summaryrefslogtreecommitdiff
path: root/Dockerfile
diff options
context:
space:
mode:
authormo khan <mo@mokhan.ca>2025-07-21 16:15:51 -0600
committermo khan <mo@mokhan.ca>2025-07-21 16:15:51 -0600
commita920a8cfe415858bb2777371a77018599ffed23f (patch)
treedd7dcf8e78ea554d071ad502f92b7908687daa3e /Dockerfile
parent16c27cd885b9c0d1241dfead3120643f0e8c556c (diff)
parent5f76ebe3b95b491a7a07ddb9dd5799735cf3e159 (diff)
Merge branch 'minit' into 'main'
Replace entrypoint.sh with a Procfile runner See merge request gitlab-org/software-supply-chain-security/authorization/sparkled!18
Diffstat (limited to 'Dockerfile')
-rw-r--r--Dockerfile45
1 files changed, 31 insertions, 14 deletions
diff --git a/Dockerfile b/Dockerfile
index ef47686..f0e5727 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,38 @@
# syntax=docker/dockerfile:1
-FROM golang:1.24.3 AS build
+# Build stage for getting Envoy binary
+FROM envoyproxy/envoy:v1.34-latest AS envoy-binary
+
+# Build stage for getting dumb-init
+FROM debian:bookworm-slim AS dumb-init-builder
+RUN apt-get update && apt-get install -y wget && \
+ wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x86_64 && \
+ chmod +x /usr/bin/dumb-init
+
+# Build stage for sparkle
+FROM golang:1.24-alpine AS build
ENV CGO_ENABLED=0
+RUN go install github.com/xlgmokha/minit@latest
WORKDIR /app
COPY . ./
RUN go build -o /bin/sparkled ./cmd/sparkled/main.go
RUN go build -o /bin/authzd ./cmd/authzd/main.go
-FROM envoyproxy/envoy:v1.34-latest
-EXPOSE 8080 9901 10000 10003
-RUN apt-get update && apt-get install -y dumb-init && rm -rf /var/lib/apt/lists/*
-WORKDIR /opt/sparkle/
-RUN mkdir -p bin etc public
-COPY --from=build /bin/authzd bin/authzd
-COPY --from=build /bin/sparkled bin/sparkled
-COPY --from=build /app/public public
-COPY etc/ etc
-COPY bin/*.sh bin/
-RUN chmod +x bin/*.sh
-ENTRYPOINT ["/usr/bin/dumb-init", "--"]
-CMD ["/opt/sparkle/bin/entrypoint.sh"]
+# Final stage
+FROM gcr.io/distroless/base-debian12:debug-nonroot
+EXPOSE 10000
+WORKDIR /
+USER root
+RUN ["/busybox/sh", "-c", "ln -s /busybox/sh /bin/sh"]
+USER nonroot
+COPY --from=envoy-binary /usr/local/bin/envoy /bin/envoy
+COPY --from=dumb-init-builder /usr/bin/dumb-init /bin/dumb-init
+COPY --from=build /app/Procfile /Procfile
+COPY --from=build /app/bin/envoy-shim /bin/envoy-shim
+COPY --from=build /app/etc/envoy /etc/envoy
+COPY --from=build /app/public /public
+COPY --from=build /bin/authzd /bin/authzd
+COPY --from=build /bin/sparkled /bin/sparkled
+COPY --from=build /go/bin/minit /bin/minit
+
+ENTRYPOINT ["/bin/dumb-init", "--"]
+CMD ["/bin/minit"]
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-03 09:58:48 +0000