From 5b899958ec6da85c28e82800ac7738a2074399aa Mon Sep 17 00:00:00 2001 From: Brennan Kinney <5098581+polarathene@users.noreply.github.com> Date: Mon, 19 May 2025 11:47:15 +1200 Subject: [PATCH] chore: `Dockerfile` - Adopt HereDoc syntax --- Dockerfile | 61 ++++++++++++++++++++++++++++------------------- Dockerfile.alpine | 22 +++++++++++++---- 2 files changed, 53 insertions(+), 30 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0585133..4ffc921 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,42 +6,53 @@ ARG INSTALL_ROOT=/rootfs FROM opensuse/leap:${LEAP_VERSION} AS builder ARG CACHE_ZYPPER=/tmp/cache/zypper ARG INSTALL_ROOT -RUN \ - # /etc/os-release provides ${VERSION_ID} for usage in ZYPPER_OPTIONS: - source /etc/os-release \ - # We don't need the openh264.repo and the non-oss repos, just costs build time (repo caches). - && zypper removerepo repo-openh264 repo-non-oss repo-update-non-oss \ - && export ZYPPER_OPTIONS=( --releasever "${VERSION_ID}" --installroot "${INSTALL_ROOT}" --cache-dir "${CACHE_ZYPPER}" ) \ - && zypper "${ZYPPER_OPTIONS[@]}" --gpg-auto-import-keys refresh \ - && zypper "${ZYPPER_OPTIONS[@]}" --non-interactive install --download-in-advance --no-recommends \ - bash procps grep gawk sed coreutils busybox ldns libidn2-0 socat openssl curl \ - && zypper "${ZYPPER_OPTIONS[@]}" clean --all \ - ## Cleanup (reclaim approx 13 MiB): +RUN <> /etc/passwd \ - && echo 'testssl:x:1000:' >> /etc/group \ - && echo 'testssl:!::0:::::' >> /etc/shadow \ - && install --mode 2755 --owner testssl --group testssl --directory /home/testssl \ - # The home directory will install a copy of `testssl.sh`, symlink the script to be used as a command: - && ln -s /home/testssl/testssl.sh /usr/local/bin/testssl.sh + echo 'testssl:x:1000:1000::/home/testssl:/bin/bash' >> /etc/passwd + echo 'testssl:x:1000:' >> /etc/group + echo 'testssl:!::0:::::' >> /etc/shadow + install --mode 2755 --owner testssl --group testssl --directory /home/testssl + + # A copy of `testssl.sh` will be added to the home directory, + # symlink to that file so it can be treated as a command: + ln -s /home/testssl/testssl.sh /usr/local/bin/testssl.sh +HEREDOC # Runtime config: USER testssl @@ -49,7 +60,7 @@ ENTRYPOINT ["testssl.sh"] CMD ["--help"] # Final image stage (add `testssl.sh` project files) -# Choose either one as the final stage (defaults to last stage, `dist-local`) +# Choose either one as the final stage (defaults to the last stage, `dist-local`) # 62MB Image (Remote repo clone, cannot filter content through `.dockerignore`): FROM base-leap AS dist-git diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 82905f8..adb5fb5 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,8 +1,20 @@ +# syntax=docker.io/docker/dockerfile:1 + FROM alpine:3.21 AS base-alpine -RUN apk add --no-cache bash procps drill coreutils libidn curl socat openssl xxd \ - && addgroup testssl \ - && adduser -G testssl -g "testssl user" -s /bin/bash -D testssl \ - && ln -s /home/testssl/testssl.sh /usr/local/bin/testssl.sh +RUN <> /etc/passwd + echo 'testssl:x:1000:' >> /etc/group + echo 'testssl:!::0:::::' >> /etc/shadow + install --mode 2755 --owner testssl --group testssl --directory /home/testssl + + # A copy of `testssl.sh` will be added to the home directory, + # symlink to that file so it can be treated as a command: + ln -s /home/testssl/testssl.sh /usr/local/bin/testssl.sh +HEREDOC # Runtime config: USER testssl @@ -10,7 +22,7 @@ ENTRYPOINT ["testssl.sh"] CMD ["--help"] # Final image stage (add `testssl.sh` project files) -# Choose either one as the final stage (defaults to last stage, `dist-git`) +# Choose either one as the final stage (defaults to the last stage, `dist-local`) # 35MB Image (Remote repo clone, cannot filter content through `.dockerignore`): FROM base-alpine AS dist-git