-
Notifications
You must be signed in to change notification settings - Fork 34
/
Dockerfile
36 lines (29 loc) · 1.39 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
FROM golang:1.16.10-buster
EXPOSE 8000
ENV GODEBUG=x509ignoreCN=0
RUN addgroup --gid 10001 app \
&& \
adduser --gid 10001 --uid 10001 \
--home /app --shell /sbin/nologin \
--disabled-password app \
&& \
echo 'deb http://archive.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/buster-backports.list && \
apt update && \
apt -y upgrade && \
apt -y install libltdl-dev gpg libncurses5 devscripts && \
apt -y install -t buster-backports apksigner && \
apt-get clean
# fetch the RDS CA bundles
# https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesAllRegions
RUN curl -o /usr/local/share/old-rds-ca-bundle.pem https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem && \
curl -o /usr/local/share/new-rds-ca-bundle.pem https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem && \
cat /usr/local/share/old-rds-ca-bundle.pem /usr/local/share/new-rds-ca-bundle.pem > /usr/local/share/rds-combined-ca-bundle.pem
ADD . /app/src/autograph
ADD autograph.yaml /app
ADD version.json /app
RUN cd /app/src/autograph && go install .
RUN cd /app/src/autograph/tools/autograph-monitor && go build -o /go/bin/autograph-monitor .
RUN cd /app/src/autograph/tools/autograph-client && go build -o /go/bin/autograph-client .
USER app
WORKDIR /app
CMD /go/bin/autograph