use alpine, reduce layers (#249)

Signed-off-by: Daniel Thamdrup <[email protected]>
jtesta · Mar 13, 2024 · 6f39407 · 6f39407
1 parent cb0f6b6
commit 6f39407
Showing 1 changed file with 12 additions and 9 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,16 +1,19 @@
-FROM python:3-slim
+# syntax=docker/dockerfile:latest
+FROM scratch AS files
 
-WORKDIR /
+# Copy ssh-audit code to temporary container
+COPY ssh-audit.py /
+COPY src/ /
 
-# Update the image to remediate any vulnerabilities.
-RUN apt update && apt -y upgrade && apt -y dist-upgrade && rm -rf /var/lib/apt/lists/*
+FROM python:3-alpine AS runtime
 
-# Remove suid & sgid bits from all files.
-RUN find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
+# Update the image to remediate any vulnerabilities.
+RUN apk upgrade -U --no-cache -a -l && \ 
+    # Remove suid & sgid bits from all files.
+    find / -xdev -perm /6000 -exec chmod ug-s {} \; 2> /dev/null || true
 
-# Copy the ssh-audit code.
-COPY ssh-audit.py .
-COPY src/ .
+# Copy the ssh-audit code from files container.
+COPY --from=files / /
 
 # Allow listening on 2222/tcp for client auditing.
 EXPOSE 2222