mirror of
https://github.com/external-secrets/external-secrets.git
synced 2024-12-14 11:57:59 +00:00
43b6c5eaad
The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6150717 - https://snyk.io/vuln/SNYK-PYTHON-PYYAML-590151 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5537286 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-5840803 - https://snyk.io/vuln/SNYK-PYTHON-TORNADO-6041512 Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
21 lines
865 B
Text
21 lines
865 B
Text
# This version of Dockerfile is for building without external dependencies.
|
|
# Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .`
|
|
FROM golang:1.21.6-alpine@sha256:fd78f2fb1e49bcf343079bbbb851c936a18fc694df993cbddaa24ace0cc724c5 AS builder
|
|
ARG TARGETOS
|
|
ARG TARGETARCH
|
|
ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH}
|
|
WORKDIR /app
|
|
# Avoid invalidating the `go mod download` cache when only code has changed.
|
|
COPY go.mod go.sum /app/
|
|
RUN go mod download
|
|
COPY . /app/
|
|
RUN go build -o external-secrets main.go
|
|
|
|
|
|
FROM gcr.io/distroless/static@sha256:9be3fcc6abeaf985b5ecce59451acbcbb15e7be39472320c538d0d55a0834edc AS app
|
|
COPY --from=builder /app/external-secrets /bin/external-secrets
|
|
|
|
# Run as UID for nobody
|
|
USER 65534
|
|
|
|
ENTRYPOINT ["/bin/external-secrets"]
|