Dockerfile: allow inserting custom certs (#463)

Author: majewsky

.license-scan-overrides.jsonl

@@ -1,4 +1,5 @@
 {"name": "github.com/chzyer/logex", "licenceType": "MIT"}
+{"name": "github.com/grpc-ecosystem/go-grpc-middleware/v2", "licenceType": "Apache-2.0"}
 {"name": "github.com/hashicorp/vault/api/auth/approle", "licenceType": "MPL-2.0"}
 {"name": "github.com/jpillora/longestcommon", "licenceType": "MIT"}
 {"name": "github.com/logrusorgru/aurora", "licenceType": "Unlicense"}

Dockerfile

@@ -9,6 +9,10 @@ COPY . /src
 ARG BININFO_BUILD_DATE BININFO_COMMIT_HASH BININFO_VERSION # provided to 'make install'
 RUN make -C /src install PREFIX=/pkg GOTOOLCHAIN=local GO_BUILDFLAGS='-mod vendor'
 
+COPY certs/*.crt /usr/local/share/ca-certificates/
+
+RUN update-ca-certificates
+
 ################################################################################
 
 # To only build the tests run: docker build . --target test

Makefile.maker.yaml

@@ -12,6 +12,10 @@ dockerfile:
   enabled: true
   checkEnv:
     - CHECK_SKIPS_FUNCTIONAL_TEST=true
+  extraBuildDirectives:
+    # If ihe CI has supplied additional CA certificates, include them in the CA bundle
+    - 'COPY certs/*.crt /usr/local/share/ca-certificates/'
+    - 'RUN update-ca-certificates'
   extraIgnores:
     - examples/
     - make-config.sh
@@ -52,6 +56,8 @@ renovate:
 reuse:
   annotations:
     - paths:
+      - certs/*.crt
+      - certs/README.md
       - examples/*.yaml
       SPDX-FileCopyrightText: SAP SE or an SAP affiliate company
       SPDX-License-Identifier: Apache-2.0

REUSE.toml

@@ -21,6 +21,8 @@ SPDX-License-Identifier = "Apache-2.0"
 
 [[annotations]]
 path = [
+  "certs/*.crt",
+  "certs/README.md",
   "examples/*.yaml",
 ]
 SPDX-FileCopyrightText = "SAP SE or an SAP affiliate company"

certs/README.md

@@ -0,0 +1,4 @@
+# `certs/`
+
+If your swift-http-import build needs to accept additional (e.g. company-internal) CA certificates,
+put them into this folder as a `.crt` file, and `docker build` will pick them up automatically.