htvend/Dockerfile.githubaction at main · continusec/htvend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# first, build the binaries we need
FROM library/golang:1.25-trixie AS builder

# add dependencies required by buildah for building
RUN apt-get update -y && \
    apt-get install -y --no-install-recommends \
        libgpgme-dev \
        libseccomp-dev && \
    rm -rf /var/lib/apt/lists/* && \
    mkdir /go/src/buildah /go/src/htvend

# pull in our buildah branch (until the PRs are merged)
ADD https://api.github.com/repos/aeijdenberg/buildah/tarball/continusecbuild /buildah.tar.gz

# pull in htvend source
ADD . /go/src/htvend

# untar and build
RUN tar -C /go/src/buildah --strip-components=1 -zxf /buildah.tar.gz && \
    make -C /go/src/buildah GIT_COMMIT=continusecbuild bin/buildah && \
    make -C /go/src/htvend all && \
    mkdir /result && \
    mv /go/src/buildah/bin/buildah /result/patched-buildah && \
    mv \
        /go/src/htvend/target/build-img-with-proxy \
        /go/src/htvend/target/htvend \
        /result/

# now copy into final image
FROM library/debian:trixie-slim

# install some base packages we need and normal podman/buildah configs
RUN apt-get update -y && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
        ca-certificates \
        fuse-overlayfs \
        libgpgme11 \
        netavark \
        runc && \
    rm -rf /var/lib/apt/lists/* && \
    usermod --add-subuids 1-65535 --add-subgids 1-65535 root && \
    mkdir /etc/containers && \
    echo 'unqualified-search-registries = ["docker.io"]' > /etc/containers/registries.conf && \
    echo '{"default":[{"type":"insecureAcceptAnything"}]}' > /etc/containers/policy.json

# then copy in our binaries
COPY --from=builder /result/* /usr/local/bin/

ENTRYPOINT ["/usr/local/bin/htvend"]

LABEL org.opencontainers.image.source=https://github.com/continusec/htvend

ENV BUILDAH_ISOLATION=chroot