mirror/container-census
1
0
Fork 0
mirror of https://github.com/selfhosters-cc/container-census.git synced 2026-05-04 12:00:45 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
474d78b8014f3bb0ba57b308cd61bfe9eb82d7b1
container-census/Dockerfile.agent
T
Self Hosters eeba4c116d Add missing database and infrastructure changes from previous session 
Changes include:
- GetHostIDForImage method in storage with ORDER BY last_seen DESC
- Agent deployment script improvements
- Build time tracking in agent Dockerfile
- Additional vulnerability scanning infrastructure

These changes were made in previous session but not committed.

🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2025-12-12 07:00:43 -05:00

95 lines
2.8 KiB
Docker
Raw Blame History

# Lightweight Agent Dockerfile
# Multi-stage build for Container Census Agent
# Stage 1: Build the Go binary
FROM golang:1.23-alpine AS builder
ENV GOTOOLCHAIN=auto
# Install build dependencies
RUN apk add --no-cache git gcc musl-dev
# Set working directory
WORKDIR /build
# Copy dependency files first (better caching)
COPY go.mod go.sum* ./
# Download dependencies (cached unless go.mod/go.sum changes)
RUN go mod download
# Copy source code
COPY . .
# Tidy if needed (rarely changes cache)
RUN go mod tidy -e
# Build the agent binary with build time
RUN BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ") && \
CGO_ENABLED=0 GOOS=linux go build -buildvcs=false \
-ldflags="-w -s -X github.com/selfhosters-cc/container-census/internal/version.BuildTime=${BUILD_TIME}" \
-o census-agent ./cmd/agent
# Stage 2: Create minimal runtime image
FROM alpine:3.21
# Build arg for docker group GID (defaults to 999)
ARG DOCKER_GID=999
# Build arg for optional Trivy installation
ARG INSTALL_TRIVY=false
ARG TRIVY_VERSION=0.58.1
# Install ca-certificates for HTTPS and conditionally install Trivy
RUN apk --no-cache add ca-certificates tzdata && \
if [ "$INSTALL_TRIVY" = "true" ]; then \
apk --no-cache add wget && \
ARCH=$(uname -m) && \
case "$ARCH" in \
x86_64) TRIVY_ARCH="64bit" ;; \
aarch64) TRIVY_ARCH="ARM64" ;; \
armv7l) TRIVY_ARCH="ARM" ;; \
*) echo "Unsupported architecture: $ARCH" && exit 1 ;; \
esac && \
wget -qO- https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-${TRIVY_ARCH}.tar.gz | tar -xzf - -C /usr/local/bin trivy && \
chmod +x /usr/local/bin/trivy && \
trivy --version && \
apk del wget; \
fi
# Create docker group with host's GID and census user
RUN (getent group ${DOCKER_GID} && delgroup $(getent group ${DOCKER_GID} | cut -d: -f1)) || true && \
addgroup -g ${DOCKER_GID} docker && \
addgroup -g 1000 census && \
adduser -D -u 1000 -G census census && \
adduser census docker
# Set working directory
WORKDIR /app
# Copy binary from builder
COPY --from=builder /build/census-agent .
# Copy version file
COPY --from=builder /build/.version ./.version
# Create data directory for token persistence and conditionally create Trivy cache directory
RUN mkdir -p /app/data && chown census:census /app/data && \
if [ "$INSTALL_TRIVY" = "true" ]; then \
mkdir -p /app/data/.trivy && \
chown census:census /app/data/.trivy; \
fi
# Switch to non-root user
USER census
# Expose agent port
EXPOSE 9876
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:9876/health || exit 1
# Run the agent
ENTRYPOINT ["./census-agent"]
CMD ["--port=9876"]
Reference in New Issue View Git Blame Copy Permalink