conex/wireproxy/Dockerfile at main · backplane/conex · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
FROM golang:1 AS builder

ARG AG="apt-get -yq --no-install-recommends"
ARG DEBIAN_FRONTEND=noninteractive
RUN set -eux; \
  $AG update; \
  $AG upgrade; \
  $AG install \
    patch \
  ; \
  $AG autoremove; \
  $AG clean; \
  rm -rf /var/lib/apt/lists/*;


WORKDIR /build

# Shallow-clone the repo to fetch tags only
ARG REPO_URL=https://github.com/whyvl/wireproxy.git
RUN set -eux; \
  git init; \
  git remote add origin $REPO_URL; \
  git fetch --depth=1 origin "+refs/tags/*:refs/tags/*";

# Checkout the newest semantic version tag
RUN set -eux; \
  TAG=$(git tag --sort=-v:refname | grep -P '^v?\d+\.\d+\.\d+$' | head -n 1); \
  [ -n "$TAG" ] || { echo "NO MATCHING TAGS" >&2; exit 1; }; \
  echo "SELECTED TAG: ${TAG}"; \
  git fetch --depth=1 origin "$TAG"; \
  git checkout "$TAG";

# COPY patches /build/patches
RUN set -eux; \
  #for patch in /build/patches/*.patch; do patch -i "$patch"; done; \
  go mod edit \
    -replace github.com/go-ini/ini=gopkg.in/ini.v1@latest \
    -replace gvisor.dev/gvisor=gvisor.dev/gvisor@go \
    -replace github.com/things-go/go-socks5=github.com/backplane/go-socks5@latest \
  ; \
  go mod tidy; \
  go get -u; \
  make

RUN set -eux; \
  mkdir -p etc_files; \
  cd etc_files; \
  printf '%s\n' \
    'root:x:0:0::/:/bin/sh' \
    'nonroot:x:65532:65532::/tmp:/wireproxy' \
    >passwd; \
  printf '%s\n' \
    "root:x:0:" \
    "nonroot:x:65532:" \
    >group;

FROM scratch
LABEL org.opencontainers.image.licenses="ISC"

COPY --from=builder /etc/ssl /etc/ssl/
COPY --from=builder /build/wireproxy /wireproxy
COPY --from=builder /build/etc_files/* /etc/
USER nonroot:nonroot

VOLUME [ "/etc/wireproxy"]

ENTRYPOINT [ "/wireproxy" ]
CMD [ "--config", "/etc/wireproxy/config" ]