dockerfile: add extraBuildDirectives for directives at build stage

This PR adds the dockerfile: config option `extraBuildDirectives`, which
adds additional docker directives at the end of the build stage.

Motiviation is to change the certificate-chain, e.g. add addition
certificates since they are generated only during build time and then
copied to the final container.

Author: notandy

README.md

@@ -156,6 +156,10 @@ dockerfile:
       RUN toolbox-cmd
   extraBuildPackages:
     - linux-headers
+  extraBuildDirectives:
+  	 - |
+  	   RUN wget -P /usr/local/share/ca-certificates/ http://example.com/some-custom-certificate.pem \
+        && update-ca-certificates
   extraDirectives:
     - 'LABEL mylabel=myvalue'
     - 'COPY --from=toolbox /bin/fancytool /usr/bin/fancytool'
@@ -182,6 +186,7 @@ With [go-api-declarations](https://github.com/sapcc/go-api-declarations)'s [`bin
 * `entrypoint` allows overwriting the final entrypoint.
 * `extraBuildStages` prepends additional build stages at the top of the Dockerfile. This is useful for bringing in precompiled assets from other images, or if a non-Go compilation step is required.
 * `extraBuildPackages` installs extra Alpine packages in the Docker layer where `make install` is executed. We always install `ca-certificates`, `gcc`, `git`, `make` and `musl-dev`.
+* `extraBuildDirectives` appends additional directives in the Docker layer after `make install` is executed.
 * `extraDirectives` appends additional directives near the end of the Dockerfile.
 * `extraIgnores` appends entries in `.dockerignore` to the default ones.
 * `extraPackages` installs extra Alpine packages in the final Docker layer. `ca-certificates` is always installed.

internal/core/config.go

@@ -234,16 +234,17 @@ type RenovateConfig struct {
 
 // DockerfileConfig appears in type Configuration.
 type DockerfileConfig struct {
-	Enabled            bool     `yaml:"enabled"`
-	Entrypoint         []string `yaml:"entrypoint"`
-	ExtraBuildPackages []string `yaml:"extraBuildPackages"`
-	ExtraBuildStages   []string `yaml:"extraBuildStages"`
-	ExtraDirectives    []string `yaml:"extraDirectives"`
-	ExtraIgnores       []string `yaml:"extraIgnores"`
-	ExtraPackages      []string `yaml:"extraPackages"`
-	RunAsRoot          bool     `yaml:"runAsRoot"`
-	UseBuildKit        bool     `yaml:"useBuildKit"`
-	WithLinkerdAwait   bool     `yaml:"withLinkerdAwait"`
+	Enabled              bool     `yaml:"enabled"`
+	Entrypoint           []string `yaml:"entrypoint"`
+	ExtraBuildDirectives []string `yaml:"extraBuildDirectives"`
+	ExtraBuildPackages   []string `yaml:"extraBuildPackages"`
+	ExtraBuildStages     []string `yaml:"extraBuildStages"`
+	ExtraDirectives      []string `yaml:"extraDirectives"`
+	ExtraIgnores         []string `yaml:"extraIgnores"`
+	ExtraPackages        []string `yaml:"extraPackages"`
+	RunAsRoot            bool     `yaml:"runAsRoot"`
+	UseBuildKit          bool     `yaml:"useBuildKit"`
+	WithLinkerdAwait     bool     `yaml:"withLinkerdAwait"`
 }
 
 type ControllerGen struct {

internal/dockerfile/Dockerfile.tmpl

@@ -20,6 +20,10 @@ RUN {{ if .UseBuildKit }}--mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
   {{ end }}make -C /src install PREFIX=/pkg GOTOOLCHAIN=local{{ if .Config.Golang.EnableVendoring }} GO_BUILDFLAGS='-mod vendor'{{ end }}
 
+{{ range $dcfg.ExtraBuildDirectives -}}
+{{ . }}
+{{ end -}}
+
 ################################################################################
 
 FROM alpine:{{ .Constants.DefaultAlpineImage }}