Move dustilock to cross compile

Author: waterfoul

Dockerfile

@@ -35,8 +35,16 @@ ARG TARGETARCH
 RUN export DL_LOCATION="https://github.com/charliermarsh/ruff/releases/latest/download/ruff-$([[ "${TARGETARCH}" == "amd64" ]] && echo "x86_64" || echo "aarch64")-unknown-linux-musl.tar.gz" \
     && echo "Downloading from ${DL_LOCATION}" \
     && curl --location "${DL_LOCATION}" | tar -xzv
+FROM --platform=$BUILDPLATFORM golang:alpine as dustilock-build
+RUN mkdir temp && cd temp && go mod init temp && go get -d github.com/checkmarx/[email protected]
+ARG BUILDARCH
+ARG TARGETARCH
+RUN GOOS=linux GOARCH=${TARGETARCH} go install github.com/checkmarx/[email protected] \
+&& ([[ "${BUILDARCH}" == "${TARGETARCH}" ]] && mv bin/dustilock /usr/bin) || mv bin/linux_${TARGETARCH}/dustilock /usr/bin
 FROM golang:alpine as dustilock
-RUN GOBIN=/usr/bin go install github.com/checkmarx/[email protected]
+COPY --from=dustilock-build /usr/bin/dustilock /usr/bin/dustilock
+# Verify Binary
+RUN /usr/bin/dustilock --version
 
 FROM zricethezav/gitleaks:v8.17.0 as gitleaks
 FROM checkmarx/kics:alpine as kics

flavors/security/Dockerfile

@@ -15,8 +15,16 @@
 FROM koalaman/shellcheck:stable as shellcheck
 FROM hadolint/hadolint:v2.12.0-alpine as hadolint
 FROM ghcr.io/yannh/kubeconform:latest-alpine as kubeconform
+FROM --platform=$BUILDPLATFORM golang:alpine as dustilock-build
+RUN mkdir temp && cd temp && go mod init temp && go get -d github.com/checkmarx/[email protected]
+ARG BUILDARCH
+ARG TARGETARCH
+RUN GOOS=linux GOARCH=${TARGETARCH} go install github.com/checkmarx/[email protected] \
+&& ([[ "${BUILDARCH}" == "${TARGETARCH}" ]] && mv bin/dustilock /usr/bin) || mv bin/linux_${TARGETARCH}/dustilock /usr/bin
 FROM golang:alpine as dustilock
-RUN GOBIN=/usr/bin go install github.com/checkmarx/[email protected]
+COPY --from=dustilock-build /usr/bin/dustilock /usr/bin/dustilock
+# Verify Binary
+RUN /usr/bin/dustilock --version
 
 FROM zricethezav/gitleaks:v8.17.0 as gitleaks
 FROM checkmarx/kics:alpine as kics

linters/repository_dustilock/Dockerfile

@@ -11,8 +11,16 @@
 ## @generated by .automation/build.py using descriptor files, please do not update manually ##
 #############################################################################################
 #FROM__START
+FROM --platform=$BUILDPLATFORM golang:alpine as dustilock-build
+RUN mkdir temp && cd temp && go mod init temp && go get -d github.com/checkmarx/[email protected]
+ARG BUILDARCH
+ARG TARGETARCH
+RUN GOOS=linux GOARCH=${TARGETARCH} go install github.com/checkmarx/[email protected] \
+&& ([[ "${BUILDARCH}" == "${TARGETARCH}" ]] && mv bin/dustilock /usr/bin) || mv bin/linux_${TARGETARCH}/dustilock /usr/bin
 FROM golang:alpine as dustilock
-RUN GOBIN=/usr/bin go install github.com/checkmarx/[email protected]
+COPY --from=dustilock-build /usr/bin/dustilock /usr/bin/dustilock
+# Verify Binary
+RUN /usr/bin/dustilock --version
 
 #FROM__END
 

megalinter/descriptors/repository.megalinter-descriptor.yml

@@ -137,10 +137,18 @@ linters:
       dockerfile:
         # The golang image used as a builder is a temporary workaround
         # Dustilock is not released as a binary or container
-        - |
-          FROM golang:alpine as dustilock
-          RUN GOBIN=/usr/bin go install github.com/checkmarx/[email protected]
-        - COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock
+      - |
+        FROM --platform=$BUILDPLATFORM golang:alpine as dustilock-build
+        RUN mkdir temp && cd temp && go mod init temp && go get -d github.com/checkmarx/[email protected]
+        ARG BUILDARCH
+        ARG TARGETARCH
+        RUN GOOS=linux GOARCH=${TARGETARCH} go install github.com/checkmarx/[email protected] \
+        && ([[ "${BUILDARCH}" == "${TARGETARCH}" ]] && mv bin/dustilock /usr/bin) || mv bin/linux_${TARGETARCH}/dustilock /usr/bin
+        FROM golang:alpine as dustilock
+        COPY --from=dustilock-build /usr/bin/dustilock /usr/bin/dustilock
+        # Verify Binary
+        RUN /usr/bin/dustilock --version
+      - COPY --link --from=dustilock /usr/bin/dustilock /usr/bin/dustilock
     supported_platforms:
       platform:
         - linux/amd64