Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
zeriyoshi committed Jul 10, 2024
1 parent 7018137 commit 0cf4523
Show file tree
Hide file tree
Showing 4 changed files with 82 additions and 21 deletions.
5 changes: 5 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
.git
.github
*.DS_Store
LICENSE
README.md
37 changes: 37 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: CI

on:
workflow_dispatch:
pull_request_target:
push:
branches:
- main

jobs:
ci:
runs-on: ubuntu-latest
strategy:
matrix:
arch: ["i386", "amd64", "arm64/v8", "arm/v7"]
busybox: ["glibc", "musl", "uclibc"]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: arm64,arm
- name: Setup buildx
uses: docker/setup-buildx-action@v3
- name: Build container
uses: docker/build-push-action@v6
with:
build-args: ARCH=${{ matrix.arch }}
context: .
file: ./Dockerfile
load: true
push: false
tags: test-${{ matrix.arch }}-${{ matrix.busybox }}
- name: Test
run: |
test "$(docker run --rm -it "test-${{ matrix.arch }}-${{ matrix.busybox }}" -c "php -r 'echo shell_exec(\"whoami\");'")" = "nonroot"
42 changes: 21 additions & 21 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,41 +1,41 @@
ARG _DEB_VERSION="12"

ARG ARCH="arm64/v8"
ARG PKGS="bash curl php"
ARG BINS="bash curl php"

ARG BASE_IMAGE="debian"
ARG BASE_TAG="12"
ARG BASE="debian:${_DEB_VERSION}"
ARG BASE_PKGS="php"
ARG BASE_BINS="php"
ARG BASE_PKG_INSTALL_CMD="apt-get update && apt-get install -y"

ARG TARGET_IMAGE="gcr.io/distroless/base-nossl-debian${BASE_TAG}"
ARG TARGET_TAG="latest"
ARG BUSYBOX="busybox:latest"

ARG TARGET="gcr.io/distroless/base-nossl-debian${_DEB_VERSION}:latest"

FROM --platform="linux/${ARCH}" ${BUSYBOX} AS busybox

FROM --platform="linux/${ARCH}" ${BASE_IMAGE}:${BASE_TAG} AS base
FROM --platform="linux/${ARCH}" ${BASE} AS base

ARG PKGS
ARG BINS
ARG BASE_PKGS
ARG BASE_BINS
ARG BASE_PKG_INSTALL_CMD

COPY --chmod=755 "dependency_resolve" "/usr/local/bin/dependency_resolve"

RUN /bin/sh -c "${BASE_PKG_INSTALL_CMD} ${PKGS}" \
RUN /bin/sh -c "${BASE_PKG_INSTALL_CMD} ${BASE_PKGS}" \
&& /usr/local/bin/dependency_resolve \
"$(which "ldd")" \
$(echo "${BINS}" | xargs which) \
| xargs -I {} sh -c 'mkdir -p /root/rootfs/$(dirname "{}") && cp -apP "{}" "/root/rootfs/{}"' \
&& for BINARY in ${BINS}; do \
"${BINARY}" --version >> "/root/rootfs/expect.txt"; \
done
$(echo "${BASE_BINS}" | xargs which) \
| xargs -I {} sh -c 'mkdir -p /root/rootfs/$(dirname "{}") && cp -apP "{}" "/root/rootfs/{}"'

FROM --platform="linux/${ARCH}" busybox:latest as busybox
FROM --platform="linux/${ARCH}" ${TARGET} AS target

FROM --platform="linux/${ARCH}" ${TARGET_IMAGE}:${TARGET_TAG} as target

ARG PKGS
ARG BINS
ARG BASE_BINS

COPY --from=base "/root/rootfs" "/"

COPY --from=busybox "/bin/busybox" "/bin/busybox"
RUN ["/bin/busybox", "ln", "-s", "/bin/busybox", "/bin/sh"]
RUN ["/bin/busybox", "--install", "-s"]

USER nonroot

ENTRYPOINT ["/bin/sh"]
19 changes: 19 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# dependency_resolve - distroless packaging support

Binary packaging support tool for distroless / alpine.

## Usage

```Dockerfile
FROM debian:12 AS builder
COPY --chmod=755 "dependency_resolve" "/usr/local/bin/dependency_resolve"
RUN apt-get update && apt-get install -y "php"
RUN dependency_resolve "$(which "ldd")" "$(which "php")" | xargs -I {} sh -c 'mkdir -p /root/rootfs/$(dirname "{}") && cp -apP "{}" "/root/rootfs/{}"'

FROM gcr.io/distroless/base-nossl-debian12:latest
COPY --from=builder "/root/rootfs" "/"

ENTRYPOINT ["/usr/bin/php"]
```

See `Dockerfile` for more details.

0 comments on commit 0cf4523

Please sign in to comment.