From 095116ee138de1af829ffcfd93027e97aafdaec8 Mon Sep 17 00:00:00 2001
From: Rohan Khandelwal <98796241+rohankh532@users.noreply.github.com>
Date: Tue, 5 Apr 2022 17:13:27 -0700
Subject: [PATCH] reverted dockerfile to shell (#164)

---
 Dockerfile | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index bb251331..90697368 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -21,30 +21,23 @@
 #           -e INPUT_REPO_TOKEN=$GITHUB_AUTH_TOKEN \
 #           -e GITHUB_REPOSITORY="ossf/scorecard" \
 #           laurentsimon/scorecard-action:latest
+FROM gcr.io/openssf/scorecard:v4.1.0@sha256:a1e9bb4a0976e800e977c986522b0e1c4e0466601642a84470ec1458b9fa6006 as base
 
-#v1.17 go
-FROM golang@sha256:bd9823cdad5700fb4abe983854488749421d5b4fc84154c30dae474100468b85 AS base
-WORKDIR /src
-ENV CGO_ENABLED=0
-COPY go.* ./
-RUN go mod download
-COPY . ./
-
-FROM base AS build
-ARG TARGETOS
-ARG TARGETARCH
-RUN CGO_ENABLED=0 make build
-
-# TODO: use distroless:
-# FROM gcr.io/distroless/base:nonroot@sha256:02f667185ccf78dbaaf79376b6904aea6d832638e1314387c2c2932f217ac5cb
+# Build our image and update the root certs.
+# TODO: use distroless.
 FROM debian:11.3-slim@sha256:78fd65998de7a59a001d792fe2d3a6d2ea25b6f3f068e5c84881250373577414
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
-    # For debugging.
     jq ca-certificates curl
-COPY --from=build /src/scorecard-action /
+
+# Copy the scorecard binary from the official scorecard image.
+COPY --from=base /scorecard /scorecard
 
 # Copy a test policy for local testing.
 COPY policies/template.yml  /policy.yml
 
-ENTRYPOINT [ "/scorecard-action" ]
\ No newline at end of file
+# Our entry point.
+# Note: the file is executable in the repo
+# and permission carry over to the image.
+COPY entrypoint.sh /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
\ No newline at end of file