From 2d539adf0f32e3ff5cd5cb8139194df3d3025e6c Mon Sep 17 00:00:00 2001 From: huynaism Date: Wed, 13 Nov 2024 11:50:05 +0700 Subject: [PATCH] bump alpine to resolve some CVEs --- Dockerfile | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index dd21840..33b33bf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,10 +9,10 @@ ARG VERSION # Use muslc for static libs ARG BUILD_TAGS="muslc" - +# hadolint ignore=DL3018 RUN apk add --no-cache --update openssh git make build-base linux-headers libc-dev \ pkgconfig zeromq-dev musl-dev alpine-sdk libsodium-dev \ - libzmq-static libsodium-static gcc + libzmq-static libsodium-static gcc && rm -rf /var/cache/apk/* # Build WORKDIR /go/src/github.com/babylonlabs-io/vigilante @@ -27,12 +27,13 @@ RUN if [ -n "${VERSION}" ]; then \ fi # Cosmwasm - Download correct libwasmvm version +SHELL ["/bin/ash", "-eo", "pipefail", "-c"] RUN WASMVM_VERSION=$(go list -m github.com/CosmWasm/wasmvm/v2 | cut -d ' ' -f 2) && \ - wget https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/libwasmvm_muslc.$(uname -m).a \ - -O /lib/libwasmvm_muslc.$(uname -m).a && \ + wget -q https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/libwasmvm_muslc.$(uname -m).a \ + -O /lib/libwasmvm_muslc."$(uname -m)".a && \ # verify checksum - wget https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/checksums.txt -O /tmp/checksums.txt && \ - sha256sum /lib/libwasmvm_muslc.$(uname -m).a | grep $(cat /tmp/checksums.txt | grep libwasmvm_muslc.$(uname -m) | cut -d ' ' -f 1) + wget -q https://github.com/CosmWasm/wasmvm/releases/download/$WASMVM_VERSION/checksums.txt -O /tmp/checksums.txt && \ + sha256sum /lib/libwasmvm_muslc."$(uname -m)".a | grep $(cat /tmp/checksums.txt | grep libwasmvm_muslc."$(uname -m)" | cut -d ' ' -f 1) RUN CGO_LDFLAGS="$CGO_LDFLAGS -lstdc++ -lm -lsodium" \ CGO_ENABLED=1 \ @@ -43,7 +44,8 @@ RUN CGO_LDFLAGS="$CGO_LDFLAGS -lstdc++ -lm -lsodium" \ FROM alpine:3.20 AS run # Create a user RUN addgroup --gid 1138 -S vigilante && adduser --uid 1138 -S vigilante -G vigilante -RUN apk add bash curl jq +# hadolint ignore=DL3018 +RUN apk --no-cache add bash curl jq && rm -rf /var/cache/apk/* # Label should match your github repo LABEL org.opencontainers.image.source="https://github.com/babylonlabs-io/vigilante:${VERSION}"