diff --git a/Dockerfile b/Dockerfile index daf8edb..84f616c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,46 +1,35 @@ -ARG DOCKER_VERSION=28.5.1 - # dind-cleaner -FROM golang:1.25-alpine3.22 AS cleaner - +FROM golang:1.25-alpine3.23 AS cleaner COPY cleaner/dind-cleaner/* /go/src/github.com/codefresh-io/dind-cleaner/ WORKDIR /go/src/github.com/codefresh-io/dind-cleaner/ - RUN go mod tidy - COPY cleaner/dind-cleaner/cmd ./cmd/ +RUN CGO_ENABLED=0 go build -o /usr/local/bin/dind-cleaner ./cmd \ + && chmod +x /usr/local/bin/dind-cleaner \ + && rm -rf /go/* -RUN CGO_ENABLED=0 go build -o /usr/local/bin/dind-cleaner ./cmd && \ - chmod +x /usr/local/bin/dind-cleaner && \ - rm -rf /go/* # bbolt -FROM golang:1.25-alpine3.22 AS bbolt +FROM golang:1.25-alpine3.23 AS bbolt RUN go install go.etcd.io/bbolt/cmd/bbolt@latest -# node-exporter -FROM quay.io/prometheus/node-exporter:v1.9.1 AS node-exporter # Main -FROM docker:${DOCKER_VERSION}-dind - -RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.22/main' >> /etc/apk/repositories \ - && apk upgrade \ - # Add fuse-overlayfs for comaptibility with rootless. Volumes created with rootless might use fuse-overlay formatted volumes. If those volumes are later used by dind that runs with root it'll require fuse-overlay to be able to read the volume - && apk add bash fuse-overlayfs jq --no-cache \ - # Needed only for `update-alternatives` below - && apk add dpkg --no-cache \ - # A security fix till it's fixed in base dind image (CR-31906) - && apk add git --no-cache --upgrade \ - && rm -rf /var/cache/apk/* - +FROM docker:29.1.2-dind AS prod +RUN echo 'http://dl-cdn.alpinelinux.org/alpine/v3.23/main' >> /etc/apk/repositories \ + && apk upgrade && apk add --no-cache \ + bash \ + # Add fuse-overlayfs for compatibility with rootless. Volumes created with rootless might use fuse-overlay formatted volumes. If those volumes are later used by dind that runs with root it'll require fuse-overlay to be able to read the volume + fuse-overlayfs \ + jq \ + # Needed only for `update-alternatives` below + dpkg # Backward compatibility with kernels that do not support `iptables-nft`. Check #CR-23033 for details. RUN update-alternatives --install $(which iptables) iptables $(which iptables-legacy) 10 \ && update-alternatives --install $(which ip6tables) ip6tables $(which ip6tables-legacy) 10 - -COPY --from=node-exporter /bin/node_exporter /bin/ -COPY --from=cleaner /usr/local/bin/dind-cleaner /bin/ +COPY --from=quay.io/prometheus/node-exporter:v1.10.2 /bin/node_exporter /bin/ COPY --from=bbolt /go/bin/bbolt /bin/ +COPY --from=cleaner /usr/local/bin/dind-cleaner /bin/ WORKDIR /dind ADD . /dind diff --git a/service.yaml b/service.yaml index 80cb064..eff1344 100644 --- a/service.yaml +++ b/service.yaml @@ -1 +1 @@ -version: 3.0.5 +version: 3.0.6