ci: sw to multistage image build

telekom · Mar 27, 2023 · 0c901d6 · 0c901d6
1 parent 0116c29
commit 0c901d6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 33 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,18 +1,5 @@
-variables:
-  NO_PROXY: "$NO_PROXY,*.telekom.de"
-  BINARY_NAME: "cbot"
-  BINARY_PATH: "build/"
-  BINARY: "${BINARY_PATH}${BINARY_NAME}"
-
-default:
-  cache:
-    key: $CI_COMMIT_REF_SLUG
-    paths:
-      - ${BINARY_PATH}
-
 stages:
   - test
-  - pre-build
   - build
   - scan
   - push
@@ -21,15 +8,3 @@ stages:
 include:
   - project: caas/cicd_templates
     file: ci_general.yml
-
-binary_build:
-  stage: pre-build
-  image: dockerhub.devops.telekom.de/golang:1.19
-  script:
-    - go mod download
-    - CGO_ENABLED=0 go build -ldflags "-s -w" -o ${BINARY} .
-  rules:
-    - changes:
-        - "**/*.go"
-        - "**/go.mod"
-        - "Dockerfile"
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,11 @@
-FROM dockerhub.devops.telekom.de/alpine:3.16
-ADD ./build /app
+FROM cgr.dev/chainguard/go:latest as gobuild
 WORKDIR /app
-ARG user_id=1001
-RUN adduser -S $user_id -G root -u $user_id \
-  && chown -R $user_id:root /app
+ADD . .
+RUN go mod download
+RUN CGO_ENABLED=0 go build -ldflags "-s -w" -o canary .
 
-USER $user_id
-
-ENTRYPOINT ["/app/cbot"]
+FROM scratch
+COPY --from=gobuild /app/canary /canary
+COPY --from=gobuild /etc/passwd /etc/passwd
+USER 65532
+ENTRYPOINT ["/canary"]