From 0011eb5eadf6853644ed97ffe7cb282e7ae289c4 Mon Sep 17 00:00:00 2001 From: Leke Ariyo Date: Tue, 14 Nov 2023 17:37:31 +0000 Subject: [PATCH] optimize: Simplify and clean up Dockerfile (#8244) Signed-off-by: leke-ariyo --- Dockerfile.dapper | 86 ++++++++++++++++++++++++----------------------- 1 file changed, 44 insertions(+), 42 deletions(-) diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 871f49e05d46..01cd48a3d45b 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -1,63 +1,65 @@ ARG GOLANG=golang:1.20.10-alpine3.18 FROM ${GOLANG} -ARG http_proxy=$http_proxy -ARG https_proxy=$https_proxy -ARG no_proxy=$no_proxy -ENV http_proxy=$http_proxy -ENV https_proxy=$https_proxy -ENV no_proxy=$no_proxy +# Set proxy environment variables +ARG http_proxy +ARG https_proxy +ARG no_proxy +ENV http_proxy=${http_proxy} \ + https_proxy=${https_proxy} \ + no_proxy=${no_proxy} -RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget ca-certificates jq linux-headers \ - zlib-dev tar zip squashfs-tools npm coreutils python3 py3-pip openssl-dev libffi-dev libseccomp libseccomp-dev \ - libseccomp-static make libuv-static sqlite-dev sqlite-static libselinux libselinux-dev zlib-dev zlib-static \ - zstd pigz alpine-sdk binutils-gold btrfs-progs-dev btrfs-progs-static gawk yq \ - && \ - if [ "$(go env GOARCH)" = "amd64" ]; then \ - apk -U --no-cache add mingw-w64-gcc; \ - fi +# Install necessary packages +RUN apk -U --no-cache add \ + bash git gcc musl-dev docker vim less file curl wget ca-certificates jq linux-headers \ + zlib-dev tar zip squashfs-tools npm coreutils python3 py3-pip openssl-dev libffi-dev libseccomp \ + libseccomp-dev libseccomp-static make libuv-static sqlite-dev sqlite-static libselinux \ + libselinux-dev zlib-dev zlib-static zstd pigz alpine-sdk binutils-gold btrfs-progs-dev \ + btrfs-progs-static gawk yq \ + && [ "$(go env GOARCH)" = "amd64" ] && apk -U --no-cache add mingw-w64-gcc || true +# Install AWS CLI RUN python3 -m pip install awscli -RUN TRIVY_VERSION="0.46.1" && \ - if [ "$(go env GOARCH)" != "arm" ] && [ "$(go env GOARCH)" != "386" ]; then \ - if [ "$(go env GOARCH)" = "arm64" ]; then \ - # Turn arm64 into uppercase ARM64 for Trivy's download - TRIVY_ARCH=$(go env GOARCH | tr "[:lower:]" "[:upper:]") && \ - wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \ - tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" && \ - mv trivy /usr/local/bin; \ - elif [ "$(go env GOARCH)" = "amd64" ]; then \ - wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \ - tar -zxvf "trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" && \ - mv trivy /usr/local/bin; \ - elif [ "$(go env GOARCH)" = "s390x" ]; then \ - wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \ - tar -zxvf "trivy_${TRIVY_VERSION}_Linux-s390x.tar.gz" && \ - mv trivy /usr/local/bin; \ - fi \ +# Install Trivy +ENV TRIVY_VERSION="0.46.1" +RUN case "$(go env GOARCH)" in \ + arm64) TRIVY_ARCH="ARM64" ;; \ + amd64) TRIVY_ARCH="64bit" ;; \ + s390x) TRIVY_ARCH="s390x" ;; \ + *) TRIVY_ARCH="" ;; \ + esac +RUN if [ -n "${TRIVY_ARCH}" ]; then \ + wget --no-verbose "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" \ + && tar -zxvf "trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz" \ + && mv trivy /usr/local/bin; \ fi -# this works for both go 1.17 and 1.18 +# Install goimports RUN GOPROXY=direct go install golang.org/x/tools/cmd/goimports@gopls/v0.11.0 + +# Cleanup RUN rm -rf /go/src /go/pkg +# Install golangci-lint for amd64 RUN if [ "$(go env GOARCH)" = "amd64" ]; then \ curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2; \ fi - + +# Set SELINUX environment variable ARG SELINUX=true -ENV SELINUX $SELINUX +ENV SELINUX=${SELINUX} -ENV DAPPER_RUN_ARGS --privileged -v k3s-cache:/go/src/github.com/k3s-io/k3s/.cache -v trivy-cache:/root/.cache/trivy -ENV DAPPER_ENV REPO TAG DRONE_TAG IMAGE_NAME SKIP_VALIDATE SKIP_IMAGE SKIP_AIRGAP AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID GITHUB_TOKEN GOLANG GOCOVER DEBUG -ENV DAPPER_SOURCE /go/src/github.com/k3s-io/k3s/ -ENV DAPPER_OUTPUT ./bin ./dist ./build/out ./build/static ./pkg/static ./pkg/deploy +# Set Dapper configuration variables +ENV DAPPER_RUN_ARGS="--privileged -v k3s-cache:/go/src/github.com/k3s-io/k3s/.cache -v trivy-cache:/root/.cache/trivy" \ + DAPPER_ENV="REPO TAG DRONE_TAG IMAGE_NAME SKIP_VALIDATE SKIP_IMAGE SKIP_AIRGAP AWS_SECRET_ACCESS_KEY AWS_ACCESS_KEY_ID GITHUB_TOKEN GOLANG GOCOVER DEBUG" \ + DAPPER_SOURCE="/go/src/github.com/k3s-io/k3s/" \ + DAPPER_OUTPUT="./bin ./dist ./build/out ./build/static ./pkg/static ./pkg/deploy" \ + DAPPER_DOCKER_SOCKET=true \ + HOME=${DAPPER_SOURCE} \ + CROSS=true \ + STATIC_BUILD=true -ENV DAPPER_DOCKER_SOCKET true -ENV HOME ${DAPPER_SOURCE} -ENV CROSS true -ENV STATIC_BUILD true WORKDIR ${DAPPER_SOURCE} ENTRYPOINT ["./scripts/entry.sh"]