From 8221cb91730e5d685bdf72379629053410768a8f Mon Sep 17 00:00:00 2001 From: Scott Hansen Date: Sun, 12 Jan 2020 13:59:30 -0800 Subject: [PATCH 1/4] Use progressive build to reduce final image size - Use progressive build to reduce final image size - Download source during build so only Dockerfile is required to be present on the build host - Add a `version` arg so any tag or branch can be built: `docker build --build-arg=version=v0.25.0 -t wtf .` --- Dockerfile | 11 ++++++++--- README.md | 7 +++++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9381b2ce..46dc3ecd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,11 @@ -FROM golang:1.13-alpine +FROM golang:1.13-alpine as build -RUN apk add --no-cache make ncurses +ARG version=master -COPY . $GOPATH/src/github.com/wtfutil/wtf +RUN apk add git make ncurses && \ + git clone https://github.com/wtfutil/wtf.git $GOPATH/src/github.com/wtfutil/wtf && \ + cd $GOPATH/src/github.com/wtfutil/wtf && \ + git checkout $version ENV GOPROXY=https://proxy.golang.org,direct ENV GO111MODULE=on @@ -14,4 +17,6 @@ ENV PATH=$PATH:./bin RUN make build +FROM alpine +COPY --from=build /go/src/github.com/wtfutil/wtf/bin/wtfutil /usr/local/bin/ ENTRYPOINT "wtfutil" diff --git a/README.md b/README.md index 12cbdf45..8e418c5e 100644 --- a/README.md +++ b/README.md @@ -122,12 +122,15 @@ make run You can run `wtf` inside a docker container: ```bash -# download the source -git clone https://github.com/wtfutil/wtf +# download or create the Dockerfile +curl -o Dockerfile https://raw.githubusercontent.com/wtfutil/wtf/master/Dockerfile # build the docker container docker build -t wtfutil . +# or for a particular tag or branch +docker build --build-args=version=v0.25.0 -t wtfutil . + # run the container docker run -it wtfutil ``` From b8710d6c4590593b1af1dd035cd5c4c457306d31 Mon Sep 17 00:00:00 2001 From: Scott Hansen Date: Sun, 12 Jan 2020 16:22:09 -0800 Subject: [PATCH 2/4] Run wtfutil in Docker as unprivileged user --- Dockerfile | 6 +++++- README.md | 3 +++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 46dc3ecd..8865afb4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,5 +18,9 @@ ENV PATH=$PATH:./bin RUN make build FROM alpine + COPY --from=build /go/src/github.com/wtfutil/wtf/bin/wtfutil /usr/local/bin/ -ENTRYPOINT "wtfutil" +RUN adduser -h /config -DG users -u 20000 wtf + +USER wtf +ENTRYPOINT ["wtfutil"] diff --git a/README.md b/README.md index 8e418c5e..eab37e2f 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,9 @@ docker build --build-args=version=v0.25.0 -t wtfutil . # run the container docker run -it wtfutil + +# run container with a local config file +docker run -it -v path/to/config.yml:/config/config.yml wtfutil --config=/config/config.yml ``` ## Communication From 571526b9938dfdd4067be559a4fd66ec444a7c24 Mon Sep 17 00:00:00 2001 From: Scott Hansen Date: Sun, 12 Jan 2020 16:22:55 -0800 Subject: [PATCH 3/4] Add build Dockerfile to build wtfutil from source in Docker and then copy binary to local machine --- Dockerfile.build | 18 ++++++++++++++++++ README.md | 13 +++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 Dockerfile.build diff --git a/Dockerfile.build b/Dockerfile.build new file mode 100644 index 00000000..7e672aab --- /dev/null +++ b/Dockerfile.build @@ -0,0 +1,18 @@ +FROM golang:1.13 as build + +ARG version=master + +RUN git clone https://github.com/wtfutil/wtf.git $GOPATH/src/github.com/wtfutil/wtf && \ + cd $GOPATH/src/github.com/wtfutil/wtf && \ + git checkout $version + +ENV GOPROXY=https://proxy.golang.org,direct +ENV GO111MODULE=on +ENV GOSUMDB=off + +WORKDIR $GOPATH/src/github.com/wtfutil/wtf + +ENV PATH=$PATH:./bin + +RUN make build && \ + cp bin/wtfutil /usr/local/bin/ diff --git a/README.md b/README.md index eab37e2f..a30fc078 100644 --- a/README.md +++ b/README.md @@ -115,6 +115,19 @@ make install make run ``` +### Installing from Source using Docker + +All building is done inside a docker container. You can then copy the binary to +your local machine. + +```bash +curl -o Dockerfile.build https://raw.githubusercontent.com/wtfutil/wtf/master/Dockerfile.build +docker build -f Dockerfile.build -t wtfutil --build-args=version=master . +docker create --name wtf_build wtfutil +docker cp wtf_build:/usr/local/bin/wtfutil ~/.local/bin +docker rm wtf_build +``` + **Note:** WTF is _only_ compatible with Go versions **1.12.0** or later (due to the use of Go modules and newer standard library functions). If you would like to use `gccgo` to compile, you _must_ use `gccgo-9` or later which introduces support for Go modules. ## Running via Docker From 752cda88e315c91136454b7e2f957dfe6de17243 Mon Sep 17 00:00:00 2001 From: Scott Hansen Date: Sun, 12 Jan 2020 17:00:10 -0800 Subject: [PATCH 4/4] Add docker-build and docker-install targets to Makefile --- Makefile | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 013c6f34..a3888dd2 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: build clean contrib_check coverage help install isntall lint run size test uninstall +.PHONY: build clean contrib_check coverage docker-build docker-install help install isntall lint run size test uninstall # detect GOPATH if not set ifndef $(GOPATH) @@ -48,6 +48,21 @@ coverage: go test -coverprofile=coverage.out ./... go tool cover -html=coverage.out +## docker-build: builds in docker +docker-build: + @echo "Building ${APP} in Docker..." + docker build -t wtfutil:build --build-arg=version=master -f Dockerfile.build . + @echo "Done with docker build" + +## docker-install: installs a local version of the app from docker build +docker-install: + @echo "Installing ${APP}..." + docker create --name wtf_build wtfutil:build + docker cp wtf_build:/usr/local/bin/wtfutil ~/.local/bin/ + $(eval INSTALLPATH = $(shell which ${APP})) + @echo "${APP} installed into ${INSTALLPATH}" + docker rm wtf_build + ## gosec: runs the gosec static security scanner against the source code gosec: gosec -tests ./...