github.com/zntrio/harp/v2@v2.0.9/Dockerfile (about) 1 ARG VERSION=0.2.8 2 3 FROM alpine:3@sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454 as downloader 4 5 ARG VERSION 6 ARG TARGETPLATFORM 7 8 WORKDIR /tmp 9 10 # install cosign 11 COPY --from=gcr.io/projectsigstore/cosign:v1.8.0@sha256:12b4d428529654c95a7550a936cbb5c6fe93a046ea7454676cb6fb0ce566d78c /ko-app/cosign /usr/local/bin/cosign 12 13 RUN \ 14 case ${TARGETPLATFORM} in \ 15 "linux/amd64") DOWNLOAD_ARCH="linux-amd64" ;; \ 16 "linux/arm64") DOWNLOAD_ARCH="linux-arm64" ;; \ 17 esac && \ 18 apk add --no-cache curl upx && \ 19 curl -sLO https://github.com/zntrio/harp/releases/download/v${VERSION}/harp-${DOWNLOAD_ARCH}.tar.gz && \ 20 curl -sLO https://github.com/zntrio/harp/releases/download/v${VERSION}/harp-${DOWNLOAD_ARCH}.tar.gz.sig && \ 21 curl -sLO https://raw.githubusercontent.com/zntrio/harp/v${VERSION}/build/artifact/cosign.pub && \ 22 cosign verify-blob --key /tmp/cosign.pub --signature harp-${DOWNLOAD_ARCH}.tar.gz.sig harp-${DOWNLOAD_ARCH}.tar.gz && \ 23 tar -vxf harp-${DOWNLOAD_ARCH}.tar.gz && \ 24 mv /tmp/harp-${DOWNLOAD_ARCH} /tmp/harp && \ 25 upx -9 /tmp/harp && \ 26 chmod +x /tmp/harp 27 28 FROM alpine:3@sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454 29 30 ARG VERSION 31 32 RUN apk update --no-cache && \ 33 apk add --no-cache ca-certificates && \ 34 rm -rf /var/cache/apk/* 35 36 RUN addgroup -S harp && adduser -S -G harp harp 37 38 COPY --from=downloader /tmp/harp /usr/bin/harp 39 40 USER harp 41 ENTRYPOINT [ "/usr/bin/harp" ]