4efec0f791
Right now, we test the container at the end of the build rather than before publishing so while we decouple that work, we should not fail the build step if a security advisory was found - it's too late, the containers are released so we should instead catch the advisory and that will allow our release pipeline to continue
26 lines
724 B
Docker
26 lines
724 B
Docker
# syntax = docker/dockerfile:experimental
|
|
# Interim container so we can copy pulumi binaries
|
|
# Must be defined first
|
|
ARG PULUMI_VERSION=latest
|
|
ARG PULUMI_IMAGE=pulumi/pulumi-base
|
|
FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi
|
|
|
|
# The runtime container
|
|
FROM node:lts-alpine3.12
|
|
WORKDIR /pulumi/projects
|
|
|
|
# Install needed tools, like git
|
|
RUN apk update && \
|
|
apk upgrade && \
|
|
apk add \
|
|
git \
|
|
libc6-compat \
|
|
ca-certificates
|
|
|
|
# Uses the workdir, copies from pulumi interim container
|
|
COPY --from=pulumi /pulumi/bin/pulumi /pulumi/bin/pulumi
|
|
COPY --from=pulumi /pulumi/bin/*-nodejs* /pulumi/bin/
|
|
COPY --from=pulumi /pulumi/bin/pulumi-analyzer-policy /pulumi/bin/
|
|
ENV PATH "/pulumi/bin:${PATH}"
|
|
|
|
CMD ["pulumi"]
|