1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# syntax=docker/dockerfile-upstream:master
# This container grabs the protoc compiler and the googleapi includes
# /protobuf will contain the extracted protoc
# /googleapis will contain the various googleapis proto imports one might need
FROM debian:bullseye-slim@sha256:33b7c2e071c29e618182ec872c471f39d2dde3d8904d95f5b7a61acf3a592e7b AS protoc-builder
# Create output directories
RUN mkdir /protobuf /googleapis
# Install needed utilities
RUN apt-get update && apt-get install -y unzip git
# Set up user and group to match host we're building the container on
ARG UID
RUN adduser --uid ${UID} --disabled-password myuser
# Set permissions on the output directories so the user can write to them
RUN chown myuser /protobuf /googleapis
# Switch to user to execute the remaining commands
USER myuser
# Download specific release of protoc
# TODO: add dependabot-like feature to check for release updates
ARG PROTOC_VERSION
ARG PROTOC_CHECKSUM
ADD --chown=myuser --checksum=${PROTOC_CHECKSUM} https://github.com/protocolbuffers/protobuf/releases/download/${PROTOC_VERSION}/protoc-${PROTOC_VERSION#v}-linux-x86_64.zip /tmp/protoc.zip
RUN unzip -d /protobuf /tmp/protoc.zip
RUN chmod 755 /protobuf/bin/protoc
# fetch specific commit of googleapis
ARG GOOGLEAPIS_COMMIT
RUN git clone --filter=tree:0 https://github.com/googleapis/googleapis.git /googleapis && \
cd /googleapis && git checkout ${GOOGLEAPIS_COMMIT}
FROM scratch
COPY --from=protoc-builder /protobuf /protobuf
COPY --from=protoc-builder /googleapis /googleapis
|
