diff --git a/Dockerfile b/Dockerfile index 4f0046b..d81ddc2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,22 @@ -FROM dhi.io/debian-base:trixie-debian13-dev AS downloader +FROM golang:1.25.10-bookworm AS builder -ENV ETCD_VERSION="v3.6.11" +ARG ETCD_VERSION="v3.6.11" +ARG TARGETOS +ARG TARGETARCH -RUN apt-get update \ - && apt-get install -y --no-install-recommends ca-certificates curl tar \ - && rm -rf /var/lib/apt/lists/* +WORKDIR /build +RUN git clone --branch "${ETCD_VERSION}" --depth 1 https://github.com/etcd-io/etcd.git . -ARG TARGETARCH -RUN ETCD_URL="https://github.com/etcd-io/etcd/releases/download/${ETCD_VERSION}/etcd-${ETCD_VERSION}-linux-${TARGETARCH}.tar.gz" \ - && mkdir -p /out \ - && curl -sL "${ETCD_URL}" | tar -zxv --strip-components=1 -C /out \ - && mv /out/etcdctl /out/etcdctl-bin +WORKDIR /build/etcdctl +RUN --mount=type=cache,target=/go/pkg/mod \ + --mount=type=cache,target=/root/.cache/go-build \ + go get golang.org/x/net@v0.55.0 golang.org/x/sys@v0.45.0 golang.org/x/text@v0.37.0 \ + && go mod download \ + && CGO_ENABLED=0 GOOS="${TARGETOS:-linux}" GOARCH="${TARGETARCH}" go build -trimpath -ldflags="-s -w" -o /out/etcdctl-bin . FROM dhi.io/debian-base:trixie -COPY --chmod=755 --from=downloader /out/etcdctl-bin /usr/local/bin/etcdctl-bin +COPY --chmod=755 --from=builder /out/etcdctl-bin /usr/local/bin/etcdctl-bin COPY --chmod=755 etcdctl-wrapper.sh /usr/local/bin/etcdctl USER 0 diff --git a/Readme.md b/Readme.md index 9347af4..98f1218 100644 --- a/Readme.md +++ b/Readme.md @@ -65,4 +65,4 @@ If neither directory exists (e.g. you attached to a worker), the wrapper runs `e * [Using etcdctl in k3s clusters](https://docs.k3s.io/advanced?_highlight=etcdctl#using-etcdctl) * [DHI catalog](https://hub.docker.com/hardened-images/catalog) (base images used in the Dockerfile) -* [etcd releases](https://github.com/etcd-io/etcd/releases): etcd release archives ships all 3 binaries together: `etcd, etcdctl, etcdutl` \ No newline at end of file +* [etcd source releases](https://github.com/etcd-io/etcd/releases): this image builds `etcdctl` from the tagged source during image build \ No newline at end of file