VOL-3970 lock down deploy image
- use distroless base image for deployment
- use nonroot user/group for image
Change-Id: Id89752d763748c2ce442ae41068705ae682d646a
diff --git a/Makefile b/Makefile
index 494e691..80b793f 100644
--- a/Makefile
+++ b/Makefile
@@ -28,8 +28,9 @@
DOCKER_EXTRA_ARGS ?=
DOCKER_REGISTRY ?=
DOCKER_REPOSITORY ?=
-DOCKER_TAG ?= ${VERSION}
+DOCKER_TAG ?= ${VERSION}$(shell [[ ${DOCKER_LABEL_VCS_DIRTY} == "true" ]] && echo "-dirty" || true)
ADAPTER_IMAGENAME := ${DOCKER_REGISTRY}${DOCKER_REPOSITORY}voltha-openolt-adapter:${DOCKER_TAG}
+DOCKER_TARGET ?= prod
TYPE ?= minimal
## Docker labels. Only set ref and commit date if committed
@@ -78,9 +79,9 @@
build: docker-build ## Alias for 'docker build'
docker-build: local-protos local-lib-go ## Build openolt adapter docker image (set BUILD_PROFILED=true to also build the profiled image)
- docker build $(DOCKER_BUILD_ARGS) -t ${ADAPTER_IMAGENAME} -f docker/Dockerfile.openolt .
+ docker build $(DOCKER_BUILD_ARGS) --target ${DOCKER_TARGET} -t ${ADAPTER_IMAGENAME} -f docker/Dockerfile.openolt .
ifdef BUILD_PROFILED
- docker build $(DOCKER_BUILD_ARGS) --build-arg EXTRA_GO_BUILD_TAGS="-tags profile" -t ${ADAPTER_IMAGENAME}-profile -f docker/Dockerfile.openolt .
+ docker build $(DOCKER_BUILD_ARGS) --target ${DOCKER_TARGET} --build-arg EXTRA_GO_BUILD_TAGS="-tags profile" -t ${ADAPTER_IMAGENAME}-profile -f docker/Dockerfile.openolt .
endif
docker-push: ## Push the docker images to an external repository