Add cilium-cli image

Signed-off-by: Marco Franssen <marco.franssen@gmail.com>
cilium · Oct 29, 2024 · 9b9b5c2 · 9b9b5c2
1 parent 9d9854f
commit 9b9b5c2
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 2 deletions.
diff --git a/.github/workflows/images.yaml b/.github/workflows/images.yaml
@@ -27,6 +27,12 @@ jobs:
         include:
           - name: cilium-cli-ci
             dockerfile: ./Dockerfile.ci
+          - name: cilium-cli
+            dockerfile: ./Dockerfile
+
+    env:
+      DOCKER_PLATFORMS: ${{ matrix.name == 'cilium-cli' && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
+
     steps:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
@@ -63,7 +69,7 @@ jobs:
           context: .
           file: ${{ matrix.dockerfile }}
           push: true
-          platforms: linux/amd64
+          platforms: ${{ env.DOCKER_PLATFORMS }}
           tags: |
             quay.io/${{ github.repository_owner }}/${{ matrix.name }}:latest
             quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
@@ -85,7 +91,7 @@ jobs:
           context: .
           file: ${{ matrix.dockerfile }}
           push: true
-          platforms: linux/amd64
+          platforms:  ${{ env.DOCKER_PLATFORMS }}
           tags: |
             quay.io/${{ github.repository_owner }}/${{ matrix.name }}:${{ steps.tag.outputs.tag }}
 

diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,41 @@
+# syntax=docker/dockerfile:1.10@sha256:865e5dd094beca432e8c0a1d5e1c465db5f998dca4e439981029b3b81fb39ed5
+
+# Copyright Authors of Cilium
+# SPDX-License-Identifier: Apache-2.0
+FROM --platform=${BUILDPLATFORM} golang:1.23.0-alpine3.20@sha256:d0b31558e6b3e4cc59f6011d79905835108c919143ebecc58f35965bf79948f4 AS base
+RUN apk add --no-cache --update ca-certificates git make 
+WORKDIR /go/src/github.com/cilium/cilium-cli
+COPY go.* .
+RUN --mount=type=cache,target=/go/pkg/mod go mod download
+COPY . .
+
+# xx is a helper for cross-compilation
+# when bumping to a new version analyze the new version for security issues
+# then use crane to lookup the digest of that version so we are immutable
+# crane digest tonistiigi/xx:1.5.0
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.5.0@sha256:0c6a569797744e45955f39d4f7538ac344bfb7ebf0a54006a0a4297b153ccf0f AS xx
+
+FROM --platform=${BUILDPLATFORM} base AS builder
+ARG TARGETPLATFORM
+ARG TARGETARCH
+COPY --link --from=xx / /
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    xx-go --wrap && \
+    make && \
+    xx-verify --static /go/src/github.com/cilium/cilium-cli/cilium
+
+FROM --platform=${BUILDPLATFORM} cgr.dev/chainguard/wolfi-base:latest@sha256:72c8bfed3266b2780243b144dc5151150015baf5a739edbbde53d154574f1607
+LABEL maintainer="maintainer@cilium.io"
+ENTRYPOINT [""]
+CMD ["bash"]
+ARG cilium_uid=1000
+ARG cilium_gid=1000
+ARG cilium_home=/home/cilium
+RUN apk add --update --no-cache bash busybox kubectl && \
+    addgroup -g ${cilium_gid} cilium && \
+    adduser -D -h ${cilium_home} -u ${cilium_uid} -G cilium cilium
+WORKDIR ${cilium_home}
+COPY --link --from=builder --chown=${cilium_uid}:${cilium_gid} --chmod=755 /go/src/github.com/cilium/cilium-cli/cilium /usr/local/bin/cilium
+COPY --link --from=builder --chown=root:root --chmod=755 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+USER ${cilium_uid}:${cilium_gid}