ARG VERSION=3.17.1 FROM alpine as build ARG VERSION ENV VERSION $VERSION ENV ALPINE_SERIES 3.17 ENV ALPINE_MIRROR https://ftp.halifax.rwth-aachen.de/alpine/v${ALPINE_SERIES} ENV ALPINE_ARCH x86_64 WORKDIR /root RUN set -xo pipefail; apk add --no-cache curl gnupg &&\ curl -LO ${ALPINE_MIRROR}/releases/${ALPINE_ARCH}/alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz &&\ curl -LO ${ALPINE_MIRROR}/releases/${ALPINE_ARCH}/alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz.asc &&\ gpg --recv 0482D84022F52DF1C4E7CD43293ACD0907D9495A &&\ gpg --verify alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz.asc alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz &&\ mkdir /dest &&\ tar -C /dest -xvzf alpine-minirootfs-${VERSION}-${ALPINE_ARCH}.tar.gz &&\ sed -i "s#http://dl-cdn.alpinelinux.org/alpine/v${ALPINE_SERIES}#${ALPINE_MIRROR}#g" /dest/etc/apk/repositories ADD scan-deps.sh /bin/scan-deps FROM scratch ARG VERSION ENV VERSION $VERSION COPY --from=build /dest / ADD zknt-ca.pem /usr/share/ca-certificates/zknt-ca.pem RUN set -xe;\ apk add --no-cache ca-certificates curl &&\ apk upgrade -a &&\ update-ca-certificates &&\ rm -rf /var/cache/apk/* CMD ["/bin/sh"] LABEL version.alpine=$VERSION