Adding Dockerfile
This commit is contained in:
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1 +1,2 @@
|
|||||||
.idea
|
.idea
|
||||||
|
cmd/cert-bundler/testdata/pkg/*
|
||||||
|
|||||||
32
cmd/cert-bundler/Dockerfile
Normal file
32
cmd/cert-bundler/Dockerfile
Normal file
@@ -0,0 +1,32 @@
|
|||||||
|
# Build and runtime image for cert-bundler
|
||||||
|
# Usage (from repo root or cmd/cert-bundler directory):
|
||||||
|
# docker build -t cert-bundler:latest -f cmd/cert-bundler/Dockerfile .
|
||||||
|
# docker run --rm -v "$PWD":/work cert-bundler:latest
|
||||||
|
# This expects a /work/bundle.yaml file in the mounted directory and
|
||||||
|
# will write generated bundles to /work/bundle.
|
||||||
|
|
||||||
|
# Build stage
|
||||||
|
FROM golang:1.24.3-alpine AS build
|
||||||
|
WORKDIR /src
|
||||||
|
|
||||||
|
# Copy go module files and download dependencies first for better caching
|
||||||
|
COPY go.mod go.sum ./
|
||||||
|
RUN go mod download
|
||||||
|
|
||||||
|
# Copy the rest of the source and build the cert-bundler binary
|
||||||
|
COPY . .
|
||||||
|
RUN go build -o /bin/cert-bundler ./cmd/cert-bundler
|
||||||
|
|
||||||
|
# Runtime stage (kept as golang:alpine per requirement)
|
||||||
|
FROM golang:1.24.3-alpine
|
||||||
|
|
||||||
|
# Create a work directory that users will typically mount into
|
||||||
|
WORKDIR /work
|
||||||
|
VOLUME ["/work"]
|
||||||
|
|
||||||
|
# Copy the built binary from the builder stage
|
||||||
|
COPY --from=build /bin/cert-bundler /usr/local/bin/cert-bundler
|
||||||
|
|
||||||
|
# Default command: read bundle.yaml from current directory and output to ./bundle
|
||||||
|
ENTRYPOINT ["/usr/local/bin/cert-bundler"]
|
||||||
|
CMD ["-c", "/work/bundle.yaml", "-o", "/work/bundle"]
|
||||||
@@ -584,7 +584,6 @@ func generateHashFile(path string, files []string) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// makeUniqueName ensures that each file name within the archive is unique by appending
|
// makeUniqueName ensures that each file name within the archive is unique by appending
|
||||||
// an incremental numeric suffix before the extension when collisions occur.
|
// an incremental numeric suffix before the extension when collisions occur.
|
||||||
// Example: "root.pem" -> "root-2.pem", "root-3.pem", etc.
|
// Example: "root.pem" -> "root-2.pem", "root-3.pem", etc.
|
||||||
@@ -599,10 +598,7 @@ func makeUniqueName(name string, used map[string]int) string {
|
|||||||
base := strings.TrimSuffix(name, ext)
|
base := strings.TrimSuffix(name, ext)
|
||||||
// Track a counter per base+ext key
|
// Track a counter per base+ext key
|
||||||
key := base + ext
|
key := base + ext
|
||||||
counter := used[key]
|
counter := max(used[key], 1)
|
||||||
if counter < 1 {
|
|
||||||
counter = 1
|
|
||||||
}
|
|
||||||
for {
|
for {
|
||||||
counter++
|
counter++
|
||||||
candidate := fmt.Sprintf("%s-%d%s", base, counter, ext)
|
candidate := fmt.Sprintf("%s-%d%s", base, counter, ext)
|
||||||
|
|||||||
13
cmd/cert-bundler/testdata/bundle.yaml
vendored
13
cmd/cert-bundler/testdata/bundle.yaml
vendored
@@ -2,6 +2,19 @@ config:
|
|||||||
hashes: bundle.sha256
|
hashes: bundle.sha256
|
||||||
expiry: 1y
|
expiry: 1y
|
||||||
chains:
|
chains:
|
||||||
|
weird:
|
||||||
|
certs:
|
||||||
|
- root: pems/gts-r1.pem
|
||||||
|
intermediates:
|
||||||
|
- pems/goog-wr2.pem
|
||||||
|
- root: pems/isrg-root-x1.pem
|
||||||
|
outputs:
|
||||||
|
include_single: true
|
||||||
|
include_individual: true
|
||||||
|
manifest: true
|
||||||
|
formats:
|
||||||
|
- zip
|
||||||
|
- tgz
|
||||||
core_certs:
|
core_certs:
|
||||||
certs:
|
certs:
|
||||||
- root: pems/gts-r1.pem
|
- root: pems/gts-r1.pem
|
||||||
|
|||||||
Reference in New Issue
Block a user