From be2a7b6b6ee85b35035b8bc799ecef6f0c86b7d5 Mon Sep 17 00:00:00 2001 From: Maik Ellerbrock Date: Mon, 11 Dec 2017 00:56:49 +0100 Subject: [PATCH 1/4] feat(dockerfile): update alpine and cleanup the dockerfile Signed-off-by: Maik Ellerbrock --- Dockerfile | 26 +++++++++++--------------- distros/Dockerfile.alpine | 25 ++++++++++++------------- 2 files changed, 23 insertions(+), 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 70ef4d9..1e398c7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,27 +1,23 @@ -FROM alpine:3.6 +FROM alpine:3.7 -LABEL org.label-schema.name="docker-bench-security" \ - org.label-schema.url="https://dockerbench.com" \ - org.label-schema.vcs-url="https://github.com/docker/docker-bench-security.git" +LABEL \ + org.label-schema.name="docker-bench-security" \ + org.label-schema.url="https://dockerbench.com" \ + org.label-schema.vcs-url="https://github.com/docker/docker-bench-security.git" -# Switch to the HTTPS endpoint for the apk repositories as per https://github.com/gliderlabs/docker-alpine/issues/184 -RUN sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories +COPY ./*.sh /usr/local/bin/ +COPY ./tests/*.sh /usr/local/bin/tests/ +# Switch to the HTTPS endpoint for the apk repositories +# https://github.com/gliderlabs/docker-alpine/issues/184 RUN \ - apk upgrade --no-cache && \ + sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories && \ apk add --no-cache \ docker \ dumb-init && \ - rm -rf /usr/bin/docker-* /usr/bin/dockerd && \ - mkdir /usr/local/bin/tests - -COPY ./*.sh /usr/local/bin/ - -COPY ./tests/*.sh /usr/local/bin/tests/ + rm -rf /usr/bin/docker?* WORKDIR /usr/local/bin -HEALTHCHECK CMD exit 0 - ENTRYPOINT [ "/usr/bin/dumb-init", "docker-bench-security.sh" ] diff --git a/distros/Dockerfile.alpine b/distros/Dockerfile.alpine index 8a0f810..1e398c7 100644 --- a/distros/Dockerfile.alpine +++ b/distros/Dockerfile.alpine @@ -1,24 +1,23 @@ -FROM alpine:3.6 +FROM alpine:3.7 -LABEL org.label-schema.name="docker-bench-security" \ - org.label-schema.url="https://dockerbench.com" \ - org.label-schema.vcs-url="https://github.com/docker/docker-bench-security.git" +LABEL \ + org.label-schema.name="docker-bench-security" \ + org.label-schema.url="https://dockerbench.com" \ + org.label-schema.vcs-url="https://github.com/docker/docker-bench-security.git" +COPY ./*.sh /usr/local/bin/ +COPY ./tests/*.sh /usr/local/bin/tests/ + +# Switch to the HTTPS endpoint for the apk repositories +# https://github.com/gliderlabs/docker-alpine/issues/184 RUN \ - apk upgrade --no-cache && \ + sed -i 's/http\:\/\/dl-cdn.alpinelinux.org/https\:\/\/alpine.global.ssl.fastly.net/g' /etc/apk/repositories && \ apk add --no-cache \ docker \ dumb-init && \ - rm -rf /usr/bin/docker-* /usr/bin/dockerd && \ - mkdir /usr/local/bin/tests - -COPY ./*.sh /usr/local/bin/ - -COPY ./tests/*.sh /usr/local/bin/tests/ + rm -rf /usr/bin/docker?* WORKDIR /usr/local/bin -HEALTHCHECK CMD exit 0 - ENTRYPOINT [ "/usr/bin/dumb-init", "docker-bench-security.sh" ] From bbe32c5bec087f5393529b5f9966792a51867cda Mon Sep 17 00:00:00 2001 From: Maik Ellerbrock Date: Mon, 11 Dec 2017 22:14:47 +0100 Subject: [PATCH 2/4] perf(dockerfile): move copy at the end to improve cache invalidation --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1e398c7..96ca66c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,9 +5,6 @@ LABEL \ org.label-schema.url="https://dockerbench.com" \ org.label-schema.vcs-url="https://github.com/docker/docker-bench-security.git" -COPY ./*.sh /usr/local/bin/ -COPY ./tests/*.sh /usr/local/bin/tests/ - # Switch to the HTTPS endpoint for the apk repositories # https://github.com/gliderlabs/docker-alpine/issues/184 RUN \ @@ -17,6 +14,9 @@ RUN \ dumb-init && \ rm -rf /usr/bin/docker?* +COPY ./*.sh /usr/local/bin/ +COPY ./tests/*.sh /usr/local/bin/tests/ + WORKDIR /usr/local/bin ENTRYPOINT [ "/usr/bin/dumb-init", "docker-bench-security.sh" ] From dcfcccd5f786089fa52878d7c58f808befc60cae Mon Sep 17 00:00:00 2001 From: Maik Ellerbrock Date: Thu, 14 Dec 2017 00:22:54 +0100 Subject: [PATCH 3/4] refactor(healthcheck): reactivate healthcheck --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 96ca66c..b8a6f18 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,8 @@ RUN \ COPY ./*.sh /usr/local/bin/ COPY ./tests/*.sh /usr/local/bin/tests/ +HEALTHCHECK CMD exit 0 + WORKDIR /usr/local/bin ENTRYPOINT [ "/usr/bin/dumb-init", "docker-bench-security.sh" ] From 2521d596d1ad04ca505b112e398ab87a6aec2c17 Mon Sep 17 00:00:00 2001 From: Maik Ellerbrock Date: Thu, 14 Dec 2017 02:46:48 +0100 Subject: [PATCH 4/4] fix(dockerfile): copy dockerfile to distro --- distros/Dockerfile.alpine | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/distros/Dockerfile.alpine b/distros/Dockerfile.alpine index 1e398c7..b8a6f18 100644 --- a/distros/Dockerfile.alpine +++ b/distros/Dockerfile.alpine @@ -5,9 +5,6 @@ LABEL \ org.label-schema.url="https://dockerbench.com" \ org.label-schema.vcs-url="https://github.com/docker/docker-bench-security.git" -COPY ./*.sh /usr/local/bin/ -COPY ./tests/*.sh /usr/local/bin/tests/ - # Switch to the HTTPS endpoint for the apk repositories # https://github.com/gliderlabs/docker-alpine/issues/184 RUN \ @@ -17,6 +14,11 @@ RUN \ dumb-init && \ rm -rf /usr/bin/docker?* +COPY ./*.sh /usr/local/bin/ +COPY ./tests/*.sh /usr/local/bin/tests/ + +HEALTHCHECK CMD exit 0 + WORKDIR /usr/local/bin ENTRYPOINT [ "/usr/bin/dumb-init", "docker-bench-security.sh" ]