mirror of
https://github.com/lukaszraczylo/gohoarder.git
synced 2026-06-05 22:53:53 +00:00
60 lines
1.6 KiB
Docker
60 lines
1.6 KiB
Docker
# Scanning Engine - Background Scanner Worker
|
|
ARG TARGETOS
|
|
ARG TARGETARCH
|
|
|
|
FROM alpine:latest
|
|
|
|
# Install scanning tools and runtime dependencies
|
|
RUN apk add --no-cache \
|
|
ca-certificates \
|
|
tzdata \
|
|
git \
|
|
curl \
|
|
wget \
|
|
bash \
|
|
&& update-ca-certificates
|
|
|
|
# Install Trivy for container scanning
|
|
RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
|
|
|
|
# Install Grype for vulnerability scanning
|
|
RUN curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
|
|
|
|
# Create non-root user
|
|
RUN addgroup -g 1000 scanner && \
|
|
adduser -D -u 1000 -G scanner scanner
|
|
|
|
# Create necessary directories
|
|
RUN mkdir -p /data/cache /data/scans && \
|
|
chown -R scanner:scanner /data
|
|
|
|
# Copy binary (from platform-specific path)
|
|
ARG TARGETOS
|
|
ARG TARGETARCH
|
|
COPY ${TARGETOS}/${TARGETARCH}/gohoarder /usr/local/bin/gohoarder
|
|
RUN chmod +x /usr/local/bin/gohoarder
|
|
|
|
# Copy example config
|
|
COPY config.yaml.example /etc/gohoarder/config.yaml.example
|
|
|
|
WORKDIR /data
|
|
USER scanner
|
|
|
|
# Expose metrics port
|
|
EXPOSE 9091
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=60s --timeout=30s --start-period=10s --retries=3 \
|
|
CMD ["/usr/local/bin/gohoarder", "version"] || exit 1
|
|
|
|
# Environment variables for scanner mode
|
|
ENV SCANNER_MODE=true \
|
|
SCANNER_WORKERS=4 \
|
|
SCANNER_INTERVAL=300
|
|
|
|
# Run the scanner in background mode
|
|
# The scanner runs the same serve command but uses SCANNER_MODE env var
|
|
# and configuration to determine its role
|
|
ENTRYPOINT ["/usr/local/bin/gohoarder"]
|
|
CMD ["serve"]
|