forked from infracost/infracost
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.ci
45 lines (33 loc) · 1.19 KB
/
Dockerfile.ci
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
FROM golang:1.22 as builder
ARG ARCH=linux64
# Set Environment Variables
SHELL ["/bin/bash", "-c"]
ENV HOME /app
ENV CGO_ENABLED 0
WORKDIR /app
# Build Application
COPY . .
RUN NO_DIRTY=true make build
RUN chmod +x /app/build/infracost
# Application
FROM alpine:3.16 as app
# Tools needed for running diffs in CI integrations
RUN apk --no-cache add bash curl git nodejs npm openssh-client
# The jq package provided by alpine:3.15 (jq 1.6-rc1) is flagged as a
# high severity vulnerability, so we install the latest release ourselves
# Reference: https://nvd.nist.gov/vuln/detail/CVE-2016-4074 (this is present on jq-1.6-rc1 as well)
RUN \
# Install jq-1.6 (final release)
curl -s -L -o /tmp/jq https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 && \
mv /tmp/jq /usr/local/bin/jq && \
chmod +x /usr/local/bin/jq
# Install the latest compost version
RUN npm install -g @infracost/compost
WORKDIR /root/
# Scripts are used by CI integrations and other use-cases
COPY scripts/ci/comment.sh /scripts/ci/
COPY --from=builder /app/build/infracost /usr/bin/
ENV INFRACOST_CI_IMAGE=true
ENV INFRACOST_SKIP_UPDATE_CHECK='true'
ENV INFRACOST_LOG_LEVEL=info
ENTRYPOINT ["infracost"]