feat(CVP-4331): add check-payload tool

Signed-off-by: Yashvardhan Nanavati <yashn@bu.edu>
konflux-ci · Dec 2, 2024 · d916e49 · d916e49
1 parent 2b328bb
commit d916e49
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,20 @@
+# Build step for check-payload tool
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227.1726694542 as check-payload-build
+
+ARG CHECK_PAYLOAD_VERSION=0.3.2
+
+RUN microdnf -y --setopt=tsflags=nodocs --setopt=install_weak_deps=0 install \
+    golang \
+    gzip \
+    make \
+    tar
+
+RUN curl -k -s -L -o check-payload.tar.gz "https://github.com/openshift/check-payload/archive/refs/tags/${CHECK_PAYLOAD_VERSION}.tar.gz" && \
+    tar -xzf check-payload.tar.gz && rm check-payload.tar.gz && cd /check-payload-${CHECK_PAYLOAD_VERSION} && \
+    CGO_ENABLED=0 go build -ldflags="-X main.Commit=${CHECK_PAYLOAD_VERSION}" && mv check-payload /usr/bin/check-payload && chmod +x /usr/bin/check-payload && \
+    cd / && rm -rf /check-payload-${CHECK_PAYLOAD_VERSION} && \
+    microdnf clean all
+
 # Container image that runs your code
 FROM docker.io/snyk/snyk:linux@sha256:21217bfb2623ef192c8e2c743d6f81d8eee19c407b158a1742e180be47bb1dd4 as snyk
 FROM quay.io/enterprise-contract/ec-cli:snapshot@sha256:dc7d404596385e7d3c624ec0492524a1d57efe2b0c10cf0ec2158d49c0290a83 AS ec-cli
@@ -58,6 +75,8 @@ COPY --from=ec-cli /usr/local/bin/ec /usr/local/bin/ec
 
 COPY --from=cosign-bin /ko-app/cosign /usr/local/bin/cosign
 
+COPY --from=check-payload-build /usr/bin/check-payload /usr/bin/check-payload
+
 COPY policies $POLICY_PATH
 COPY test/conftest.sh $POLICY_PATH