VictoriaMetrics/app/vmui/Dockerfile-web
Sergey 9bea7610f0
security: update base Alpine image to 3.18.2 to avoid security risks (#4571)
libcrypto3 and libssl3 in Alpine 3.18.0 have versions `3.1.0-r4`
which contains CVE-2023-2650:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
Use ALpine image 3.18.2 which contains fixed versions of libssl3
and libcrypto3: 3.1.1-r0
NB: In Openshift these containers are marked as vulnerabilities
because of these CVEs.
2023-07-04 09:23:53 +02:00

19 lines
537 B
Plaintext

FROM golang:1.20.5 as build-web-stage
COPY build /build
WORKDIR /build
COPY web/ /build/
RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o web-amd64 github.com/VictoriMetrics/vmui/ && \
GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o web-windows github.com/VictoriMetrics/vmui/
FROM alpine:3.18.2
USER root
COPY --from=build-web-stage /build/web-amd64 /app/web
COPY --from=build-web-stage /build/web-windows /app/web-windows
RUN adduser -S -D -u 1000 web && chown -R web /app
USER web
EXPOSE 8080
ENTRYPOINT ["/app/web"]