cmd/gitmirror/Dockerfile - build - Git at Google

 # Copyright 2017 The Go Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style
 # license that can be found in the LICENSE file.

 FROM golang:1.21-bookworm AS build
 LABEL maintainer="golang-dev@googlegroups.com"

 RUN mkdir /gocache
 ENV GOCACHE /gocache

 COPY go.mod /go/src/golang.org/x/build/go.mod
 COPY go.sum /go/src/golang.org/x/build/go.sum

 WORKDIR /go/src/golang.org/x/build

 # Download module dependencies to improve speed of re-building the
 # Docker image during minor code changes.
 RUN go mod download

 COPY . /go/src/golang.org/x/build/

 RUN go install golang.org/x/build/cmd/gitmirror

 FROM debian:bookworm
 LABEL maintainer="golang-dev@googlegroups.com"

 # For interacting with the Go source & subrepos
 RUN apt-get update && apt-get install -y \
 	--no-install-recommends \
 	ca-certificates \
 	git-core \
 	openssh-client \
 	gnupg dirmngr \
 	curl tini \
 	&& rm -rf /var/lib/apt/lists/*

 # Install gcloud for auth to CSR, see https://cloud.google.com/sdk/docs/install#deb
 RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg  add - && apt-get update -y && apt-get install google-cloud-sdk -y && rm -rf /var/lib/apt/lists/*

 # Add github.com's known_hosts entries, so git push calls later don't
 # prompt, and don't need to have their strict host key checking
 # disabled.
 RUN mkdir -p ~/.ssh/ \
 	&& chmod 0700 ~/.ssh/ \
 	&& echo "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl" > ~/.ssh/known_hosts \
 	&& echo "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=" >> ~/.ssh/known_hosts \
 	&& echo "github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=" >> ~/.ssh/known_hosts \
 	&& chmod 0600 ~/.ssh/known_hosts

 COPY --from=build /go/bin/gitmirror /
 ENTRYPOINT ["/usr/bin/tini", "--", "/gitmirror"]
	# Copyright 2017 The Go Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style
	# license that can be found in the LICENSE file.

	FROM golang:1.21-bookworm AS build
	LABEL maintainer="golang-dev@googlegroups.com"

	RUN mkdir /gocache
	ENV GOCACHE /gocache

	COPY go.mod /go/src/golang.org/x/build/go.mod
	COPY go.sum /go/src/golang.org/x/build/go.sum

	WORKDIR /go/src/golang.org/x/build

	# Download module dependencies to improve speed of re-building the
	# Docker image during minor code changes.
	RUN go mod download

	COPY . /go/src/golang.org/x/build/

	RUN go install golang.org/x/build/cmd/gitmirror

	FROM debian:bookworm
	LABEL maintainer="golang-dev@googlegroups.com"

	# For interacting with the Go source & subrepos
	RUN apt-get update && apt-get install -y \
	--no-install-recommends \
	ca-certificates \
	git-core \
	openssh-client \
	gnupg dirmngr \
	curl tini \
	&& rm -rf /var/lib/apt/lists/*

	# Install gcloud for auth to CSR, see https://cloud.google.com/sdk/docs/install#deb
	RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] http://packages.cloud.google.com/apt cloud-sdk main" \| tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg \| apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - && apt-get update -y && apt-get install google-cloud-sdk -y && rm -rf /var/lib/apt/lists/*

	# Add github.com's known_hosts entries, so git push calls later don't
	# prompt, and don't need to have their strict host key checking
	# disabled.
	RUN mkdir -p ~/.ssh/ \
	&& chmod 0700 ~/.ssh/ \
	&& echo "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl" > ~/.ssh/known_hosts \
	&& echo "github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=" >> ~/.ssh/known_hosts \
	&& echo "github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=" >> ~/.ssh/known_hosts \
	&& chmod 0600 ~/.ssh/known_hosts

	COPY --from=build /go/bin/gitmirror /
	ENTRYPOINT ["/usr/bin/tini", "--", "/gitmirror"]