From 07f2c2f7028f8ddc64ca00862dfdd18bd80d2e46 Mon Sep 17 00:00:00 2001 From: Toure Dunnon Date: Wed, 9 Dec 2020 10:12:07 -0500 Subject: [PATCH 1/4] Add the ability to run syft from a scratch image. This change will allow endusers or CI to run syft from a minimum image which will simplify CI deployment. Signed-off-by: Toure Dunnon --- .goreleaser.yaml | 16 ++++++++++++++++ Dockerfile | 20 ++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 Dockerfile diff --git a/.goreleaser.yaml b/.goreleaser.yaml index f1fd98345..1944024b4 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -47,6 +47,22 @@ builds: -X github.com/anchore/syft/internal/version.buildDate={{.Date}} -X github.com/anchore/syft/internal/version.gitTreeState={{.Env.BUILD_GIT_TREE_STATE}} +dockers: + - + # Docker image name and tags + image_templates: + - "anchore/syft:latest" + - "anchore/syft:{{ .Version }}" + - "anchore/syft:{{ .Major }}.{{ .Minor }}" + - "anchore/syft:{{ .Major }}" + + # name of binary to release. + binaries: + - syft + + # path to Dockerfile. + dockerfile: Dockerfile + archives: - format: tar.gz builds: diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..dea78e257 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +FROM alpine:latest AS build + +# add required ca-certificates for https request. +RUN apk --no-cache add ca-certificates + +# create empty directory for scratch image cache. +RUN mkdir -p /tmp-syft + +# reduce container image to scratch size. +FROM scratch + +# Copy directories and files needed to execute syft. +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=build /tmp-syft /tmp + +# copy syft binary to rootfs +COPY syft / + +# default path +ENTRYPOINT ["/syft"] From c626cb1c60135f0d0e7cc83712a1557cd3857f6c Mon Sep 17 00:00:00 2001 From: Toure Dunnon Date: Fri, 11 Dec 2020 14:12:18 -0500 Subject: [PATCH 2/4] added: update to README.md to indicate on how to use the new feature. Signed-off-by: Toure Dunnon --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index efcfbe7eb..1534a3112 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,16 @@ brew tap anchore/syft brew install syft ``` +**Container Image** + +Example of how to use Syft scratch image: + + +```bash +docker pull anchore/syft:latest +docker run -v /var/run/docker.sock:/var/run/docker.sock anchore/syft -o json alpine:latest +``` + ## Configuration Configuration search paths: From 9365625fc3f2e0f8d0b99f01d8e713a9ca47b734 Mon Sep 17 00:00:00 2001 From: Toure Dunnon Date: Tue, 15 Dec 2020 09:27:09 -0500 Subject: [PATCH 3/4] added: corrected request from review. Signed-off-by: Toure Dunnon --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 1534a3112..f5883d36d 100644 --- a/README.md +++ b/README.md @@ -71,12 +71,10 @@ brew install syft **Container Image** -Example of how to use Syft scratch image: - ```bash -docker pull anchore/syft:latest -docker run -v /var/run/docker.sock:/var/run/docker.sock anchore/syft -o json alpine:latest + +docker run -v /var/run/docker.sock:/var/run/docker.sock anchore/syft:latest -o json alpine:latest ``` ## Configuration From a19496b8461fe78a0f571c492a4911eeb8b08965 Mon Sep 17 00:00:00 2001 From: Toure Dunnon Date: Tue, 15 Dec 2020 11:07:14 -0500 Subject: [PATCH 4/4] added: Docker login github action to publish new images Signed-off-by: Toure Dunnon --- .github/workflows/release.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e31af946e..4edccfe1c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -106,6 +106,12 @@ jobs: ${{ runner.os }}-go-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}- ${{ runner.os }}-go-${{ env.GO_VERSION }}- + - name: Login to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.TOOLBOX_DOCKER_USER }} + password: ${{ secrets.TOOLBOX_DOCKER_PASS }} + - name: Import GPG key id: import_gpg uses: crazy-max/ghaction-import-gpg@v2