From 815fee2383ef6f654bae60d5c10d62506cc047c9 Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Tue, 19 Jul 2022 12:57:44 -0400 Subject: [PATCH 1/7] move from scratch to distroless base Signed-off-by: Christopher Phillips --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 697d148808b..2fa2846049b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:latest AS build RUN apk --no-cache add ca-certificates -FROM scratch +FROM gcr.io/distroless/base # needed for version check HTTPS request COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt @@ -27,6 +27,5 @@ LABEL org.opencontainers.image.licenses="Apache-2.0" LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md" LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png" LABEL io.artifacthub.package.license="Apache-2.0" - ENTRYPOINT ["/syft"] From 5a36b25b101f93d60c9998ea9b18782afcbd9d19 Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Wed, 20 Jul 2022 10:32:17 -0400 Subject: [PATCH 2/7] update image_templates and manifests for new debug image Signed-off-by: Christopher Phillips --- .goreleaser.yaml | 51 +++++++++++++++++++++++++----------------------- Dockerfile | 2 +- debug.Dockerfile | 25 ++++++++++++++++++++++++ 3 files changed, 53 insertions(+), 25 deletions(-) create mode 100644 debug.Dockerfile diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 9ec9947e5b5..800e5b80d94 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -98,14 +98,21 @@ brews: dockers: - image_templates: - - "anchore/syft:latest" - - "anchore/syft:{{ .Tag }}-amd64" - - "anchore/syft:v{{ .Major }}-amd64" - - "anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64" - - "ghcr.io/anchore/syft:latest" - - "ghcr.io/anchore/syft:{{ .Tag }}-amd64" - - "ghcr.io/anchore/syft:v{{ .Major }}-amd64" - - "ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64" + - anchore/syft:{{.Tag}}-debug + goarch: amd64 + dockerfile: debug.Dockerfile + use: buildx + build_flag_templates: + - "--platform=linux/amd64" + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" + + - image_templates: + - anchore/syft:latest + - ghcr.io/anchore/syft:latest + - ghcr.io/anchore/syft:{{.Tag}}-amd64 goarch: amd64 dockerfile: Dockerfile use: buildx @@ -117,12 +124,8 @@ dockers: - "--build-arg=VCS_URL={{.GitURL}}" - image_templates: - - "anchore/syft:{{ .Tag }}-arm64v8" - - "anchore/syft:v{{ .Major }}-arm64v8" - - "anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8" - - "ghcr.io/anchore/syft:{{ .Tag }}-arm64v8" - - "ghcr.io/anchore/syft:v{{ .Major }}-arm64v8" - - "ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8" + - anchore/syft:{{.Tag}}-arm64v8 + - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 goarch: arm64 dockerfile: Dockerfile use: buildx @@ -134,19 +137,19 @@ dockers: - "--build-arg=VCS_URL={{.GitURL}}" docker_manifests: - - name_template: anchore/syft:{{ .Tag }} + - name_template: anchore/syft:{{.Tag}} image_templates: - - anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64 - - anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8 + - anchore/syft:{{.Tag}}-amd64 + - anchore/syft:{{.Tag}}-arm64v8 - name_template: anchore/syft:latest image_templates: - - anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64 - - anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8 - - name_template: ghcr.io/anchore/syft:{{ .Tag }} + - anchore/syft:{{.Tag}}-amd64 + - anchore/syft:{{.Tag}}-arm64v8 + - name_template: ghcr.io/anchore/syft:{{.Tag}} image_templates: - - ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64 - - ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8 + - ghcr.io/anchore/syft:{{.Tag}}-amd64 + - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - name_template: ghcr.io/anchore/syft:latest image_templates: - - ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64 - - ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8 + - ghcr.io/anchore/syft:{{.Tag}}-amd64 + - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 diff --git a/Dockerfile b/Dockerfile index 2fa2846049b..43003f67a82 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:latest AS build RUN apk --no-cache add ca-certificates -FROM gcr.io/distroless/base +FROM scratch # needed for version check HTTPS request COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt diff --git a/debug.Dockerfile b/debug.Dockerfile new file mode 100644 index 00000000000..3c1761cf41d --- /dev/null +++ b/debug.Dockerfile @@ -0,0 +1,25 @@ +FROM gcr.io/distroless/static-debian11:debug + +# create the /tmp dir, which is needed for image content cache +WORKDIR /tmp + +COPY syft / + +ARG BUILD_DATE +ARG BUILD_VERSION +ARG VCS_REF +ARG VCS_URL + +LABEL org.opencontainers.image.created=$BUILD_DATE +LABEL org.opencontainers.image.title="syft" +LABEL org.opencontainers.image.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems" +LABEL org.opencontainers.image.source=$VCS_URL +LABEL org.opencontainers.image.revision=$VCS_REF +LABEL org.opencontainers.image.vendor="Anchore, Inc." +LABEL org.opencontainers.image.version=$BUILD_VERSION +LABEL org.opencontainers.image.licenses="Apache-2.0" +LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md" +LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png" +LABEL io.artifacthub.package.license="Apache-2.0" + +ENTRYPOINT ["/syft"] From 919b18dccaef1ae7d27cb0e81f8f04846a362e2a Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Wed, 20 Jul 2022 10:34:17 -0400 Subject: [PATCH 3/7] add debug image for ghcr Signed-off-by: Christopher Phillips --- .goreleaser.