Merge pull request #1167 from SaschaSchwarze0/sascha-base-image-image…

…-processing Add base image for image processing command
shipwright-io · Dec 22, 2022 · 5f6ef4e · 5f6ef4e
2 parents 6532caf + b81c0f4
commit 5f6ef4e
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/.github/workflows/base-images.yaml b/.github/workflows/base-images.yaml
@@ -14,8 +14,9 @@ jobs:
       matrix:
         image:
           - git
+          - image-processing
           - waiter
-      max-parallel: 2
+      max-parallel: 3
 
     steps:
       - uses: actions/checkout@v3

diff --git a/images/image-processing/Dockerfile b/images/image-processing/Dockerfile
@@ -0,0 +1,23 @@
+# Copyright The Shipwright Contributors
+#
+# SPDX-License-Identifier: Apache-2.0
+
+FROM registry.access.redhat.com/ubi9-minimal:latest AS bin-loader
+
+RUN \
+  microdnf --nodocs -y install gzip jq tar && \
+  TAG_NAME="$(curl -s https://api.github.com/repos/aquasecurity/trivy/releases/latest | jq -r '.tag_name')" && \
+  curl -L -s "https://github.com/aquasecurity/trivy/releases/download/${TAG_NAME}/trivy_${TAG_NAME/v/}_$(uname -s)-$(uname -m | sed -e 's/aarch64/ARM64/' -e 's/ppc64le/PPC64LE/' -e 's/x86_64/64bit/').tar.gz" | tar -xzf - -C /usr/local/bin trivy
+
+FROM registry.access.redhat.com/ubi9-minimal:latest
+
+COPY --from=bin-loader /usr/local/bin/trivy /usr/local/bin/trivy
+
+RUN \
+  microdnf --nodocs -y update && \
+  microdnf clean all && \
+  rm -rf /var/cache/yum && \
+  echo 'nonroot:x:1000:1000:nonroot:/:/sbin/nologin' > /etc/passwd && \
+  echo 'nonroot:x:1000:' > /etc/group
+
+USER 1000:1000