add distroless debug image to published release (#1106)

add debug distroless image to published release Debian was chosen based on the fact that it is the smallest available distroless image The new tag is `anchore/syft:debug` Closes #833
anchore · Jul 20, 2022 · 7bae9d4 · 7bae9d4
1 parent 571de36
commit 7bae9d4
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 29 deletions.
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -98,14 +98,40 @@ brews:
 
 dockers:
   - image_templates:
-      - "anchore/syft:latest"
-      - "anchore/syft:{{ .Tag }}-amd64"
-      - "anchore/syft:v{{ .Major }}-amd64"
-      - "anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64"
-      - "ghcr.io/anchore/syft:latest"
-      - "ghcr.io/anchore/syft:{{ .Tag }}-amd64"
-      - "ghcr.io/anchore/syft:v{{ .Major }}-amd64"
-      - "ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64"
+      - anchore/syft:debug
+      - anchore/syft:{{.Tag}}-debug
+      - ghcr.io/anchore/syft:debug
+      - ghcr.io/anchore/syft:{{.Tag}}-debug
+    goarch: amd64
+    dockerfile: Dockerfile.debug
+    use: buildx
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--build-arg=BUILD_DATE={{.Date}}"
+      - "--build-arg=BUILD_VERSION={{.Version}}"
+      - "--build-arg=VCS_REF={{.FullCommit}}"
+      - "--build-arg=VCS_URL={{.GitURL}}"
+
+  - image_templates:
+      - anchore/syft:debug-arm64v8
+      - anchore/syft:{{.Tag}}-debug-arm64v8
+      - ghcr.io/anchore/syft:debug-arm64v8
+      - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
+    goarch: arm64
+    dockerfile: Dockerfile.debug
+    use: buildx
+    build_flag_templates:
+      - "--platform=linux/arm64/v8"
+      - "--build-arg=BUILD_DATE={{.Date}}"
+      - "--build-arg=BUILD_VERSION={{.Version}}"
+      - "--build-arg=VCS_REF={{.FullCommit}}"
+      - "--build-arg=VCS_URL={{.GitURL}}"
+
+  - image_templates:
+      - anchore/syft:latest
+      - anchore/syft:{{.Tag}}
+      - ghcr.io/anchore/syft:latest
+      - ghcr.io/anchore/syft:{{.Tag}}
     goarch: amd64
     dockerfile: Dockerfile
     use: buildx
@@ -117,12 +143,8 @@ dockers:
       - "--build-arg=VCS_URL={{.GitURL}}"
 
   - image_templates:
-      - "anchore/syft:{{ .Tag }}-arm64v8"
-      - "anchore/syft:v{{ .Major }}-arm64v8"
-      - "anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8"
-      - "ghcr.io/anchore/syft:{{ .Tag }}-arm64v8"
-      - "ghcr.io/anchore/syft:v{{ .Major }}-arm64v8"
-      - "ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8"
+      - anchore/syft:{{.Tag}}-arm64v8
+      - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
     goarch: arm64
     dockerfile: Dockerfile
     use: buildx
@@ -134,19 +156,31 @@ dockers:
       - "--build-arg=VCS_URL={{.GitURL}}"
 
 docker_manifests:
-  - name_template: anchore/syft:{{ .Tag }}
-    image_templates:
-      - anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64
-      - anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8
   - name_template: anchore/syft:latest
     image_templates:
-      - anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64
-      - anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8
-  - name_template: ghcr.io/anchore/syft:{{ .Tag }}
+      - anchore/syft:{{.Tag}}
+      - anchore/syft:{{.Tag}}-arm64v8
+
+  - name_template: anchore/syft:debug
+      - anchore/syft:{{.Tag}}-debug
+      - anchore/syft:{{.Tag}}-debug-arm64v8
+
+  - name_template: anchore/syft:{{.Tag}}
     image_templates:
-      - ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64
-      - ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8
+      - anchore/syft:{{.Tag}}
+      - anchore/syft:{{.Tag}}-arm64v8
+
   - name_template: ghcr.io/anchore/syft:latest
     image_templates:
-      - ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-amd64
-      - ghcr.io/anchore/syft:v{{ .Major }}.{{ .Minor }}-arm64v8
+      - anchore/syft:{{.Tag}}
+      - anchore/syft:{{.Tag}}-arm64v8
+
+  - name_template: ghcr.io/anchore/syft:debug
+    image_templates:
+      - ghcr.io/anchore/syft:{{.Tag}}-debug
+      - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8
+
+  - name_template: ghcr.io/anchore/syft:{{.Tag}}
+    image_templates:
+      - ghcr.io/anchore/syft:{{.Tag}}
+      - ghcr.io/anchore/syft:{{.Tag}}-arm64v8
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,4 @@
-FROM alpine:latest AS build
-
-RUN apk --no-cache add ca-certificates
+FROM gcr.io/distroless/static-debian11:debug AS build
 
 FROM scratch
 # needed for version check HTTPS request
@@ -27,6 +25,5 @@ LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md"
 LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png"
 LABEL io.artifacthub.package.license="Apache-2.0"
-
 
 ENTRYPOINT ["/syft"]
diff --git a/Dockerfile.debug b/Dockerfile.debug
@@ -0,0 +1,25 @@
+FROM gcr.io/distroless/static-debian11:debug
+
+# create the /tmp dir, which is needed for image content cache
+WORKDIR /tmp
+
+COPY syft /
+
+ARG BUILD_DATE
+ARG BUILD_VERSION
+ARG VCS_REF
+ARG VCS_URL
+
+LABEL org.opencontainers.image.created=$BUILD_DATE
+LABEL org.opencontainers.image.title="syft"
+LABEL org.opencontainers.image.description="CLI tool and library for generating a Software Bill of Materials from container images and filesystems"
+LABEL org.opencontainers.image.source=$VCS_URL
+LABEL org.opencontainers.image.revision=$VCS_REF
+LABEL org.opencontainers.image.vendor="Anchore, Inc."
+LABEL org.opencontainers.image.version=$BUILD_VERSION
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/anchore/syft/main/README.md"
+LABEL io.artifacthub.package.logo-url="https://user-images.githubusercontent.com/5199289/136844524-1527b09f-c5cb-4aa9-be54-5aa92a6086c1.png"
+LABEL io.artifacthub.package.license="Apache-2.0"
+
+ENTRYPOINT ["/syft"]