buildx/hack/dockerfiles/vendor.Dockerfile

# syntax=docker/dockerfile:1

ARG GO_VERSION=1.20.7
ARG MODOUTDATED_VERSION=v0.8.0

FROM golang:${GO_VERSION}-alpine AS base
RUN apk add --no-cache git rsync
WORKDIR /src

FROM base AS vendored
RUN --mount=target=/context \
  --mount=target=.,type=tmpfs  \
  --mount=target=/go/pkg/mod,type=cache <<EOT
set -e
rsync -a /context/. .
go mod tidy
go mod vendor
mkdir /out
cp -r go.mod go.sum vendor /out
EOT

FROM scratch AS update
COPY --from=vendored /out /out

FROM vendored AS validate
RUN --mount=target=/context \
  --mount=target=.,type=tmpfs <<EOT
set -e
rsync -a /context/. .
git add -A
rm -rf vendor
cp -rf /out/* .
if [ -n "$(git status --porcelain -- go.mod go.sum vendor)" ]; then
  echo >&2 'ERROR: Vendor result differs. Please vendor your package with "make vendor"'
  git status --porcelain -- go.mod go.sum vendor
  exit 1
fi
EOT

FROM psampaz/go-mod-outdated:${MODOUTDATED_VERSION} AS go-mod-outdated
FROM base AS outdated
RUN --mount=target=.,ro \
  --mount=target=/go/pkg/mod,type=cache \
  --mount=from=go-mod-outdated,source=/home/go-mod-outdated,target=/usr/bin/go-mod-outdated \
  go list -mod=readonly -u -m -json all | go-mod-outdated -update -direct
Dockerfile: align frontend version Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2 years ago			`# syntax=docker/dockerfile:1`
Dockerfile: update to go1.16 Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 4 years ago
update to go1.20.7 Includes a fix for CVE-2023-29409 go1.20.7 (released 2023-08-01) includes a security fix to the crypto/tls package, as well as bug fixes to the assembler and the compiler. See the Go 1.20.7 milestone on our issue tracker for details: - https://github.com/golang/go/issues?q=milestone%3AGo1.20.7+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.20.6...go1.20.7 From the mailing list announcement: [security] Go 1.20.7 and Go 1.19.12 are released Hello gophers, We have just released Go versions 1.20.7 and 1.19.12, minor point releases. These minor releases include 1 security fixes following the security policy: - crypto/tls: restrict RSA keys in certificates to <= 8192 bits Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. Limit this by restricting the size of RSA keys transmitted during handshakes to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Thanks to Mateusz Poliwczak for reporting this issue. View the release notes for more information: https://go.dev/doc/devel/release#go1.20.7 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> 1 year ago			`ARG GO_VERSION=1.20.7`
chore: invalidate cache for outdated run stage Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago			`ARG MODOUTDATED_VERSION=v0.8.0`
Go 1.17 Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago
Mod outdated Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago			`FROM golang:${GO_VERSION}-alpine AS base`
			`RUN apk add --no-cache git rsync`
hack: base build scripts Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 6 years ago			`WORKDIR /src`
Mod outdated Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago
			`FROM base AS vendored`
hack: update vendor dockerfile Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 6 years ago			`RUN --mount=target=/context \`
Bake workflow Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago			`--mount=target=.,type=tmpfs \`
			`--mount=target=/go/pkg/mod,type=cache <<EOT`
			`set -e`
			`rsync -a /context/. .`
go.mod: bump to Go 1.19 Go 1.20 will be there soon, I think it's time to move our go.mod to latest stable. We can then remove the compat in our vendor.Dockerfile Downstream projects like compose or github.com/linuxkit/linuxkit should not be affected. Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 2 years ago			`go mod tidy`
Bake workflow Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago			`go mod vendor`
			`mkdir /out`
			`cp -r go.mod go.sum vendor /out`
			`EOT`
hack: base build scripts Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 6 years ago
			`FROM scratch AS update`
			`COPY --from=vendored /out /out`

			`FROM vendored AS validate`
hack: update vendor dockerfile Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com> 6 years ago			`RUN --mount=target=/context \`
Bake workflow Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago			`--mount=target=.,type=tmpfs <<EOT`
			`set -e`
			`rsync -a /context/. .`
			`git add -A`
			`rm -rf vendor`
			`cp -rf /out/* .`
			`if [ -n "$(git status --porcelain -- go.mod go.sum vendor)" ]; then`
			`echo >&2 'ERROR: Vendor result differs. Please vendor your package with "make vendor"'`
			`git status --porcelain -- go.mod go.sum vendor`
			`exit 1`
			`fi`
			`EOT`
Mod outdated Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago
chore: invalidate cache for outdated run stage Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago			`FROM psampaz/go-mod-outdated:${MODOUTDATED_VERSION} AS go-mod-outdated`
Mod outdated Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com> 3 years ago			`FROM base AS outdated`
			`RUN --mount=target=.,ro \`
			`--mount=target=/go/pkg/mod,type=cache \`
			`--mount=from=go-mod-outdated,source=/home/go-mod-outdated,target=/usr/bin/go-mod-outdated \`
			`go list -mod=readonly -u -m -json all \| go-mod-outdated -update -direct`