Switch to alpine image to fix vulnerabilities (#43)

dmytro-pryvedeniuk · web-flow · commit e45105900003 · 2023-08-03T20:11:34.000+02:00
* Use separate docker file for alpine-based image

* Add pipeline and create script for alpine
diff --git a/StandAlone.NETCoreApp/Dockerfile.alpine b/StandAlone.NETCoreApp/Dockerfile.alpine
@@ -0,0 +1,31 @@
+FROM mcr.microsoft.com/dotnet/sdk:6.0-alpine AS build-env
+
+LABEL maintainer="Stef Heyenrath"
+
+WORKDIR /app
+
+# copy csproj and restore as distinct layers
+COPY StandAlone.NETCoreApp.csproj ./
+RUN dotnet restore
+
+# copy everything else and build
+COPY *.cs ./
+RUN dotnet publish -c Release -r alpine-x64 -o out \
+  --self-contained true \
+  /p:PublishTrimmed=true \
+  /p:TrimMode=Link \
+  /p:PublishSingleFile=true
+
+# build runtime image
+FROM mcr.microsoft.com/dotnet/aspnet:6.0-alpine
+# resolve CVE-2023-2975
+RUN apk upgrade libssl3 libcrypto3 --no-cache
+WORKDIR /app
+COPY --from=build-env /app/out ./
+EXPOSE 80
+ENTRYPOINT ["./wiremock-net", "--Urls", "http://*:80"]
+CMD ["--WireMockLogger", "WireMockConsoleLogger"]
+
+# Just some info:
+# build with : docker build -t sheyenrath/wiremock.net .
+# run with   : docker run --rm -p 9091:80 sheyenrath/wiremock.net
diff --git a/StandAlone.NETCoreApp/create.alpine.ps1 b/StandAlone.NETCoreApp/create.alpine.ps1
@@ -0,0 +1,3 @@
+docker build -t sheyenrath/wiremock.net-alpine -f .\Dockerfile.alpine .
+docker rmi $(docker images -f "dangling=true" -q)
+docker images
diff --git a/azure-pipelines-alpine.yml b/azure-pipelines-alpine.yml
@@ -0,0 +1,45 @@
+variables:
+  buildConfiguration: 'Release'
+  imageName: 'wiremock.net-alpine'
+  buildProjects: '**/StandAlone.NETCoreApp.csproj'
+  tag: '1.5.32'
+
+trigger: none
+
+pool:
+  vmImage: 'Ubuntu-latest'
+
+steps:
+- task: UseDotNet@2
+  inputs:
+    packageType: 'sdk'
+    version: '6.0.x'
+
+- task: DotNetCoreCLI@2
+  displayName: Build StandAlone.NETCoreApp
+  inputs:
+    command: 'build'
+    arguments: /p:Configuration=$(buildConfiguration)
+    projects: $(buildProjects)
+
+- task: Docker@2
+  displayName: 'Build Docker [$(imageName)(latest,$(tag)]'
+  inputs:
+    command: 'build'
+    containerRegistry: 'DockerRegistry'
+    repository: '$(DOCKER_ID)/$(imageName)'
+    dockerfile: '$(Build.SourcesDirectory)/StandAlone.NETCoreApp/Dockerfile.alpine'
+    tags: |
+      $(tag)
+      latest
+
+- task: Docker@2
+  displayName: 'Push Docker [$(imageName)(latest,$(tag)]'
+  inputs:
+    command: 'push'
+    containerRegistry: 'DockerRegistry'
+    repository: '$(DOCKER_ID)/$(imageName)'
+    dockerfile: '$(Build.SourcesDirectory)/StandAlone.NETCoreApp/Dockerfile.alpine'
+    tags: |
+      $(tag)
+      latest

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+docker build -t sheyenrath/wiremock.net-alpine -f .\Dockerfile.alpine .`
	`2`	`+docker rmi $(docker images -f "dangling=true" -q)`
	`3`	`+docker images`