Merge pull request #64 from interlynk-io/fix/docker-file

Review fixes
interlynk-io · Jul 6, 2024 · e0c8020 · e0c8020
2 parents 5857911 + 704af15
commit e0c8020
Show file tree

Hide file tree

Showing 6 changed files with 93,023 additions and 27 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,4 +1,4 @@
-name: Release| Build GHCR image
+name: Release | Build GHCR image
 on:
   release:
     types: [published]

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,4 +1,4 @@
-name: Release| Build Binary
+name: Release | Build Binary
 
 on:
   push:

diff --git a/.github/workflows/sbom_dev.yml b/.github/workflows/sbom_dev.yml
@@ -1,4 +1,4 @@
-name: Dev| Build SBOM
+name: Dev | Build SBOM
 
 on:
   push:

diff --git a/.github/workflows/sbom_release.yml b/.github/workflows/sbom_release.yml
@@ -1,22 +1,21 @@
-name: Release| Build SBOM
+name: Release | Build SBOM
 
 on:
   release:
     types: [published]
   workflow_dispatch:
 
 env:
-    TOOL_NAME: ${{ github.repository }}
-    SUPPLIER_NAME: Interlynk
-    SUPPLIER_URL: https://interlynk.io
-    DEFAULT_TAG: v0.0.1
-    PYLYNK_TEMP_DIR: $RUNNER_TEMP/pylynk
-    SBOM_TEMP_DIR: $RUNNER_TEMP/sbom
-    SBOM_ENV: production
-    MS_SBOM_TOOL_URL: https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
-    MS_SBOM_SBOM_PATH: $RUNNER_TEMP/sbom/_manifest/spdx_2.2/manifest.spdx.json
-    SBOM_EXCLUDE_DIRS: "**/samples/**"
-
+  TOOL_NAME: ${{ github.repository }}
+  SUPPLIER_NAME: Interlynk
+  SUPPLIER_URL: https://interlynk.io
+  DEFAULT_TAG: v0.0.1
+  PYLYNK_TEMP_DIR: $RUNNER_TEMP/pylynk
+  SBOM_TEMP_DIR: $RUNNER_TEMP/sbom
+  SBOM_ENV: production
+  MS_SBOM_TOOL_URL: https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64
+  MS_SBOM_SBOM_PATH: $RUNNER_TEMP/sbom/_manifest/spdx_2.2/manifest.spdx.json
+  SBOM_EXCLUDE_DIRS: "**/samples/**"
 
 jobs:
   build-sbom:
@@ -27,19 +26,18 @@ jobs:
       contents: write
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v3 
+        uses: actions/checkout@v3
         with:
-            fetch-depth: 0
+          fetch-depth: 0
 
       - name: Get Tag
         id: get_tag
         run: echo "LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo 'v0.0.1')" >> $GITHUB_ENV
 
-
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
-          python-version: '3.x'  # Specify the Python version needed
+          python-version: "3.x" # Specify the Python version needed
 
       - name: Checkout Python SBOM tool
         run: |
@@ -49,7 +47,7 @@ jobs:
           latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
           git checkout $latest_tag
           echo "Checked out pylynk at tag: $latest_tag"
-  
+
       - name: Install Python dependencies
         run: |
           cd ${{ env.PYLYNK_TEMP_DIR }}
@@ -64,7 +62,6 @@ jobs:
           chmod +x $RUNNER_TEMP/sbom-tool
           $RUNNER_TEMP/sbom-tool generate -b ${{ env.SBOM_TEMP_DIR }} -bc . -pn ${{ env.TOOL_NAME }} -pv ${{ env.LATEST_TAG }} -ps ${{ env.SUPPLIER_NAME}} -nsb ${{ env.SUPPLIER_URL }} -cd "--DirectoryExclusionList ${{ env.SBOM_EXCLUDE_DIRS }}"
 
-      - name: Upload SBOM 
+      - name: Upload SBOM
         run: |
           python3 ${{ env.PYLYNK_TEMP_DIR }}/pylynk.py --verbose upload --prod ${{env.TOOL_NAME}} --env ${{ env.SBOM_ENV }} --sbom ${{ env.MS_SBOM_SBOM_PATH }} --token ${{ secrets.INTERLYNK_SECURITY_TOKEN }}
-
diff --git a/Dockerfile b/Dockerfile
@@ -1,19 +1,29 @@
-FROM golang:1.20-alpine AS builder
+FROM golang:1.22.2-alpine AS builder
 LABEL org.opencontainers.image.source="https://github.com/interlynk-io/sbomasm"
 
 RUN apk add --no-cache make git
 WORKDIR /app
 COPY go.mod go.sum ./
 RUN go mod download
 COPY . .
+
 RUN make ; make build
 
 FROM scratch
 LABEL org.opencontainers.image.source="https://github.com/interlynk-io/sbomasm"
-LABEL org.opencontainers.image.description="SBOM Assembler - Assembler for SBOMs"
+LABEL org.opencontainers.image.description="Assembler for your sboms"
 LABEL org.opencontainers.image.licenses=Apache-2.0
 
-COPY --from=builder /app/build/sbomasm /app/sbomasm
-COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /bin/sh /bin/grep /bin/busybox /bin/touch /bin/chmod /bin/mkdir /bin/date /bin/cat /bin/
+COPY --from=builder /etc/ssl/certs /etc/ssl/certs
+COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1
+COPY --from=builder /tmp /tmp
+COPY --from=builder /usr/bin /usr/bin
+
+# Copy our static executable
+COPY --from=builder /app/build/sbomasm /app/sbomqs
+
+# Disable version check
+ENV INTERLYNK_DISABLE_VERSION_CHECK=true
 
-ENTRYPOINT [ "/app/sbomasm"]
+ENTRYPOINT [ "/app/sbomasm" ]