cosign-image/Dockerfile

# SPDX-License-Identifier: Apache-2.0

#     Copyright (c) 2024 SUSE LLC

# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon.

# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
# It is maintained by the BCI team and generated by
# https://github.com/SUSE/BCI-dockerfile-generator

# Please submit bugfixes or comments via https://bugs.opensuse.org/
# You can contact the BCI team via https://github.com/SUSE/bci/discussions

#!UseOBSRepositories

#!BuildTag: opensuse/cosign:%%cosign_version%%-%RELEASE%
#!BuildTag: opensuse/cosign:%%cosign_version%%
#!BuildTag: opensuse/cosign:2.4
#!BuildTag: opensuse/cosign:2
#!BuildTag: opensuse/cosign:latest

FROM opensuse/bci/bci-micro:latest AS target
FROM opensuse/tumbleweed:latest AS builder
COPY --from=target / /target

RUN set -euo pipefail; \
    zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends cosign openSUSE-build-key; \
    zypper -n clean; \
    rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}
# sanity check that the version from the tag is equal to the version of cosign that we expect
RUN set -euo pipefail; \
    [ "$(rpm --root /target -q --qf '%{version}' cosign | \
    cut -d '.' -f -2)" = "2.4" ]
FROM opensuse/bci/bci-micro:latest
COPY --from=builder /target /
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=org.opensuse.application.cosign
LABEL org.opencontainers.image.title="openSUSE Tumbleweed cosign"
LABEL org.opencontainers.image.description="Signing OCI containers using Sigstore, based on the openSUSE Tumbleweed Base Container Image."
LABEL org.opencontainers.image.version="%%cosign_version%%"
LABEL org.opencontainers.image.url="https://www.opensuse.org"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="openSUSE Project"
LABEL org.opencontainers.image.source="%SOURCEURL%"
LABEL org.opencontainers.image.ref.name="%%cosign_version%%-%RELEASE%"
LABEL org.opensuse.reference="registry.opensuse.org/opensuse/cosign:%%cosign_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI"
LABEL org.opensuse.release-stage="released"
# endlabelprefix
LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/cosign-image/README.md"
LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/sigstore/community/main/artwork/cosign/horizontal/color/sigstore_cosign-horizontal-color.svg"
ENTRYPOINT ["/usr/bin/cosign"]
[info=c11ae7b91f877d53b9e7ed4d8ed6d010] OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/cosign-image?expand=0&rev=17 2024-11-25 12:58:29 +01:00			`# SPDX-License-Identifier: Apache-2.0`

			`# Copyright (c) 2024 SUSE LLC`

			`# All modifications and additions to the file contributed by third parties`
			`# remain the property of their copyright owners, unless otherwise agreed`
			`# upon.`

			`# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.`
			`# It is maintained by the BCI team and generated by`
			`# https://github.com/SUSE/BCI-dockerfile-generator`

			`# Please submit bugfixes or comments via https://bugs.opensuse.org/`
			`# You can contact the BCI team via https://github.com/SUSE/bci/discussions`

			`#!UseOBSRepositories`

			`#!BuildTag: opensuse/cosign:%%cosign_version%%-%RELEASE%`
			`#!BuildTag: opensuse/cosign:%%cosign_version%%`
			`#!BuildTag: opensuse/cosign:2.4`
			`#!BuildTag: opensuse/cosign:2`
			`#!BuildTag: opensuse/cosign:latest`

			`FROM opensuse/bci/bci-micro:latest AS target`
			`FROM opensuse/tumbleweed:latest AS builder`
			`COPY --from=target / /target`

			`RUN set -euo pipefail; \`
			`zypper -n --installroot /target --gpg-auto-import-keys install --no-recommends cosign openSUSE-build-key; \`
			`zypper -n clean; \`
			`rm -rf {/target,}/var/log/{alternatives.log,lastlog,tallylog,zypper.log,zypp/history,YaST2}`
			`# sanity check that the version from the tag is equal to the version of cosign that we expect`
			`RUN set -euo pipefail; \`
			`[ "$(rpm --root /target -q --qf '%{version}' cosign \| \`
			`cut -d '.' -f -2)" = "2.4" ]`
			`FROM opensuse/bci/bci-micro:latest`
			`COPY --from=builder /target /`
			`# Define labels according to https://en.opensuse.org/Building_derived_containers`
			`# labelprefix=org.opensuse.application.cosign`
			`LABEL org.opencontainers.image.title="openSUSE Tumbleweed cosign"`
			`LABEL org.opencontainers.image.description="Signing OCI containers using Sigstore, based on the openSUSE Tumbleweed Base Container Image."`
			`LABEL org.opencontainers.image.version="%%cosign_version%%"`
			`LABEL org.opencontainers.image.url="https://www.opensuse.org"`
			`LABEL org.opencontainers.image.created="%BUILDTIME%"`
			`LABEL org.opencontainers.image.vendor="openSUSE Project"`
			`LABEL org.opencontainers.image.source="%SOURCEURL%"`
			`LABEL org.opencontainers.image.ref.name="%%cosign_version%%-%RELEASE%"`
			`LABEL org.opensuse.reference="registry.opensuse.org/opensuse/cosign:%%cosign_version%%-%RELEASE%"`
			`LABEL org.openbuildservice.disturl="%DISTURL%"`
			`LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI"`
			`LABEL org.opensuse.release-stage="released"`
			`# endlabelprefix`
			`LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/cosign-image/README.md"`
			`LABEL io.artifacthub.package.logo-url="https://raw.githubusercontent.com/sigstore/community/main/artwork/cosign/horizontal/color/sigstore_cosign-horizontal-color.svg"`
			`ENTRYPOINT ["/usr/bin/cosign"]`