mirror of
https://github.com/lukaszraczylo/traefikoidc.git
synced 2026-06-06 22:49:43 +00:00
lukaszraczylo
2af05701dc
- Add 'oidcgate' build entry (linux/darwin × amd64/arm64) to goreleaser. - Add per-OS/arch tar.gz archives for the daemon binary. - Add dockers + docker_manifests entries publishing ghcr.io/lukaszraczylo/oidcgate:vX.Y.Z (release tag), :vX.Y, :vX, :latest as multi-arch manifests (linux/amd64 + linux/arm64). - Add cmd/oidcgate/Dockerfile (distroless static, nonroot user). - Sign images with cosign keyless (docker_signs). - Preserve existing source-only Traefik plugin archive via meta:true. - Update README to advertise the published image.
29 lines
1.0 KiB
Docker
29 lines
1.0 KiB
Docker
# syntax=docker/dockerfile:1.7
|
|
#
|
|
# This Dockerfile is consumed by GoReleaser. The binary is built outside
|
|
# the Docker context (by goreleaser's Go cross-compile) and placed in the
|
|
# build context as ./oidcgate before `docker buildx build` runs.
|
|
#
|
|
# To build locally without goreleaser:
|
|
# go build -o oidcgate ./cmd/oidcgate
|
|
# docker build -f cmd/oidcgate/Dockerfile -t oidcgate:dev .
|
|
FROM gcr.io/distroless/static-debian12:nonroot
|
|
|
|
ARG TARGETOS
|
|
ARG TARGETARCH
|
|
|
|
LABEL org.opencontainers.image.title="oidcgate"
|
|
LABEL org.opencontainers.image.description="Standalone OIDC forward-auth daemon for nginx/Caddy/Traefik/HAProxy/Envoy"
|
|
LABEL org.opencontainers.image.source="https://github.com/lukaszraczylo/traefikoidc"
|
|
LABEL org.opencontainers.image.documentation="https://github.com/lukaszraczylo/traefikoidc/blob/main/docs/OIDCGATE.md"
|
|
LABEL org.opencontainers.image.licenses="MIT"
|
|
|
|
COPY oidcgate /usr/local/bin/oidcgate
|
|
|
|
EXPOSE 8080
|
|
|
|
USER nonroot:nonroot
|
|
|
|
ENTRYPOINT ["/usr/local/bin/oidcgate"]
|
|
CMD ["--config", "/etc/oidcgate/config.yaml"]
|