli /usr/local/bin/
    44  COPY --from=build /etc/crowdsec /staging/etc/crowdsec
    45  COPY --from=build /go/src/crowdsec/docker/docker_start.sh /
    46  COPY --from=build /go/src/crowdsec/docker/config.yaml /staging/etc/crowdsec/config.yaml
    47  COPY --from=build /var/lib/crowdsec /staging/var/lib/crowdsec
    48  RUN yq -n '.url="http://0.0.0.0:8080"' | install -m 0600 /dev/stdin /staging/etc/crowdsec/local_api_credentials.yaml
    49  
    50  ENTRYPOINT /bin/bash /docker_start.sh
    51  
    52  FROM slim as full
    53  
    54  # Due to the wizard using cp -n, we have to copy the config files directly from the source as -n does not exist in busybox cp
    55  # The files are here for reference, as users will need to mount a new version to be actually able to use notifications
    56  COPY --from=build \
    57      /go/src/crowdsec/cmd/notification-email/email.yaml \
    58      /go/src/crowdsec/cmd/notification-http/http.yaml \
    59      /go/src/crowdsec/cmd/notification-slack/slack.yaml \
    60      /go/src/crowdsec/cmd/notification-splunk/splunk.yaml \
    61      /go/src/crowdsec/cmd/notification-sentinel/sentinel.yaml \
    62      /staging/etc/crowdsec/notifications/
    63  
    64  COPY --from=build /usr/local/lib/crowdsec/plugins /usr/local/lib/crowdsec/plugins