Dockerfile.bins

ARG BUILDKIT_SBOM_SCAN_CONTEXT=true
FROM goreleaser/nfpm@sha256:ae35b40d48105782d4c29fc392ec5bb81439cc13a40bbd4eeea111e4842f3ca9 AS nfpm

FROM --platform=$BUILDPLATFORM tonistiigi/xx@sha256:0c6a569797744e45955f39d4f7538ac344bfb7ebf0a54006a0a4297b153ccf0f AS xx
ARG TARGETPLATFORM

FROM --platform=$BUILDPLATFORM rust:alpine@sha256:9ab8f4eab808b1383c7e60a15fbf291e949fec85c3f98c34fb145b16c4ced0a1 AS builder
ARG BUILDKIT_SBOM_SCAN_STAGE=true
RUN apk add clang lld openssl-dev curl bash
# copy xx scripts to your build stage
COPY --from=xx / /
ARG TARGETPLATFORM
ARG VER
ENV VER=$VER

COPY --from=nfpm "/usr/bin/nfpm" "/usr/bin/nfpm"
RUN xx-apk add --no-cache musl-dev zlib-dev zlib-static openssl-dev openssl-libs-static pkgconfig alpine-sdk

WORKDIR /app
RUN cargo new --lib readable-name-generator
WORKDIR /app/readable-name-generator
COPY Cargo.* ./
RUN xx-cargo build --release --target-dir ./build
COPY . ./
RUN xx-cargo build --release --target-dir ./build && \
    xx-verify --static "./build/$(xx-cargo --print-target-triple)/release/readable-name-generator" && \
    cp -v  "./build/$(xx-cargo --print-target-triple)/release/readable-name-generator" "./readable-name-generator"

COPY nfpm.yaml nfpm.yaml
RUN --mount=type=secret,id=GPG_PASSPHRASE,env=NFPM_PASSPHRASE,required=false \
    --mount=type=secret,id=GPG_PRIVATE_KEY,target=/signing-key.asc,required=false \
    mkdir /PACKS && \
    ( \
        test -s /signing-key.asc && \
        test -f /signing-key.asc && \
        GOARCH="$(xx-info arch)" NFPM_SIGNING_KEY_FILE=/signing-key.asc nfpm pkg --packager ipk --config="nfpm.yaml" --target="/PACKS" && \
        GOARCH="$(xx-info arch)" NFPM_SIGNING_KEY_FILE=/signing-key.asc nfpm pkg --packager archlinux --config="nfpm.yaml" --target="/PACKS" && \
        GOARCH="$(xx-info arch)" NFPM_SIGNING_KEY_FILE=/signing-key.asc nfpm pkg --packager rpm --config="nfpm.yaml" --target="/PACKS" && \
        GOARCH="$(xx-info arch)" NFPM_SIGNING_KEY_FILE=/signing-key.asc nfpm pkg --packager apk --config="nfpm.yaml" --target="/PACKS" && \
        GOARCH="$(xx-info arch)" NFPM_SIGNING_KEY_FILE=/signing-key.asc nfpm pkg --packager deb --config="nfpm.yaml" --target="/PACKS" \
    ) || \
    ( \
        GOARCH="$(xx-info arch)" nfpm pkg --packager ipk --config="nfpm.yaml" --target="/PACKS" && \
        GOARCH="$(xx-info arch)" nfpm pkg --packager archlinux --config="nfpm.yaml" --target="/PACKS" && \
        GOARCH="$(xx-info arch)" nfpm pkg --packager rpm --config="nfpm.yaml" --target="/PACKS" && \
        GOARCH="$(xx-info arch)" nfpm pkg --packager apk --config="nfpm.yaml" --target="/PACKS" && \
        GOARCH="$(xx-info arch)" nfpm pkg --packager deb --config="nfpm.yaml" --target="/PACKS" \
    )
FROM scratch
USER nonroot
COPY --from=builder /PACKS .
COPY --from=builder /app/readable-name-generator/readable-name-generator .