From 07f2c2f7028f8ddc64ca00862dfdd18bd80d2e46 Mon Sep 17 00:00:00 2001
From: Toure Dunnon <toure.dunnon@anchore.com>
Date: Wed, 9 Dec 2020 10:12:07 -0500
Subject: [PATCH] Add the ability to run syft from a scratch image.

This change will allow endusers or CI to run syft from a
minimum image which will simplify CI deployment.

Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
---
 .goreleaser.yaml | 16 ++++++++++++++++
 Dockerfile       | 20 ++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 Dockerfile

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index f1fd98345..1944024b4 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -47,6 +47,22 @@ builds:
       -X github.com/anchore/syft/internal/version.buildDate={{.Date}}
       -X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}
 
+dockers:
+  -
+    # Docker image name and tags
+    image_templates:
+    - "anchore/syft:latest"
+    - "anchore/syft:{{ .Version }}"
+    - "anchore/syft:{{ .Major }}.{{ .Minor }}"
+    - "anchore/syft:{{ .Major }}"
+    
+    # name of binary to release.
+    binaries:
+    - syft
+
+    # path to Dockerfile.
+    dockerfile: Dockerfile
+
 archives:
   - format: tar.gz
     builds:
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..dea78e257
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,20 @@
+FROM alpine:latest AS build
+
+# add required ca-certificates for https request.
+RUN apk --no-cache add ca-certificates
+
+# create empty directory for scratch image cache.
+RUN mkdir -p /tmp-syft
+
+# reduce container image to scratch size.
+FROM scratch
+
+# Copy directories and files needed to execute syft.
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build /tmp-syft /tmp
+
+# copy syft binary to rootfs
+COPY syft /
+
+# default path
+ENTRYPOINT ["/syft"]