Use multi-stage Dockerfiles for Security Product analyzers (#9736) · Issues · GitLab.org / GitLab

All our analyzers are available through a Docker image. Therefore, all these repos contain a Dockerfile to build the image. Yet, docker build will fail if the developer didn't install go, and build the project entirely before. We should make that step easier and reproducible with multi-stage builds. We'll have to update our https://gitlab.com/gitlab-org/security-products/ci-templates/raw/master/includes-dev/analyzer.yml file accordingly, but that will ensure that we use the same build process everywhere.

FROM golang:1.11 AS build
# Force the go compiler to use modules
ENV GO111MODULE=on CGO_ENABLED=0 GOOS=linux
WORKDIR /go/src/app
COPY . .
RUN go build -o analyzer

FROM node:11-alpine

ARG ESLINT_VERSION
ARG ESLINT_SECURITY_VERSION

ENV ESLINT_VERSION ${ESLINT_VERSION:-5.12.1}
ENV ESLINT_SECURITY_VERSION ${ESLINT_SECURITY_VERSION:-1.4.0}

# --unsafe-perm is a needed workaround for  https://github.com/npm/uid-number/issues/7
# Or else it doesn't build on gitlab-runner
RUN npm install -g --unsafe-perm eslint@$ESLINT_VERSION eslint-plugin-html eslint-plugin-security@$ESLINT_SECURITY_VERSION

USER node
WORKDIR /home/node

COPY --from=build --chown=root:root /go/src/app/analyzer /
COPY eslintrc /home/node/.eslintrc

ENTRYPOINT []
CMD ["/analyzer", "run"]

Use multi-stage Dockerfiles for Security Product analyzers

Implementation Plan