Merge pull request #35 from iastewar/distroless-image

spowelljr · web-flow · commit 5ed4a78da2d3 · 2022-12-20T09:17:52.000-08:00
Changed base image to gcr.io/distroless/static:nonroot
diff --git a/Dockerfile b/Dockerfile
@@ -12,7 +12,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# base image is the same as ko's default
-FROM cgr.dev/chainguard/static:latest
+FROM gcr.io/distroless/static:nonroot
 COPY gcp-auth-webhook /gcp-auth-webhook
 ENTRYPOINT ["/gcp-auth-webhook"]
diff --git a/Makefile b/Makefile
@@ -4,6 +4,7 @@ GOOS?=$(shell go env GOOS)
 GOARCH?=$(shell go env GOARCH)
 ARCH=$(if $(findstring amd64, $(GOARCH)),x86_64,$(GOARCH))
 KO_VERSION=0.12.0
+BASE_IMAGE?=gcr.io/distroless/static:nonroot
 
 build: ## Build the gcp-auth-webhook binary
 	CGO_ENABLED=0 GOOS=linux go build -ldflags="-X 'main.Version=$(VERSION)'" -o out/gcp-auth-webhook server.go
@@ -12,7 +13,7 @@ build: ## Build the gcp-auth-webhook binary
 image: ## Create and push multiarch manifest and images
 	@read -p "This will build and push $(REGISTRY)/gcp-auth-webhook:$(VERSION). Do you want to proceed? (Y/N): " confirm && echo $$confirm | grep -iq "^[yY]" || exit 1;
 	curl -L https://github.com/google/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(GOOS)_$(ARCH).tar.gz | tar xzf - ko && chmod +x ./ko
-	GOFLAGS="-ldflags=-X=main.Version=$(VERSION)" KO_DOCKER_REPO=$(REGISTRY) ./ko publish -B . --platform all -t $(VERSION)
+	GOFLAGS="-ldflags=-X=main.Version=$(VERSION)" KO_DOCKER_REPO=$(REGISTRY) KO_DEFAULTBASEIMAGE=$(BASE_IMAGE) ./ko publish -B . --platform all -t $(VERSION)
 	rm ./ko
 
 .PHONY: local-image
