Add templating

.gitignore

@@ -0,0 +1 @@
+.jq-template.awk

Dockerfile-builder.template

@@ -0,0 +1,23 @@
+FROM golang:1.19-alpine{{ .alpine }}
+
+RUN apk add --no-cache git make
+
+ENV NOTARYPKG github.com/theupdateframework/notary
+ENV TAG v{{ .version }}
+
+ENV GOFLAGS -mod=vendor
+
+WORKDIR /go/src/$NOTARYPKG
+RUN set -eux; \
+	git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \
+# https://github.com/notaryproject/notary/pull/1635
+	git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \
+	git -c user.name=foo -c user.email=foo@example.com cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \
+# https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576)
+	go get github.com/dvsekhvalnov/jose2go@v0.0.0-20200901110807-248326c1351b; \
+	go mod vendor; \
+# TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576)
+	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
+	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
+	/notary-server --version; \
+	/notary-signer --version

Dockerfile.template

@@ -0,0 +1,24 @@
+FROM alpine:{{ .alpine }}
+
+RUN adduser -D -H -g "" notary
+{{ if env.variant == "server" then ( -}}
+EXPOSE 4443
+{{ ) else ( -}}
+EXPOSE 4444
+EXPOSE 7899
+{{ ) end -}}
+
+ENV INSTALLDIR /notary/{{ env.variant }}
+ENV PATH=$PATH:${INSTALLDIR}
+WORKDIR ${INSTALLDIR}
+
+COPY --from=notary:{{ .version }}-builder /notary-{{ env.variant }} ./
+RUN ./notary-{{ env.variant }} --version
+
+COPY ./{{ env.variant }}-config.json .
+COPY ./entrypoint.sh .
+
+USER notary
+
+ENTRYPOINT [ "entrypoint.sh" ]
+CMD [ "notary-{{ env.variant }}", "--version" ]

apply-templates.sh

@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+[ -f versions.json ] # run "versions.sh" first
+
+cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
+
+jqt='.jq-template.awk'
+if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
+	jqt="$BASHBREW_SCRIPTS/jq-template.awk"
+elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
+	# https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk
+	wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk'
+fi
+
+generated_warning() {
+	cat <<-EOH
+		#
+		# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+		#
+		# PLEASE DO NOT EDIT IT DIRECTLY.
+		#
+
+	EOH
+}
+
+export version=latest
+
+for variant in builder signer server; do
+	export variant
+
+	dockerfile=
+	dest="notary-$variant/Dockerfile"
+
+	rm "$dest"
+
+	case "$variant" in
+		builder)
+			dockerfile="Dockerfile-$variant.template"
+			;;
+		*)
+			dockerfile="Dockerfile.template"
+	esac
+
+	{
+		generated_warning
+		gawk -f "$jqt" "$dockerfile"
+	} > "$dest"
+done

notary-builder/Dockerfile

@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM golang:1.19-alpine3.16
 
 RUN apk add --no-cache git make
@@ -20,4 +26,4 @@ RUN set -eux; \
 	make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \
 	cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \
 	/notary-server --version; \
-	/notary-signer --version
+	/notary-signer --version

notary-server/Dockerfile

@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM alpine:3.16
 
 RUN adduser -D -H -g "" notary

notary-signer/Dockerfile

@@ -1,3 +1,9 @@
+#
+# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh"
+#
+# PLEASE DO NOT EDIT IT DIRECTLY.
+#
+
 FROM alpine:3.16
 
 RUN adduser -D -H -g "" notary

versions.json

@@ -0,0 +1,6 @@
+{
+    "latest": {
+        "version": "0.7.0",
+        "alpine": "3.16"
+    }
+}