Notary 0.6.1, and rather than commit binaries, build using multistage…

… dockerfiles. Signed-off-by: Ying Li <[email protected]>
lag-linaro · Jun 21, 2018 · 3246cae · 3246cae
1 parent ff7ae14
commit 3246cae
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 16 deletions.
diff --git a/notary-server/Dockerfile b/notary-server/Dockerfile
@@ -1,17 +1,24 @@
-FROM alpine:latest
-
-EXPOSE 4443
+FROM golang:1.10.3-alpine
+ENV TAG v0.6.1
+ENV NOTARYPKG github.com/theupdateframework/notary
+WORKDIR /go/src/${NOTARYPKG}
+RUN apk --update add tar
+RUN wget -O notary.tar.gz "https://api.github.com/repos/theupdateframework/notary/tarball/${TAG}" && tar xzf notary.tar.gz --strip-components=1
+RUN go install \
+    -ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`wget -qO- https://api.github.com/repos/theupdateframework/notary/tags | grep -A 5 ${TAG} | grep sha | awk '{print substr($2,2,8)}'` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" \
+    ${NOTARYPKG}/cmd/notary-server
 
-COPY ./server-config.json /notary/server/
-COPY ./notary-server /notary/server/
-COPY ./entrypoint.sh /notary/server/
 
+FROM alpine:latest
+EXPOSE 4443
 WORKDIR /notary/server
 
-RUN adduser -D -H -g "" notary
+COPY ./server-config.json .
+COPY ./entrypoint.sh .
+COPY --from=0 /go/bin/notary-server .
 
+RUN adduser -D -H -g "" notary
 USER notary
-
 ENV PATH=$PATH:/notary/server
 
 ENTRYPOINT [ "entrypoint.sh" ]

diff --git a/notary-server/notary-server b/notary-server/notary-server
diff --git a/notary-signer/Dockerfile b/notary-signer/Dockerfile
@@ -1,18 +1,26 @@
-FROM alpine:latest
+FROM golang:1.10.3-alpine
+ENV TAG v0.6.1
+ENV NOTARYPKG github.com/theupdateframework/notary
+WORKDIR /go/src/${NOTARYPKG}
+RUN apk --update add tar
+RUN wget -O notary.tar.gz "https://api.github.com/repos/theupdateframework/notary/tarball/${TAG}" && tar xzf notary.tar.gz --strip-components=1
+# Since we are not using git to get the repo, use the REST API to get the sha of the digest for the tag.
+RUN go install \
+    -ldflags "-w -X ${NOTARYPKG}/version.GitCommit=`wget -qO- https://api.github.com/repos/theupdateframework/notary/tags | grep -A 5 ${TAG} | grep sha | awk '{print substr($2,2,8)}'` -X ${NOTARYPKG}/version.NotaryVersion=`cat NOTARY_VERSION`" \
+    ${NOTARYPKG}/cmd/notary-signer
+
 
+FROM alpine:latest
 EXPOSE 4444
 EXPOSE 7899
-
-COPY ./signer-config.json /notary/signer/
-COPY ./notary-signer /notary/signer/
-COPY ./entrypoint.sh /notary/signer/
-
 WORKDIR /notary/signer
 
-RUN adduser -D -H -g "" notary
+COPY ./signer-config.json .
+COPY ./entrypoint.sh .
+COPY --from=0 /go/bin/notary-signer .
 
+RUN adduser -D -H -g "" notary
 USER notary
-
 ENV PATH=$PATH:/notary/signer
 
 ENTRYPOINT [ "entrypoint.sh" ]

diff --git a/notary-signer/notary-signer b/notary-signer/notary-signer