From 20b6271ca1cbc95ee3625ce53d6eb79693353cff Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Sun, 1 Sep 2024 21:04:45 -0700
Subject: [PATCH] feat: package osv-scanner

---
 packages/osv-scanner/Containerfile | 43 ++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 packages/osv-scanner/Containerfile

diff --git a/packages/osv-scanner/Containerfile b/packages/osv-scanner/Containerfile
new file mode 100644
index 0000000..9cf5418
--- /dev/null
+++ b/packages/osv-scanner/Containerfile
@@ -0,0 +1,43 @@
+FROM scratch AS base
+ENV VERSION=1.6.1
+ENV SRC_FILE=osv-scanner-${VERSION}.tar.gz
+ENV SRC_SITE=https://github.com/google/osv-scanner/archive/v${VERSION}/${SRC_FILE}
+ENV SRC_HASH=ecaefa45c63057a8ebae9fcf9a0b760435c640157516cebfd44237664923ee13
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/musl . /
+COPY --from=stagex/bash . /
+COPY --from=stagex/busybox . /
+COPY --from=stagex/go . /
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/pkgconf . /
+RUN tar -xf ${SRC_FILE}
+ENV GOPROXY=https://proxy.golang.org,direct
+ENV GOSUMDB=sum.golang.org
+ENV GOPATH=/cache/go
+ENV GOBIN=${GOPATH}/bin
+ENV PATH=${GOBIN}:${PATH}
+WORKDIR /buildkit-${VERSION}
+RUN <<-EOF
+    set -eux
+    mkdir -p out
+    go build -v \
+        --ldflags="-w -s -buildid= " \
+        -o out/ \
+        ./cmd/...
+EOF
+
+FROM build AS install
+RUN <<-EOF
+    set -eux
+    mkdir -p /rootfs
+    install -Dm755 ./out/osv-scanner -t /rootfs/usr/bin/
+EOF
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /