docker.scan-cli-plugin/Dockerfile at main · docker-archive-public/docker.scan-cli-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# syntax=docker/dockerfile:experimental


#   Copyright 2020 Docker Inc.

#   Licensed under the Apache License, Version 2.0 (the "License");
#   you may not use this file except in compliance with the License.
#   You may obtain a copy of the License at

#       http://www.apache.org/licenses/LICENSE-2.0

#   Unless required by applicable law or agreed to in writing, software
#   distributed under the License is distributed on an "AS IS" BASIS,
#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#   See the License for the specific language governing permissions and
#   limitations under the License.


ARG GO_VERSION=1.19
ARG CLI_VERSION=19.03.9
ARG ALPINE_VERSION=3.14.2
ARG GOLANGCI_LINT_VERSION=v1.51.1-alpine

####
# BUILDER
####
FROM --platform=${BUILDPLATFORM} golang:${GO_VERSION} AS builder
WORKDIR /go/src/github.com/docker/scan-cli-plugin

# cache go vendoring
COPY go.* ./
RUN --mount=type=cache,target=/root/.cache/go-build \
    go mod download
COPY . .

####
# LINT-BASE
####
FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION} AS lint-base

####
# LINT
####
FROM builder AS lint
ENV CGO_ENABLED=0
COPY --from=lint-base /usr/bin/golangci-lint /usr/bin/golangci-lint
RUN --mount=type=cache,target=/root/.cache/go-build \
    --mount=type=cache,target=/root/.cache/golangci-lint \
    make -f builder.Makefile lint

####
# CHECK GO MOD
####
FROM builder AS check-go-mod
RUN scripts/validate/check-go-mod

####
# BUILD
####
FROM builder AS build
ARG TARGETOS
ARG TARGETARCH
RUN --mount=type=cache,target=/root/.cache/go-build \
    GOOS=${TARGETOS} \
    GOARCH=${TARGETARCH} \
    make -f builder.Makefile build

####
# SCAN
####
FROM scratch AS scan
COPY --from=build /go/src/github.com/docker/scan-cli-plugin/bin/docker-scan_* /

####
# CROSS_BUILD
####
FROM builder AS cross-build
ARG TAG_NAME
ENV TAG_NAME=$TAG_NAME
RUN --mount=type=cache,target=/root/.cache/go-build \
    make -f builder.Makefile cross

####
# CROSS
####
FROM scratch AS cross
COPY --from=cross-build /go/src/github.com/docker/scan-cli-plugin/dist /

####
# GOTESTSUM
####
FROM alpine:${ALPINE_VERSION} AS gotestsum
ARG GOTESTSUM_VERSION=0.5.2

RUN apk add -U --no-cache wget tar
# install gotestsum
WORKDIR /root
RUN wget https://github.com/gotestyourself/gotestsum/releases/download/v${GOTESTSUM_VERSION}/gotestsum_${GOTESTSUM_VERSION}_linux_amd64.tar.gz -nv -O - | tar -xz

####
# TEST-UNIT
####
FROM builder AS test-unit
ARG TAG_NAME
ENV TAG_NAME=$TAG_NAME

# install docker-scan plugin
COPY --from=gotestsum /root/gotestsum /usr/local/bin/gotestsum
CMD ["make", "-f", "builder.Makefile", "test-unit"]

####
# CLI
####
FROM docker:${CLI_VERSION} AS cli

####
# DOWNLOAD
####
FROM golang:${GO_VERSION} AS download
COPY builder.Makefile vars.mk ./
RUN make -f builder.Makefile download

####
# E2E
####
FROM builder AS e2e
ARG TARGETOS
ARG TARGETARCH
ARG TAG_NAME
ENV TAG_NAME=$TAG_NAME
ENV DOCKER_CONFIG="/root/.docker"

# install snyk binaries
COPY --from=download /go/docker-config docker-config/
COPY --from=download /go/bin/gotestsum /usr/local/bin/gotestsum
# install docker CLI
COPY --from=cli /usr/local/bin/docker /usr/local/bin/docker
# install docker-scan plugin
COPY --from=cross-build /go/src/github.com/docker/scan-cli-plugin/dist/docker-scan_${TARGETOS}_${TARGETARCH} ./bin/docker-scan_${TARGETOS}_${TARGETARCH}
RUN chmod +x ./bin/docker-scan_${TARGETOS}_${TARGETARCH}
CMD ["make", "-f", "builder.Makefile", "e2e"]