-
-
Notifications
You must be signed in to change notification settings - Fork 24
/
Dockerfile.examples
50 lines (44 loc) · 3.13 KB
/
Dockerfile.examples
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# This Dockerfile is meant for generating example SBOMs in a way
# that is reproducible for everyone.
FROM golang:1.23.2-alpine3.20@sha256:9dd2625a1ff2859b8d8b01d8f7822c0f528942fe56cfe7a1e7c38d3b8d72d679 AS build
WORKDIR /usr/src/app
RUN apk --no-cache add git make
COPY ./go.mod ./go.sum ./
RUN go mod download
COPY . .
RUN make install
FROM golang:1.23.2-alpine3.20@sha256:9dd2625a1ff2859b8d8b01d8f7822c0f528942fe56cfe7a1e7c38d3b8d72d679
VOLUME /examples
# Install prerequisites
RUN apk --no-cache add git icu-dev && \
git config --system advice.detachedHead false
# Install CycloneDX CLI
RUN if [ "$(uname -m)" == "aarch64" ]; then CLI_ARCH="arm64"; else CLI_ARCH="musl-x64"; fi && \
wget -q -O /usr/local/bin/cyclonedx "https://github.com/CycloneDX/cyclonedx-cli/releases/download/v0.26.0/cyclonedx-linux-${CLI_ARCH}" && \
chmod +x /usr/local/bin/cyclonedx
# Install cyclonedx-gomod
COPY --from=build /go/bin/cyclonedx-gomod /usr/local/bin/
# Create example SBOM generation script.
# The script clones a specific Minikube version and downloads a corresponding prebuilt Minikube binary.
# It then generates SBOMs for Minikube in multiple flavors and checks their validity using the CycloneDX CLI.
RUN echo -e "#!/bin/sh\n\n\
set -ex\n\
git clone --branch v1.23.1 --single-branch https://github.com/kubernetes/minikube.git /tmp/minikube \n\
wget -q -O /tmp/minikube-linux-amd64 https://github.com/kubernetes/minikube/releases/download/v1.23.1/minikube-linux-amd64 \n\
echo 'fc23f94e870b18c2fc015af18fe2dee00452059100e42a5483b9440da1a5fba2 /tmp/minikube-linux-amd64' | sha256sum -c \n\
chmod +x /tmp/minikube-linux-amd64 \n\
\n\
cyclonedx-gomod app -json -output /examples/app_minikube-v1.23.1.bom.json -licenses -main cmd/minikube -output-version 1.5 /tmp/minikube \n\
cyclonedx-gomod app -json -output /examples/app_minikube-v1.23.1_with-packages.bom.json -licenses -packages -main cmd/minikube -output-version 1.5 /tmp/minikube \n\
cyclonedx-gomod app -json -output /examples/app_minikube-v1.23.1_with-files.bom.json -licenses -packages -files -main cmd/minikube -output-version 1.5 /tmp/minikube \n\
cyclonedx-gomod mod -json -output /examples/mod_minikube-v1.23.1.bom.json -licenses -output-version 1.5 /tmp/minikube \n\
cyclonedx-gomod bin -json -output /examples/bin_minikube-v1.23.1.bom.json -licenses -version v1.23.1 -output-version 1.5 /tmp/minikube-linux-amd64 \n\
\n\
cyclonedx validate --input-file /examples/app_minikube-v1.23.1.bom.json --input-format json --input-version v1_5 --fail-on-errors \n\
cyclonedx validate --input-file /examples/app_minikube-v1.23.1_with-packages.bom.json --input-format json --input-version v1_5 --fail-on-errors \n\
cyclonedx validate --input-file /examples/app_minikube-v1.23.1_with-files.bom.json --input-format json --input-version v1_5 --fail-on-errors \n\
cyclonedx validate --input-file /examples/mod_minikube-v1.23.1.bom.json --input-format json --input-version v1_5 --fail-on-errors \n\
cyclonedx validate --input-file /examples/bin_minikube-v1.23.1.bom.json --input-format json --input-version v1_5 --fail-on-errors \
" > /usr/local/bin/generate-examples.sh
ENTRYPOINT ["/bin/sh"]
CMD ["/usr/local/bin/generate-examples.sh"]