master

分支 (41)

标签 (46)

管理

管理

master

v0.9.2-dev

v0.9.1-dev

rprince/ubi83

add_more_functional_test

issue-155

rprince/remove-py36-ci

v0.9.0-dev

dev/nurmi/systemwait_feeds_fix

issue-100

issue-94

issue-95

ci_add_redhat_task

ci-test-status-checks

fix_prod_image_tag

version_bump_v0.7.2

issue-84

issue-81

pull-ubi8

test-image

v0.9.1

v0.9.1-rc2

v0.9.1-rc1

v0.9.1-rc0

v0.9.0

v0.9.0-rc1

v0.9.0-rc0

v0.8.2

v0.8.2-rc0

v0.8.1

v0.8.1-rc2

v0.8.1-rc1

v0.8.1-rc0

v0.8.0

v0.8.0-rc0

v0.7.2

v0.7.2-rc1

v0.7.2-rc0

v0.7.1

v0.7.1-rc0

anchore-cli
/
Dockerfile

FROM registry.access.redhat.com/ubi8/ubi:8.3 as anchore-cli-builder

######## This is stage1 where anchore wheels, binary deps, and any items from the source tree get staged to /build_output ########

ENV LANG=en_US.UTF-8 LC_ALL=C.UTF-8

COPY . /buildsource
WORKDIR /buildsource

RUN set -ex && \
    mkdir -p /build_output /build_output/deps /build_output/configs /build_output/wheels

RUN set -ex && \
    echo "installing OS dependencies" && \
    yum update -y && \
    yum install -y gcc make python38 python38-wheel

# create anchore binaries
RUN set -ex && \
    echo "installing anchore" && \
    pip3 wheel --wheel-dir=/build_output/wheels . && \
    cp ./LICENSE /build_output/ && \
    cp ./docker-entrypoint.sh /build_output/configs/docker-entrypoint.sh

RUN tar -z -c -v -C /build_output -f /anchore-buildblob.tgz .

FROM registry.access.redhat.com/ubi8/ubi:8.3 as anchore-cli-final

ARG CLI_COMMIT
ARG ANCHORE_CLI_VERSION="0.9.1"
ARG ANCHORE_CLI_RELEASE="r0"

# Copy artifacts from build step
COPY --from=anchore-cli-builder /build_output /build_output

# Container metadata section

MAINTAINER dev@anchore.com

LABEL anchore_cli_commit=$CLI_COMMIT \
      source="https://github.com/anchore/anchore-cli" \
      name="anchore-cli" \
      maintainer="dev@anchore.com" \
      vendor="Anchore Inc." \
      version=$ANCHORE_CLI_VERSION \
      release=$ANCHORE_CLI_RELEASE \
      summary="Anchore Engine CLI - python client for use against the anchore-engine container image scanning service, for policy-based security, best-practice and compliance enforcement." \
      description="Anchore is an open platform for container security and compliance that allows developers, operations, and security teams to discover, analyze, and certify container images on-premises or in the cloud. The Anchore CLI is a python client that can be used to access and manager Anchore Engine - the on-prem, OSS, API accessible service that allows ops and developers to perform detailed analysis, run queries, produce reports and define policies on container images that can be used in CI/CD pipelines to ensure that only containers that meet your organization’s requirements are deployed into production."

# Default values that should be overridden in most cases on each container exec
ENV ANCHORE_CLI_USER=admin
ENV ANCHORE_CLI_PASS=foobar
ENV ANCHORE_CLI_URL=http://localhost:8228/v1/
ENV LANG=en_US.UTF-8
ENV LC_ALL=C.UTF-8

# Build dependencies

RUN yum update -y && \
    yum install -y python38 python38-wheel

# Setup container default configs and directories

WORKDIR /anchore-cli

# Perform OS setup

RUN set -ex && \
    groupadd --gid 1000 anchore && \
    useradd --uid 1000 --gid anchore --shell /bin/bash --create-home anchore && \
    mkdir -p /licenses/ && \
    cp /build_output/LICENSE /licenses/ && \
    cp /build_output/configs/docker-entrypoint.sh /docker-entrypoint.sh

# Perform any base OS specific setup

# Perform the anchore-cli build and install

RUN set -ex && \
    pip3 install --no-index --find-links=./ /build_output/wheels/*.whl && \
    rm -rf /build_output /root/.cache

USER anchore:anchore

ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["/bin/bash"]