Skip to content

Commit b80ccbb

Browse files
williamdeswilliamdes
committed
Add SBOM and use source tarball instead of git
See: rust-lang/cargo#2808 (comment)
1 parent 4edd615 commit b80ccbb

File tree

1 file changed

+48
-2
lines changed

1 file changed

+48
-2
lines changed

docker/Dockerfile

Lines changed: 48 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,18 +3,64 @@ FROM alpine:3.17 as builder
33

44
WORKDIR /workdir
55

6+
ARG RUST_PYTHON_VERSION="0.2.0"
7+
ENV CARGO_HOME="/workdir"
8+
ENV CARGO_INSTALL_ROOT="/workdir"
9+
610
# Newer rust needed due to let...else feature
711
RUN apk add --no-cache --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community rust cargo
812

913
RUN apk --no-cache add musl-dev
1014

11-
RUN cargo install --root /workdir --git https://github.com/RustPython/RustPython --tag v0.2.0 --features freeze-stdlib --profile release
15+
ADD https://github.com/RustPython/RustPython/archive/refs/tags/v$RUST_PYTHON_VERSION.tar.gz /tmp/v$RUST_PYTHON_VERSION.tar.gz
16+
17+
RUN tar --strip-components=1 -C /workdir -xzf /tmp/v$RUST_PYTHON_VERSION.tar.gz
18+
19+
RUN cargo fetch --locked
20+
21+
RUN cargo build --features freeze-stdlib --release --locked --offline --bin rustpython
1222

1323
FROM alpine:3.17
1424

1525
RUN apk --no-cache add musl libgcc
1626

17-
COPY --from=builder /workdir/bin/rustpython /usr/local/bin/rustpython
27+
COPY --from=builder /workdir/target/release/rustpython /usr/local/bin/rustpython
28+
COPY <<-EOT /usr/local/share/sbom/rustpython.spdx.json
29+
{
30+
"spdxVersion": "SPDX-2.3",
31+
"dataLicense": "CC0-1.0",
32+
"SPDXID": "SPDXRef-DOCUMENT",
33+
"name": "docker-rustpython",
34+
"packages": [
35+
{
36+
"name": "rustpython",
37+
"SPDXID": "SPDXRef-Package-binary-rustpython-${RUST_PYTHON_VERSION}",
38+
"versionInfo": "${RUST_PYTHON_VERSION}",
39+
"downloadLocation": "https://github.com/RustPython/RustPython",
40+
"sourceInfo": "Built from source at: https://github.com/RustPython/RustPython",
41+
"licenseConcluded": "MIT",
42+
"licenseDeclared": "MIT",
43+
"copyrightText": "NOASSERTION",
44+
"description": "rustpython"
45+
}
46+
],
47+
"files": [
48+
{
49+
"SPDXID": "SPDXRef-rustpython-${RUST_PYTHON_VERSION}",
50+
"licenseConcluded": "MIT",
51+
"fileName": "/usr/local/bin/rustpython",
52+
"fileType": "BINARY"
53+
}
54+
],
55+
"relationships": [
56+
{
57+
"spdxElementId": "SPDXRef-Package-binary-rustpython-${RUST_PYTHON_VERSION}",
58+
"relationshipType": "CONTAINS",
59+
"relatedSpdxElement": "SPDXRef-rustpython-${RUST_PYTHON_VERSION}"
60+
}
61+
]
62+
}
63+
EOT
1864

1965
RUN rustpython --version && \
2066
echo -e "import json\nprint(json.dumps([{'server': [{'tls': False}]}]))" | rustpython -q

0 commit comments

Comments
 (0)