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 800e5b80d94..329a88f5ca6 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -99,6 +99,7 @@ brews: dockers: - image_templates: - anchore/syft:{{.Tag}}-debug + - ghcr.io/anchore/syft:{{.Tag}}-debug goarch: amd64 dockerfile: debug.Dockerfile use: buildx From 16186655739245272d40c016a72f6006493fa88d Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Wed, 20 Jul 2022 10:41:16 -0400 Subject: [PATCH 4/7] update name to keep files close in tree Signed-off-by: Christopher Phillips --- .goreleaser.yaml | 2 +- debug.Dockerfile => Dockerfile.debug | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename debug.Dockerfile => Dockerfile.debug (100%) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 329a88f5ca6..1ea284b38b3 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -101,7 +101,7 @@ dockers: - anchore/syft:{{.Tag}}-debug - ghcr.io/anchore/syft:{{.Tag}}-debug goarch: amd64 - dockerfile: debug.Dockerfile + dockerfile: Dockerfile.debug use: buildx build_flag_templates: - "--platform=linux/amd64" diff --git a/debug.Dockerfile b/Dockerfile.debug similarity index 100% rename from debug.Dockerfile rename to Dockerfile.debug From f91a109c9c036f1e8289ea66bb1cfbb1c500a0a7 Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Wed, 20 Jul 2022 10:49:31 -0400 Subject: [PATCH 5/7] source ca-certificates from same base image Signed-off-by: Christopher Phillips --- Dockerfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 43003f67a82..c93c21fabf3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,4 @@ -FROM alpine:latest AS build - -RUN apk --no-cache add ca-certificates +FROM gcr.io/distroless/static-debian11:debug AS build FROM scratch # needed for version check HTTPS request From 3d3b349ebe0f6f30b2c432bdb887322fe8897d28 Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Wed, 20 Jul 2022 10:50:29 -0400 Subject: [PATCH 6/7] add rolling debug template Signed-off-by: Christopher Phillips --- .goreleaser.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index 1ea284b38b3..a5deca1cc76 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -98,6 +98,7 @@ brews: dockers: - image_templates: + - anchore/syft:debug - anchore/syft:{{.Tag}}-debug - ghcr.io/anchore/syft:{{.Tag}}-debug goarch: amd64 From c521582bc2008f7b70fe28fd476cb81fb10b8fab Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Wed, 20 Jul 2022 11:36:25 -0400 Subject: [PATCH 7/7] update to add m1 debug image Signed-off-by: Christopher Phillips --- .goreleaser.yaml | 47 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 38 insertions(+), 9 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index a5deca1cc76..7cf37dc8392 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -100,6 +100,7 @@ dockers: - image_templates: - anchore/syft:debug - anchore/syft:{{.Tag}}-debug + - ghcr.io/anchore/syft:debug - ghcr.io/anchore/syft:{{.Tag}}-debug goarch: amd64 dockerfile: Dockerfile.debug @@ -111,10 +112,26 @@ dockers: - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_URL={{.GitURL}}" + - image_templates: + - anchore/syft:debug-arm64v8 + - anchore/syft:{{.Tag}}-debug-arm64v8 + - ghcr.io/anchore/syft:debug-arm64v8 + - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 + goarch: arm64 + dockerfile: Dockerfile.debug + use: buildx + build_flag_templates: + - "--platform=linux/arm64/v8" + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" + - image_templates: - anchore/syft:latest + - anchore/syft:{{.Tag}} - ghcr.io/anchore/syft:latest - - ghcr.io/anchore/syft:{{.Tag}}-amd64 + - ghcr.io/anchore/syft:{{.Tag}} goarch: amd64 dockerfile: Dockerfile use: buildx @@ -139,19 +156,31 @@ dockers: - "--build-arg=VCS_URL={{.GitURL}}" docker_manifests: + - name_template: anchore/syft:latest + image_templates: + - anchore/syft:{{.Tag}} + - anchore/syft:{{.Tag}}-arm64v8 + + - name_template: anchore/syft:debug + - anchore/syft:{{.Tag}}-debug + - anchore/syft:{{.Tag}}-debug-arm64v8 + - name_template: anchore/syft:{{.Tag}} image_templates: - - anchore/syft:{{.Tag}}-amd64 + - anchore/syft:{{.Tag}} - anchore/syft:{{.Tag}}-arm64v8 - - name_template: anchore/syft:latest + + - name_template: ghcr.io/anchore/syft:latest image_templates: - - anchore/syft:{{.Tag}}-amd64 + - anchore/syft:{{.Tag}} - anchore/syft:{{.Tag}}-arm64v8 - - name_template: ghcr.io/anchore/syft:{{.Tag}} + + - name_template: ghcr.io/anchore/syft:debug image_templates: - - ghcr.io/anchore/syft:{{.Tag}}-amd64 - - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - - name_template: ghcr.io/anchore/syft:latest + - ghcr.io/anchore/syft:{{.Tag}}-debug + - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 + + - name_template: ghcr.io/anchore/syft:{{.Tag}} image_templates: - - ghcr.io/anchore/syft:{{.Tag}}-amd64 + - ghcr.io/anchore/syft:{{.Tag}} - ghcr.io/anchore/syft:{{.Tag}}-arm64v8