From 1586443cd811245abae00e0ccf7c6b8faa633a54 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Mon, 25 Dec 2023 00:03:48 -0500 Subject: [PATCH] add sops --- src/tools/build.mk | 7 +++++- src/tools/sops/Dockerfile | 46 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 src/tools/sops/Dockerfile diff --git a/src/tools/build.mk b/src/tools/build.mk index 32c5e4f..7139e82 100644 --- a/src/tools/build.mk +++ b/src/tools/build.mk @@ -11,4 +11,9 @@ out/curl.tgz: \ out/tofu.tgz: \ out/busybox.tgz \ out/go.tgz - $(call build,tools,tofu) \ No newline at end of file + $(call build,tools,tofu) + +out/sops.tgz: \ + out/busybox.tgz \ + out/go.tgz + $(call build,tools,sops) \ No newline at end of file diff --git a/src/tools/sops/Dockerfile b/src/tools/sops/Dockerfile new file mode 100644 index 0000000..d1ba635 --- /dev/null +++ b/src/tools/sops/Dockerfile @@ -0,0 +1,46 @@ + +ARG REGISTRY=local +FROM ${REGISTRY}/go:latest as go +FROM ${REGISTRY}/busybox:latest as busybox +FROM ${REGISTRY}/ca-certificates:latest as ca-certificates + +FROM busybox as base +ENV VERSION=3.8.1 +ENV SRC_SITE=https://github.com/getsops/sops/archive/refs/tags +ENV SRC_HASH=5ca70fb4f96797d09012c705a5bb935835896de7bcd063b98d498912b0e645a0 +RUN echo ${SRC_SITE}/${VERSION}.tar.gz + +FROM base as fetch +COPY --from=go . / +COPY --from=ca-certificates . / + +RUN set -eux; \ + wget ${SRC_SITE}/v${VERSION}.tar.gz; \ + echo "${SRC_HASH} v${VERSION}.tar.gz" | sha256sum -c; + +FROM fetch as build +RUN tar -xvf v${VERSION}.tar.gz +WORKDIR sops-${VERSION} +ENV PWD=/home/user/sops-${VERSION} +ENV GOPATH=${PWD}/cache/go +ENV GOCACHE=${PWD}/cache/ +ENV GOWORK=off +ENV GOPROXY=https://proxy.golang.org,direct +ENV GOSUMDB=sum.golang.org + +ENV CGO_ENABLED=0 +ENV GOHOSTOS=linux +ENV GOHOSTARCH=amd64 +ENV GOFLAGS=-trimpath +RUN mkdir -p ${GOPATH} +RUN go build -o bin/sops ./cmd/sops + +from build as install +USER 0:0 +RUN mkdir -p /rootfs/usr/bin/ +RUN cp bin/sops /rootfs/usr/bin/ + +FROM scratch as package +COPY --from=install /rootfs/ / +ENTRYPOINT ["/usr/bin/sops"] +CMD ["--version"] \ No newline at end of file