github.com/zntrio/harp/v2@v2.0.9/Dockerfile

github.com/zntrio/harp/v2@v2.0.9/Dockerfile (about)

     1  ARG VERSION=0.2.8
     2  
     3  FROM alpine:3@sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454 as downloader
     4  
     5  ARG VERSION
     6  ARG TARGETPLATFORM
     7  
     8  WORKDIR /tmp
     9  
    10  # install cosign
    11  COPY --from=gcr.io/projectsigstore/cosign:v1.8.0@sha256:12b4d428529654c95a7550a936cbb5c6fe93a046ea7454676cb6fb0ce566d78c /ko-app/cosign /usr/local/bin/cosign
    12  
    13  RUN \
    14    case ${TARGETPLATFORM} in \
    15      "linux/amd64") DOWNLOAD_ARCH="linux-amd64"  ;; \
    16      "linux/arm64") DOWNLOAD_ARCH="linux-arm64"  ;; \
    17    esac && \
    18    apk add --no-cache curl upx && \
    19    curl -sLO https://github.com/zntrio/harp/releases/download/v${VERSION}/harp-${DOWNLOAD_ARCH}.tar.gz && \
    20    curl -sLO https://github.com/zntrio/harp/releases/download/v${VERSION}/harp-${DOWNLOAD_ARCH}.tar.gz.sig && \
    21    curl -sLO https://raw.githubusercontent.com/zntrio/harp/v${VERSION}/build/artifact/cosign.pub && \
    22    cosign verify-blob --key /tmp/cosign.pub --signature harp-${DOWNLOAD_ARCH}.tar.gz.sig harp-${DOWNLOAD_ARCH}.tar.gz && \
    23    tar -vxf harp-${DOWNLOAD_ARCH}.tar.gz && \
    24    mv /tmp/harp-${DOWNLOAD_ARCH} /tmp/harp && \
    25    upx -9 /tmp/harp && \
    26    chmod +x /tmp/harp
    27  
    28  FROM alpine:3@sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454
    29  
    30  ARG VERSION
    31  
    32  RUN apk update --no-cache && \
    33      apk add --no-cache ca-certificates && \
    34      rm -rf /var/cache/apk/*
    35  
    36  RUN addgroup -S harp && adduser -S -G harp harp
    37  
    38  COPY --from=downloader /tmp/harp /usr/bin/harp
    39  
    40  USER harp
    41  ENTRYPOINT [ "/usr/bin/harp" ]