From 6d59041daa8022118612e9e51e715d0092d8fb6c Mon Sep 17 00:00:00 2001 From: Rolf Neugebauer Date: Mon, 29 May 2017 16:29:38 +0100 Subject: [PATCH] pkg: Update the metadata package to multi-stage build and alpine base - Use the alpine base to compile the go program - Use a multi-stage build Signed-off-by: Rolf Neugebauer --- pkg/metadata/Dockerfile | 14 +++++++++++- pkg/metadata/Makefile | 48 ++++++++--------------------------------- 2 files changed, 22 insertions(+), 40 deletions(-) diff --git a/pkg/metadata/Dockerfile b/pkg/metadata/Dockerfile index de08c5b07..719e17681 100644 --- a/pkg/metadata/Dockerfile +++ b/pkg/metadata/Dockerfile @@ -1,3 +1,15 @@ +FROM linuxkit/alpine:451603daf499e3a40308dbf5571dcffed2343ffa AS mirror + +RUN apk add --no-cache go musl-dev +ENV GOPATH=/go PATH=$PATH:/go/bin + +COPY . /go/src/metadata/ +RUN go-compile.sh /go/src/metadata + FROM scratch -COPY . ./ +ENTRYPOINT [] +CMD [] +WORKDIR / +COPY --from=mirror /go/bin/metadata /usr/bin/metadata CMD ["/usr/bin/metadata"] +LABEL org.mobyproject.config='{"net": "host", "binds": ["/dev:/dev", "/var:/var", "/tmp/etc/resolv.conf:/etc/resolv.conf"], "capabilities": ["CAP_SYS_ADMIN"]}' diff --git a/pkg/metadata/Makefile b/pkg/metadata/Makefile index c1936a135..5cbad34a9 100644 --- a/pkg/metadata/Makefile +++ b/pkg/metadata/Makefile @@ -1,45 +1,15 @@ -GO_COMPILE=linuxkit/go-compile:4513068d9a7e919e4ec42e2d7ee879ff5b95b7f5@sha256:bdfadbe3e4ec699ca45b67453662321ec270f2d1a1dbdbf09625776d3ebd68c5 - -SHA_IMAGE=alpine:3.5@sha256:dfbd4a3a8ebca874ebd2474f044a0b33600d4523d03b0df76e5c5986cb02d7e8 - -METADATA_BINARY=usr/bin/metadata +.PHONY: tag push +default: push ORG?=linuxkit IMAGE=metadata +DEPS=Dockerfile Makefile $(wildcard *.go) -.PHONY: tag push clean container -default: push +HASH?=$(shell git ls-tree HEAD -- ../$(notdir $(CURDIR)) | awk '{print $$3}') -$(METADATA_BINARY): $(wildcard *.go) Makefile - mkdir -p $(dir $@) - tar cf - $^ | docker run --rm --net=none --log-driver=none -i $(GO_COMPILE) -o $@ | tar xf - +tag: $(DEPS) + docker build --squash --no-cache --network=none -t $(ORG)/$(IMAGE):$(HASH) . -DIRS=dev proc sys -$(DIRS): - mkdir -p $@ - -DEPS=$(DIRS) $(METADATA_BINARY) - -container: Dockerfile $(DEPS) - tar cf - $^ | docker build --no-cache -t $(IMAGE):build - - -hash: Dockerfile $(DEPS) - find $^ -type f | xargs cat | docker run --rm -i $(SHA_IMAGE) sha1sum - | sed 's/ .*//' > hash - -push: hash container - DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(shell cat hash) || \ - (docker tag $(IMAGE):build $(ORG)/$(IMAGE):$(shell cat hash) && \ - DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(shell cat hash)) - docker rmi $(IMAGE):build - rm -f hash - -tag: hash container - docker pull $(ORG)/$(IMAGE):$(shell cat hash) || \ - docker tag $(IMAGE):build $(ORG)/$(IMAGE):$(shell cat hash) - docker rmi $(IMAGE):build - rm -f hash - -clean: - rm -rf hash $(DIRS) usr - -.DELETE_ON_ERROR: +push: tag + DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(HASH) || \ + DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(HASH)