build(docker): add docker best practices

Signed-off-by: Maik Ellerbrock <opensource@frapsoft.com>
2025-01-19 00:32:34 +01:00 · 2017-01-19 20:46:33 +01:00 · 2017-01-19 20:46:33 +01:00 · d468e23f48
commit d468e23f48
parent 7878276f04
1 changed files with 11 additions and 25 deletions
--- a/distros/Dockerfile.alpine
+++ b/distros/Dockerfile.alpine
@ -4,29 +4,15 @@ LABEL org.label-schema.name="docker-bench-security" \
      org.label-schema.url="https://dockerbench.com" \
      org.label-schema.vcs-url="https://github.com/docker/docker-bench-security.git"

-ENV VERSION 1.12.6
-ENV SHA256 cadc6025c841e034506703a06cf54204e51d0cadfae4bae62628ac648d82efdd
+RUN \
+  apk add --no-cache \
+    docker \
+    dumb-init \
+    git && \
+  git clone https://github.com/docker/docker-bench-security.git /tmp/bench-security && \
+  cp /tmp/bench-security/*.sh /usr/local/bin && \
+  cp -R /tmp/bench-security/tests /usr/local/bin && \
+  apk del git && \
+  rm -rf /tmp/*

-WORKDIR /usr/bin
-
-RUN apk update && \
-    apk upgrade && \
-    apk --update add coreutils wget ca-certificates && \
-    wget https://get.docker.com/builds/Linux/x86_64/docker-$VERSION.tgz && \
-    wget https://get.docker.com/builds/Linux/x86_64/docker-$VERSION.tgz.sha256 && \
-    sha256sum -c docker-$VERSION.tgz.sha256 && \
-    echo "$SHA256 docker-$VERSION.tgz" | sha256sum -c - && \
-    tar -xzvf docker-$VERSION.tgz -C /tmp && \
-    mv /tmp/docker/docker . && \
-    chmod u+x docker* && \
-    rm -rf /tmp/docker* && \
-    apk del wget ca-certificates && \
-    rm -rf /var/cache/apk/* docker-$VERSION.tgz docker-$VERSION.tgz.sha256
-
-RUN mkdir /docker-bench-security
-
-COPY . /docker-bench-security
-
-WORKDIR /docker-bench-security
-
-ENTRYPOINT ["/bin/sh", "docker-bench-security.sh"]
+ENTRYPOINT [ "/usr/bin/dumb-init", "docker-bench-security.sh" ]