Be more restrictive while building the image (#361)

* Be more restrictive while building the image * Move where docker creates its login tmp files
RedHatInsights · Apr 17, 2024 · 2869007 · 2869007
1 parent bbd29ce
commit 2869007
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,4 @@
+.docker
+.podman
+.kube
+.git
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,13 @@
 FROM registry.access.redhat.com/ubi8/go-toolset as builder
 
 WORKDIR /go/src/app
-COPY . .
+
+COPY go.mod go.sum .
+COPY internal/ internal/
+COPY cmd/ cmd/
+COPY main.go main.go
+
+RUN go mod download
 
 USER 0
 

diff --git a/build_deploy.sh b/build_deploy.sh
@@ -17,7 +17,18 @@ if [[ -z "$RH_REGISTRY_USER" || -z "$RH_REGISTRY_TOKEN" ]]; then
     exit 1
 fi
 
-DOCKER_CONF="$PWD/.docker"
+# Create tmp dir to store data in during job run (do NOT store in $WORKSPACE)
+export TMP_JOB_DIR=$(mktemp -d -p "$HOME" -t "jenkins-${JOB_NAME}-${BUILD_NUMBER}-XXXXXX")
+echo "job tmp dir location: $TMP_JOB_DIR"
+
+function job_cleanup() {
+    echo "cleaning up job tmp dir: $TMP_JOB_DIR"
+    rm -fr $TMP_JOB_DIR
+}
+
+trap job_cleanup EXIT ERR SIGINT SIGTERM
+
+DOCKER_CONF="$TMP_JOB_DIR/.docker"
 mkdir -p "$DOCKER_CONF"
 
 docker --config="$DOCKER_CONF" login -u="$QUAY_USER" -p="$QUAY_TOKEN" quay.io
-Original file line number
+Diff line change
@@ -0,0 +1,4 @@
+    .docker
+    .podman
+    .kube
+    .git