guildhouse-spire-plugins

tking/guildhouse-spire-plugins

SHA256

Fork 0

Commit graph

Author	SHA256	Message	Date
Tyler J King	f3e1d161d0	packaging: production Dockerfile for spire-plugins image Two-stage build. Builder stage: golang:1.23.6-bookworm (pinned to match the go directive in go.mod exactly), CGO_ENABLED=0, -trimpath and -s -w linker flags for reproducible, size-minimized static binaries. Compiles all four plugin binaries into /plugins/. Runtime stage: debian:bookworm-slim with the /plugins/ directory copied in and made world-readable. The image is inert — SPIRE server and agent Deployments consume it via an initContainer that runs `cp -r /plugins/ /opt/spire/plugins/` into a shared emptyDir volume, so no ENTRYPOINT is needed. Path: git.guildhouse.dev/tking/spire-plugins:v0.1.0. Not replacing Containerfile.dev, which remains the local-dev variant. Signed-off-by: Tyler J King <tking@guildhouse.dev>	2026-04-22 12:06:55 -04:00

Author

SHA256

Message

Date

Tyler J King

f3e1d161d0

packaging: production Dockerfile for spire-plugins image

Two-stage build. Builder stage: golang:1.23.6-bookworm (pinned to
match the go directive in go.mod exactly), CGO_ENABLED=0, -trimpath
and -s -w linker flags for reproducible, size-minimized static
binaries. Compiles all four plugin binaries into /plugins/.

Runtime stage: debian:bookworm-slim with the /plugins/ directory
copied in and made world-readable. The image is inert — SPIRE server
and agent Deployments consume it via an initContainer that runs
`cp -r /plugins/ /opt/spire/plugins/` into a shared emptyDir volume,
so no ENTRYPOINT is needed.

Path: git.guildhouse.dev/tking/spire-plugins:v0.1.0.

Not replacing Containerfile.dev, which remains the local-dev variant.

Signed-off-by: Tyler J King <tking@guildhouse.dev>

2026-04-22 12:06:55 -04:00

1 commit