forked from TrueCloudLab/certificates
Fixes #344; also gets docker buildx working on both darwin & linux
This commit is contained in:
parent
393f3efe69
commit
9815a38a2c
2 changed files with 30 additions and 11 deletions
|
@ -1,12 +1,19 @@
|
||||||
|
FROM golang:alpine AS builder
|
||||||
|
|
||||||
|
RUN mkdir /src
|
||||||
|
ADD . /src
|
||||||
|
|
||||||
|
RUN apk add --no-cache make git curl && \
|
||||||
|
cd /src && \
|
||||||
|
make V=1 bin/step-ca
|
||||||
|
|
||||||
FROM smallstep/step-cli:latest
|
FROM smallstep/step-cli:latest
|
||||||
|
|
||||||
ARG BINPATH="bin/step-ca"
|
COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca
|
||||||
|
|
||||||
ENV CONFIGPATH="/home/step/config/ca.json"
|
ENV CONFIGPATH="/home/step/config/ca.json"
|
||||||
ENV PWDPATH="/home/step/secrets/password"
|
ENV PWDPATH="/home/step/secrets/password"
|
||||||
|
|
||||||
COPY $BINPATH "/usr/local/bin/step-ca"
|
|
||||||
|
|
||||||
USER root
|
USER root
|
||||||
RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca
|
RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca
|
||||||
USER step
|
USER step
|
||||||
|
|
|
@ -6,18 +6,32 @@
|
||||||
# binary is copied to a new image that is optimized for size.
|
# binary is copied to a new image that is optimized for size.
|
||||||
#########################################
|
#########################################
|
||||||
|
|
||||||
|
# Testing: output images to out/ with -o out, like this:
|
||||||
|
# docker buildx build . --progress plain -t step-ca:master -f docker/Dockerfile --platform linux/amd64,linux/arm/v7,linux/386,linux/arm64 -o out
|
||||||
|
|
||||||
|
ifeq (, $(shell which docker))
|
||||||
|
DOCKER_CLIENT_OS := linux
|
||||||
|
else
|
||||||
|
DOCKER_CLIENT_OS := $(strip $(shell docker version -f '{{.Client.Os}}'))
|
||||||
|
endif
|
||||||
|
|
||||||
|
DOCKER_PLATFORMS = linux/amd64,linux/386,linux/arm,linux/arm64
|
||||||
|
DOCKER_IMAGE_NAME = smallstep/step-ca
|
||||||
|
|
||||||
docker-prepare:
|
docker-prepare:
|
||||||
# Ensure, we can build for ARM architecture
|
# Ensure, we can build for ARM architecture
|
||||||
|
ifeq (linux,$(DOCKER_CLIENT_OS))
|
||||||
[ -f /proc/sys/fs/binfmt_misc/qemu-arm ] || docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64
|
[ -f /proc/sys/fs/binfmt_misc/qemu-arm ] || docker run --rm --privileged docker/binfmt:a7996909642ee92942dcd6cff44b9b95f08dad64
|
||||||
|
endif
|
||||||
|
|
||||||
# Register buildx builder
|
# Register buildx builder
|
||||||
mkdir -p $$HOME/.docker/cli-plugins
|
mkdir -p $$HOME/.docker/cli-plugins
|
||||||
|
|
||||||
wget -O $$HOME/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/v0.3.1/buildx-v0.3.1.linux-amd64
|
docker buildx >/dev/null || \
|
||||||
chmod +x $$HOME/.docker/cli-plugins/docker-buildx
|
wget -O $$HOME/.docker/cli-plugins/docker-buildx https://github.com/docker/buildx/releases/download/v0.4.1/buildx-v0.4.1.$(DOCKER_CLIENT_OS)-amd64 && \
|
||||||
|
chmod +x $$HOME/.docker/cli-plugins/docker-buildx
|
||||||
|
|
||||||
$$HOME/.docker/cli-plugins/docker-buildx create --name mybuilder --platform amd64 --platform arm || true
|
docker buildx create --use --name mybuilder --platform="$(DOCKER_PLATFORMS)" || true
|
||||||
$$HOME/.docker/cli-plugins/docker-buildx use mybuilder
|
|
||||||
|
|
||||||
.PHONY: docker-prepare
|
.PHONY: docker-prepare
|
||||||
|
|
||||||
|
@ -39,13 +53,11 @@ docker-login:
|
||||||
# Targets for different type of builds
|
# Targets for different type of builds
|
||||||
#################################################
|
#################################################
|
||||||
|
|
||||||
DOCKER_IMAGE_NAME = smallstep/step-ca
|
|
||||||
PLATFORMS = --platform amd64 --platform 386 --platform arm --platform arm64
|
|
||||||
|
|
||||||
define DOCKER_BUILDX
|
define DOCKER_BUILDX
|
||||||
# $(1) -- Image Tag
|
# $(1) -- Image Tag
|
||||||
# $(2) -- Push (empty is no push | --push will push to dockerhub)
|
# $(2) -- Push (empty is no push | --push will push to dockerhub)
|
||||||
$$HOME/.docker/cli-plugins/docker-buildx build . --progress plain -t $(DOCKER_IMAGE_NAME):$(1) -f docker/Dockerfile.step-ca $(PLATFORMS) $(2)
|
docker buildx build . --progress plain -t $(DOCKER_IMAGE_NAME):$(1) -f docker/Dockerfile.step-ca --platform="$(DOCKER_PLATFORMS)" $(2)
|
||||||
|
DOCKER_IMAGE_NAME = smallstep/step-cli
|
||||||
endef
|
endef
|
||||||
|
|
||||||
# For non-master builds don't build the docker containers.
|
# For non-master builds don't build the docker containers.
|
||||||
|
|
Loading…
Reference in a new issue