-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathContainerfile
More file actions
66 lines (48 loc) · 1.69 KB
/
Containerfile
File metadata and controls
66 lines (48 loc) · 1.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
FROM registry.access.redhat.com/ubi9/ubi-micro:latest AS ubi-micro-base
FROM registry.access.redhat.com/ubi9/ubi:latest AS package_installer
COPY --from=ubi-micro-base / /out/
RUN dnf install -y \
--installroot=/out/ \
--releasever=9 \
--setopt=install_weak_deps=False \
--nodocs \
ca-certificates \
crypto-policies-scripts \
gzip \
less \
openssl-libs \
tar && \
dnf clean all --installroot=/out/ && \
rm -rf /out/var/cache/dnf /out/var/cache/yum
FROM quay.io/centos/centos:stream9 AS builder
ARG RUST_VERSION=stable
RUN dnf install --enablerepo=crb -y \
clang \
libbpf-devel \
openssl-devel \
protobuf-compiler \
protobuf-devel && \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
sh -s -- -y --default-toolchain $RUST_VERSION --profile minimal
ENV PATH=/root/.cargo/bin:${PATH}
WORKDIR /app
COPY . .
FROM builder AS build
ARG FACT_VERSION
RUN --mount=type=cache,target=/root/.cargo/registry \
--mount=type=cache,target=/app/target \
cargo build --release && \
cp target/release/fact fact
FROM ubi-micro-base
ARG FACT_VERSION
LABEL name="fact" \
vendor="StackRox" \
maintainer="support@stackrox.com" \
summary="File activity data collection for the StackRox Kubernetes Security Platform" \
description="This image supports file activity data collection in the StackRox Kubernetes Security Platform." \
io.stackrox.fact.version="${FACT_VERSION}"
COPY --from=package_installer /out/ /
COPY --from=build /app/fact /usr/local/bin
COPY LICENSE-APACHE LICENSE-MIT LICENSE-GPL2 /licenses/
RUN update-crypto-policies --set DEFAULT:PQ
ENTRYPOINT ["fact"]