Add the ability to run syft from a scratch image.

This change will allow endusers or CI to run syft from a minimum image which will simplify CI deployment. Signed-off-by: Toure Dunnon <toure.dunnon@anchore.com>
2024-09-20 06:01:53 +00:00 · 2020-12-09 10:12:07 -05:00 · 2020-12-09 10:12:07 -05:00 · 07f2c2f702
commit 07f2c2f702
parent 737a81c38c
2 changed files with 36 additions and 0 deletions
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@ -47,6 +47,22 @@ builds:
      -X github.com/anchore/syft/internal/version.buildDate={{.Date}}
      -X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}}

+dockers:
+  -
+    # Docker image name and tags
+    image_templates:
+    - "anchore/syft:latest"
+    - "anchore/syft:{{ .Version }}"
+    - "anchore/syft:{{ .Major }}.{{ .Minor }}"
+    - "anchore/syft:{{ .Major }}"
+    
+    # name of binary to release.
+    binaries:
+    - syft
+
+    # path to Dockerfile.
+    dockerfile: Dockerfile
+
 archives:
  - format: tar.gz
    builds:
--- a/20
+++ b/20
@ -0,0 +1,20 @@
+FROM alpine:latest AS build
+
+# add required ca-certificates for https request.
+RUN apk --no-cache add ca-certificates
+
+# create empty directory for scratch image cache.
+RUN mkdir -p /tmp-syft
+
+# reduce container image to scratch size.
+FROM scratch
+
+# Copy directories and files needed to execute syft.
+COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=build /tmp-syft /tmp
+
+# copy syft binary to rootfs
+COPY syft /
+
+# default path
+ENTRYPOINT ["/syft"]