-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathContainerfile
More file actions
51 lines (38 loc) · 1.52 KB
/
Containerfile
File metadata and controls
51 lines (38 loc) · 1.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
FROM quay.io/centos/centos:stream9 AS builder
ARG RUST_VERSION=stable
RUN dnf install --enablerepo=crb -y \
clang \
libbpf-devel \
openssl-devel \
protobuf-compiler \
protobuf-devel && \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
sh -s -- -y --default-toolchain $RUST_VERSION --profile minimal
ENV PATH=/root/.cargo/bin:${PATH}
WORKDIR /app
COPY . .
FROM builder AS build
ARG FACT_VERSION
RUN --mount=type=cache,target=/root/.cargo/registry \
--mount=type=cache,target=/app/target \
cargo build --release && \
cp target/release/fact fact
FROM registry.access.redhat.com/ubi9/ubi-minimal:latest
ARG FACT_VERSION
LABEL name="fact" \
vendor="StackRox" \
maintainer="support@stackrox.com" \
summary="File activity data collection for the StackRox Kubernetes Security Platform" \
description="This image supports file activity data collection in the StackRox Kubernetes Security Platform." \
io.stackrox.fact.version="${FACT_VERSION}"
RUN microdnf install -y openssl-libs crypto-policies-scripts && \
# Enable post-quantum cryptography key exchange for TLS.
update-crypto-policies --set DEFAULT:PQ && \
microdnf clean all && \
rpm --verbose -e --nodeps $( \
rpm -qa 'curl' '*rpm*' '*dnf*' '*libsolv*' '*hawkey*' 'yum*' 'libyaml*' 'libarchive*' \
) && \
rm -rf /var/cache/yum
COPY --from=build /app/fact /usr/local/bin
COPY LICENSE-APACHE LICENSE-MIT LICENSE-GPL2 /licenses/
ENTRYPOINT ["fact"]