FROM scratch AS base
ENV VERSION=1.9.0
ENV SRC_FILE=osv-scanner-${VERSION}.tar.gz
ENV SRC_SITE=https://github.com/google/osv-scanner/archive/v${VERSION}/${SRC_FILE}
ENV SRC_HASH=85ce158b6dce22cddc19b652bdc5150145b57119e3acfa8e3ae5ba1cfa449a3f

FROM base AS fetch
ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .

FROM fetch AS build
COPY --from=stagex/musl . /
COPY --from=stagex/bash . /
COPY --from=stagex/busybox . /
COPY --from=stagex/go . /
COPY --from=stagex/make . /
COPY --from=stagex/gcc . /
COPY --from=stagex/binutils . /
COPY --from=stagex/pkgconf . /
COPY --from=stagex/ca-certificates . /
RUN tar -xf ${SRC_FILE}
ENV GOPROXY=https://proxy.golang.org,direct
ENV GOSUMDB=sum.golang.org
ENV GOPATH=/cache/go
ENV GOBIN=${GOPATH}/bin
ENV PATH=${GOBIN}:${PATH}
WORKDIR /osv-scanner-${VERSION}
RUN <<-EOF
    set -eux
    mkdir -p out
    go build -v \
        --ldflags="-w -s -buildid= " \
        -o out/ \
        ./cmd/...
EOF

FROM build AS install
RUN <<-EOF
    set -eux
    mkdir -p /rootfs
    install -Dm755 ./out/osv-scanner -t /rootfs/usr/bin/
EOF

FROM stagex/filesystem AS package
COPY --from=install /rootfs/. /