-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile.zizmor
More file actions
24 lines (23 loc) · 910 Bytes
/
Dockerfile.zizmor
File metadata and controls
24 lines (23 loc) · 910 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
FROM serversideup/github-cli:2.89.0 AS build
ARG TARGETARCH
ARG ZIZMOR_VERSION="v1.24.1"
COPY --chmod=755 scripts/install_github_release.sh /tmp/install_github_release.sh
RUN --mount=type=secret,id=GH_TOKEN,env=GH_TOKEN \
case "${TARGETARCH}" in \
x86_64|amd64) DOWNLOAD_BINARY=zizmor-x86_64-unknown-linux-gnu.tar.gz ;; \
aarch64|arm64) DOWNLOAD_BINARY=zizmor-aarch64-unknown-linux-gnu.tar.gz ;; \
*) echo "Unsupported TARGETARCH: ${TARGETARCH}" && exit 1 ;; \
esac \
&& INSTALL_DIR=/tmp/zizmor/ \
ARCH="${TARGETARCH}" \
VERSION="${ZIZMOR_VERSION}" \
GITHUB_REPO="zizmorcore/zizmor" \
TOOL="zizmor" \
DOWNLOAD_BINARY="${DOWNLOAD_BINARY}" \
VERIFY_BINARY_ATTESTATION="true" \
VERIFY_CHECKSUM="false" \
COMPRESSION="tar.gz" \
/tmp/install_github_release.sh
FROM scratch
COPY --from=build /tmp/zizmor/zizmor /zizmor
ENTRYPOINT ["/zizmor"]