Merge remote-tracking branch 'origin/lance/osv-scanner' into staging

2024-09-06 23:24:35 -04:00 · 2024-09-06 23:24:35 -04:00 · da83dec070
commit da83dec070
parent 460bebf162 9cb4bc1c44
1 changed files with 44 additions and 0 deletions
--- a/packages/osv-scanner/Containerfile
+++ b/packages/osv-scanner/Containerfile
@ -0,0 +1,44 @@
+FROM scratch AS base
+ENV VERSION=1.6.1
+ENV SRC_FILE=osv-scanner-${VERSION}.tar.gz
+ENV SRC_SITE=https://github.com/google/osv-scanner/archive/v${VERSION}/${SRC_FILE}
+ENV SRC_HASH=ecaefa45c63057a8ebae9fcf9a0b760435c640157516cebfd44237664923ee13
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/musl . /
+COPY --from=stagex/bash . /
+COPY --from=stagex/busybox . /
+COPY --from=stagex/go . /
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/pkgconf . /
+COPY --from=stagex/ca-certificates . /
+RUN tar -xf ${SRC_FILE}
+ENV GOPROXY=https://proxy.golang.org,direct
+ENV GOSUMDB=sum.golang.org
+ENV GOPATH=/cache/go
+ENV GOBIN=${GOPATH}/bin
+ENV PATH=${GOBIN}:${PATH}
+WORKDIR /osv-scanner-${VERSION}
+RUN <<-EOF
+    set -eux
+    mkdir -p out
+    go build -v \
+        --ldflags="-w -s -buildid= " \
+        -o out/ \
+        ./cmd/...
+EOF
+
+FROM build AS install
+RUN <<-EOF
+    set -eux
+    mkdir -p /rootfs
+    install -Dm755 ./out/osv-scanner -t /rootfs/usr/bin/
+EOF
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /