From b1284396d479aa6134bdce357d30948f1e889f00 Mon Sep 17 00:00:00 2001
From: Michael Pleshakov <m.pleshakov@f5.com>
Date: Wed, 13 Mar 2024 11:55:33 -0400
Subject: [PATCH] Avoid unnecessary build of NGF

Problem:
When building an NGF image, building NGF binary will always happen,
even if it's not needed (Docker build target is not local)

Solution:
Fix it by adding a stage for a container that holds CA certs.

Introduced in 799ea76

Closes https://github.com/nginxinc/nginx-gateway-fabric/issues/1680
---
 build/Dockerfile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 2de7f5d980..9646c1455a 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -9,6 +9,8 @@ RUN go mod download
 COPY . /go/src/github.com/nginxinc/nginx-gateway-fabric
 RUN make build
 
+FROM golang:1.22 as ca-certs-provider
+
 FROM alpine:3.19 as capabilizer
 RUN apk add --no-cache libcap
 
@@ -28,7 +30,7 @@ RUN setcap 'cap_kill=+ep' /usr/bin/gateway
 FROM scratch as common
 # CA certs are needed for telemetry report and NGINX Plus usage report features, so that
 # NGF can verify the server's certificate.
-COPY --from=builder --link /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=ca-certs-provider --link /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 USER 102:1001
 ARG BUILD_AGENT
 ENV BUILD_AGENT=${BUILD_AGENT}