restic/docker/Dockerfile.release
Michael Eischer 3a93e28605 CI: Remove .dockerignore to ensure reproducible builds
Since go 1.18, built binaries also include VCS information such as the
built commit. This information is also included in the official
binaries. To ensure that the Docker container recreates the same
binaries, the .git folder must also be transferred into the container.
Thus, remove the .dockerignore file.

The copied files must also be owned by the current user within the
container, as git refuses to work otherwise.
2023-07-08 23:16:14 +02:00

18 lines
621 B
Text

# the official binaries are cross-built from Linux running on an AMD64 host
# other architectures also seem to generate identical binaries but stay on the safe side
FROM --platform=linux/amd64 restic/builder:latest as helper
ARG TARGETOS
ARG TARGETARCH
COPY --chown=build . /restic
RUN go run helpers/build-release-binaries/main.go --platform $TARGETOS/$TARGETARCH --skip-compress
RUN mv /output/restic_${TARGETOS}_${TARGETARCH} /output/restic
FROM alpine:latest
COPY --from=helper /output/restic /usr/bin
RUN apk add --update --no-cache ca-certificates fuse openssh-client tzdata jq
ENTRYPOINT ["/usr/bin/restic"]