use alpine, reduce layers (#249)

Signed-off-by: Daniel Thamdrup <dallemon@protonmail.com>
2024-03-13 02:02:26 +01:00 · 2024-03-13 02:02:26 +01:00 · 6f39407a8c
parent cb0f6b63d7
commit 6f39407a8c
1 changed files with 12 additions and 9 deletions
--- a/21
+++ b/21
@ -1,16 +1,19 @@
-FROM python:3-slim
+# syntax=docker/dockerfile:latest
+FROM scratch AS files

-WORKDIR /
+# Copy ssh-audit code to temporary container
+COPY ssh-audit.py /
+COPY src/ /
+
+FROM python:3-alpine AS runtime

 # Update the image to remediate any vulnerabilities.
-RUN apt update && apt -y upgrade && apt -y dist-upgrade && rm -rf /var/lib/apt/lists/*
+RUN apk upgrade -U --no-cache -a -l && \ 
+    # Remove suid & sgid bits from all files.
+    find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true

-# Remove suid & sgid bits from all files.
-RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
-
-# Copy the ssh-audit code.
-COPY ssh-audit.py .
-COPY src/ .
+# Copy the ssh-audit code from files container.
+COPY --from=files / /

 # Allow listening on 2222/tcp for client auditing.
 EXPOSE 2222