diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d548f66 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.jq-template.awk diff --git a/Dockerfile-builder.template b/Dockerfile-builder.template new file mode 100644 index 0000000..1d32ade --- /dev/null +++ b/Dockerfile-builder.template @@ -0,0 +1,23 @@ +FROM golang:1.19-alpine{{ .alpine }} + +RUN apk add --no-cache git make + +ENV NOTARYPKG github.com/theupdateframework/notary +ENV TAG v{{ .version }} + +ENV GOFLAGS -mod=vendor + +WORKDIR /go/src/$NOTARYPKG +RUN set -eux; \ + git clone -b "$TAG" --depth 1 "https://$NOTARYPKG.git" .; \ +# https://github.com/notaryproject/notary/pull/1635 + git fetch --depth 2 origin efc35b02698644af16f6049c7b585697352451b8; \ + git -c user.name=foo -c user.email=foo@example.com cherry-pick -x efc35b02698644af16f6049c7b585697352451b8; \ +# https://github.com/notaryproject/notary/issues/1602 (rough cherry-pick of ca095023296d2d710ad9c6dec019397d46bf8576) + go get github.com/dvsekhvalnov/jose2go@v0.0.0-20200901110807-248326c1351b; \ + go mod vendor; \ +# TODO remove for the next release of Notary (which should include efc35b02698644af16f6049c7b585697352451b8 & ca095023296d2d710ad9c6dec019397d46bf8576) + make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \ + cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \ + /notary-server --version; \ + /notary-signer --version diff --git a/Dockerfile.template b/Dockerfile.template new file mode 100644 index 0000000..6cee8c0 --- /dev/null +++ b/Dockerfile.template @@ -0,0 +1,24 @@ +FROM alpine:{{ .alpine }} + +RUN adduser -D -H -g "" notary +{{ if env.variant == "server" then ( -}} +EXPOSE 4443 +{{ ) else ( -}} +EXPOSE 4444 +EXPOSE 7899 +{{ ) end -}} + +ENV INSTALLDIR /notary/{{ env.variant }} +ENV PATH=$PATH:${INSTALLDIR} +WORKDIR ${INSTALLDIR} + +COPY --from=notary:{{ .version }}-builder /notary-{{ env.variant }} ./ +RUN ./notary-{{ env.variant }} --version + +COPY ./{{ env.variant }}-config.json . +COPY ./entrypoint.sh . + +USER notary + +ENTRYPOINT [ "entrypoint.sh" ] +CMD [ "notary-{{ env.variant }}", "--version" ] diff --git a/apply-templates.sh b/apply-templates.sh new file mode 100755 index 0000000..7d5a307 --- /dev/null +++ b/apply-templates.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +[ -f versions.json ] # run "versions.sh" first + +cd "$(dirname "$(readlink -f "$BASH_SOURCE")")" + +jqt='.jq-template.awk' +if [ -n "${BASHBREW_SCRIPTS:-}" ]; then + jqt="$BASHBREW_SCRIPTS/jq-template.awk" +elif [ "$BASH_SOURCE" -nt "$jqt" ]; then + # https://github.com/docker-library/bashbrew/blob/master/scripts/jq-template.awk + wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' +fi + +generated_warning() { + cat <<-EOH + # + # NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" + # + # PLEASE DO NOT EDIT IT DIRECTLY. + # + + EOH +} + +export version=latest + +for variant in builder signer server; do + export variant + + dockerfile= + dest="notary-$variant/Dockerfile" + + rm "$dest" + + case "$variant" in + builder) + dockerfile="Dockerfile-$variant.template" + ;; + *) + dockerfile="Dockerfile.template" + esac + + { + generated_warning + gawk -f "$jqt" "$dockerfile" + } > "$dest" +done diff --git a/notary-builder/Dockerfile b/notary-builder/Dockerfile index aa202c3..369c578 100644 --- a/notary-builder/Dockerfile +++ b/notary-builder/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM golang:1.19-alpine3.16 RUN apk add --no-cache git make @@ -20,4 +26,4 @@ RUN set -eux; \ make SKIPENVCHECK=1 PREFIX=. ./bin/static/notary-server ./bin/static/notary-signer; \ cp -vL ./bin/static/notary-server ./bin/static/notary-signer /; \ /notary-server --version; \ - /notary-signer --version \ No newline at end of file + /notary-signer --version diff --git a/notary-server/Dockerfile b/notary-server/Dockerfile index 5c43640..fe75eb5 100644 --- a/notary-server/Dockerfile +++ b/notary-server/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.16 RUN adduser -D -H -g "" notary diff --git a/notary-signer/Dockerfile b/notary-signer/Dockerfile index a652028..9c236ca 100644 --- a/notary-signer/Dockerfile +++ b/notary-signer/Dockerfile @@ -1,3 +1,9 @@ +# +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" +# +# PLEASE DO NOT EDIT IT DIRECTLY. +# + FROM alpine:3.16 RUN adduser -D -H -g "" notary diff --git a/versions.json b/versions.json new file mode 100644 index 0000000..032d98b --- /dev/null +++ b/versions.json @@ -0,0 +1,6 @@ +{ + "latest": { + "version": "0.7.0", + "alpine": "3.16" + } +} \ No newline at end of file