Merge remote-tracking branch 'distrust/feat/add-sops'

2024-01-16 16:53:47 -08:00 · 2024-01-16 16:53:47 -08:00 · 79b2160578
parent 02ef9b0228 1586443cd8
commit 79b2160578
2 changed files with 52 additions and 1 deletions
--- a/src/tools/build.mk
+++ b/src/tools/build.mk
@ -11,4 +11,9 @@ out/curl.tgz: \
 out/tofu.tgz: \
 	out/busybox.tgz \
 	out/go.tgz
-	$(call build,tools,tofu)
+	$(call build,tools,tofu)
+
+out/sops.tgz: \
+	out/busybox.tgz \
+	out/go.tgz
+	$(call build,tools,sops)
--- a/src/tools/sops/Dockerfile
+++ b/src/tools/sops/Dockerfile
@ -0,0 +1,46 @@
+
+ARG REGISTRY=local
+FROM ${REGISTRY}/go:latest as go
+FROM ${REGISTRY}/busybox:latest as busybox 
+FROM ${REGISTRY}/ca-certificates:latest as ca-certificates
+
+FROM busybox as base
+ENV VERSION=3.8.1
+ENV SRC_SITE=https://github.com/getsops/sops/archive/refs/tags
+ENV SRC_HASH=5ca70fb4f96797d09012c705a5bb935835896de7bcd063b98d498912b0e645a0
+RUN echo ${SRC_SITE}/${VERSION}.tar.gz
+
+FROM base as fetch
+COPY --from=go . /
+COPY --from=ca-certificates . /
+
+RUN set -eux; \
+    wget ${SRC_SITE}/v${VERSION}.tar.gz; \
+    echo "${SRC_HASH}  v${VERSION}.tar.gz" | sha256sum -c; 
+
+FROM fetch as build
+RUN tar -xvf v${VERSION}.tar.gz
+WORKDIR sops-${VERSION}
+ENV PWD=/home/user/sops-${VERSION}
+ENV GOPATH=${PWD}/cache/go
+ENV GOCACHE=${PWD}/cache/
+ENV GOWORK=off
+ENV GOPROXY=https://proxy.golang.org,direct
+ENV GOSUMDB=sum.golang.org
+
+ENV CGO_ENABLED=0
+ENV GOHOSTOS=linux
+ENV GOHOSTARCH=amd64
+ENV GOFLAGS=-trimpath 
+RUN mkdir -p ${GOPATH}
+RUN go build -o bin/sops ./cmd/sops
+
+from build as install
+USER 0:0
+RUN mkdir -p /rootfs/usr/bin/
+RUN cp bin/sops /rootfs/usr/bin/
+
+FROM scratch as package
+COPY --from=install /rootfs/ /
+ENTRYPOINT ["/usr/bin/sops"]
+CMD ["--version"]