refactor: dockerfile (#43)

* make builder stage aligned with image builds in vmclarity * pin yara version to avoid compatibility issues
openclarity · Feb 22, 2024 · 74294ad · 74294ad
1 parent 3081b4a
commit 74294ad
Showing 1 changed file with 24 additions and 7 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,21 @@
-# syntax=docker/dockerfile:1
+# syntax=docker/dockerfile:1@sha256:ac85f380a63b13dfcefa89046420e1781752bab202122f8f50032edf31be0021
 
-FROM golang:1.22.0-alpine AS builder
+FROM --platform=$BUILDPLATFORM golang:1.22.0-bullseye@sha256:0c099cf97c6162ceab8c9494c4ce8c2a19a73b852f334ec1876a42d05eb5f90b AS builder
 
-RUN apk add --update --no-cache gcc g++ git ca-certificates build-base
+ARG TARGETPLATFORM
+
+RUN --mount=type=cache,id=${TARGETPLATFORM}-apt,target=/var/cache/apt,sharing=locked \
+    apt-get update \
+    && apt-get install -y --no-install-recommends \
+      gcc \
+      libc6-dev
+
+WORKDIR /build
+
+RUN --mount=type=cache,target=/go/pkg/mod \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=bind,source=.,target=/build,ro \
+    go mod download -x
 
 ARG VERSION
 ARG BUILD_TIMESTAMP
@@ -16,16 +29,20 @@ RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
     --mount=type=bind,source=.,target=/build,ro \
     GOOS=${TARGETOS} GOARCH=${TARGETARCH} CGO_ENABLED=0 \
-    go build \
-    -ldflags="-s -w \
+    go build -ldflags="-s -w -extldflags -static \
         -X 'github.com/openclarity/yara-rule-server/pkg/version.Version=${VERSION}' \
         -X 'github.com/openclarity/yara-rule-server/pkg/version.CommitHash=${COMMIT_HASH}' \
         -X 'github.com/openclarity/yara-rule-server/pkg/version.BuildTimestamp=${BUILD_TIMESTAMP}'" \
     -o /bin/yara-rule-server main.go
 
-FROM alpine:3.19
+FROM alpine:3.19@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b
+
+RUN apk add --update --no-cache \
+    util-linux \
+    ca-certificates \
+    libc6-compat
 
-RUN apk --no-cache add util-linux yara ca-certificates
+RUN apk --no-cache add  --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community yara=4.5.0-r0
 
 COPY --from=builder --chmod=755 /bin/yara-rule-server /bin/yara-rule-server
 COPY --link --chmod=644 config.example.yaml /etc/yara-rule-server/config.yaml