kernald/talosctl-image
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages 1 Wiki Activity Actions
talosctl-image/Dockerfile
Marc Plano-Lesay d2a6f8d195
All checks were successful
Checking yaml / Run yamllint (pull_request) Successful in 5s
Details
Checking Renovate configuration / validate (pull_request) Successful in 1m54s
Details
Build talosctl+talhelper+sops image (push on main only) / build (push) Successful in 6m0s
Details
Init
2025-11-24 16:45:28 +11:00

128 lines
5.7 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1.7
# Build an OCI image that provides:
# - talosctl
# - talhelper
# - sops
#
# Versions are controlled by build ARGs below. Renovate is configured to bump
# these ARGs automatically. The CI workflow builds the image and tags it with a
# composite version tag reflecting all three component versions.
# renovate: datasource=github-releases depName=siderolabs/talos versioning=semver
ARG TALOSCTL_VERSION=1.9.2
# renovate: datasource=github-releases depName=budimanjojo/talhelper versioning=semver
ARG TALHELPER_VERSION=3.0.39
# renovate: datasource=github-releases depName=getsops/sops versioning=semver
ARG SOPS_VERSION=3.11.0
# renovate: datasource=docker depName=cgr.dev/chainguard/wolfi-base
FROM cgr.dev/chainguard/wolfi-base:latest AS downloader
ARG TALOSCTL_VERSION
ARG TALHELPER_VERSION
ARG SOPS_VERSION
RUN set -eux; \
apk add --no-cache curl ca-certificates-bundle
# Map Docker TARGETARCH to upstream asset architecture naming where needed.
ARG TARGETARCH
RUN set -eux; \
case "${TARGETARCH}" in \
amd64) TALOS_ARCH=amd64; TALHELPER_ARCH=amd64; SOPS_ARCH=amd64 ;; \
arm64) TALOS_ARCH=arm64; TALHELPER_ARCH=arm64; SOPS_ARCH=arm64 ;; \
*) echo "Unsupported TARGETARCH=${TARGETARCH}"; exit 1 ;; \
esac; \
echo "TALOS_ARCH=${TALOS_ARCH}" > /tmp/arches.env; \
echo "TALHELPER_ARCH=${TALHELPER_ARCH}" >> /tmp/arches.env; \
echo "SOPS_ARCH=${SOPS_ARCH}" >> /tmp/arches.env
SHELL ["/bin/sh", "-c"]
# Download talosctl and verify checksum
RUN . /tmp/arches.env; \
set -eux; \
TALOS_URL="https://github.com/siderolabs/talos/releases/download/v${TALOSCTL_VERSION}/talosctl-linux-${TALOS_ARCH}"; \
curl -fsSL -o /tmp/talosctl "${TALOS_URL}"; \
chmod +x /tmp/talosctl; \
if curl -fsSL -o /tmp/talosctl.sha256 "${TALOS_URL}.sha256"; then \
TALOS_SHA=$(tr -d ' \n\r' < /tmp/talosctl.sha256); \
else \
curl -fsSL -o /tmp/talos_checksums.txt "https://github.com/siderolabs/talos/releases/download/v${TALOSCTL_VERSION}/sha256sum.txt"; \
TALOS_SHA=$(grep "$(basename ${TALOS_URL})" /tmp/talos_checksums.txt | awk '{print $1}' | tr -d ' \n\r'); \
fi; \
echo "${TALOS_SHA} /tmp/talosctl" | sha256sum -c -; \
echo "${TALOS_URL}" > /tmp/talosctl.src; \
echo "${TALOS_SHA}" > /tmp/talosctl.sha
# Download talhelper (tar.gz containing the binary) and verify checksum
RUN . /tmp/arches.env; \
set -eux; \
TALHELPER_TGZ_URL="https://github.com/budimanjojo/talhelper/releases/download/v${TALHELPER_VERSION}/talhelper_linux_${TALHELPER_ARCH}.tar.gz"; \
curl -fsSL -o /tmp/talhelper.tgz "${TALHELPER_TGZ_URL}"; \
if curl -fsSL -o /tmp/talhelper.tgz.sha256 "${TALHELPER_TGZ_URL}.sha256"; then \
TALHELPER_TGZ_SHA=$(tr -d ' \n\r' < /tmp/talhelper.tgz.sha256); \
else \
curl -fsSL -o /tmp/talhelper_checksums.txt "https://github.com/budimanjojo/talhelper/releases/download/v${TALHELPER_VERSION}/checksums.txt"; \
TALHELPER_TGZ_SHA=$(grep "$(basename ${TALHELPER_TGZ_URL})" /tmp/talhelper_checksums.txt | awk '{print $1}' | tr -d ' \n\r'); \
fi; \
echo "${TALHELPER_TGZ_SHA} /tmp/talhelper.tgz" | sha256sum -c -; \
mkdir -p /tmp/talhelper && tar -xzf /tmp/talhelper.tgz -C /tmp/talhelper; \
mv /tmp/talhelper/talhelper /tmp/talhelper.bin; \
chmod +x /tmp/talhelper.bin; \
echo "${TALHELPER_TGZ_URL}" > /tmp/talhelper.src; \
echo "${TALHELPER_TGZ_SHA}" > /tmp/talhelper.sha
# Download sops and verify checksum
RUN . /tmp/arches.env; \
set -eux; \
SOPS_URL="https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.${SOPS_ARCH}"; \
curl -fsSL -o /tmp/sops "${SOPS_URL}"; \
chmod +x /tmp/sops; \
if curl -fsSL -o /tmp/sops.sha256 "${SOPS_URL}.sha256"; then \
SOPS_SHA=$(tr -d ' \n\r' < /tmp/sops.sha256); \
else \
curl -fsSL -o /tmp/sops_checksums.txt "https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.checksums.txt"; \
SOPS_SHA=$(grep "$(basename ${SOPS_URL})" /tmp/sops_checksums.txt | awk '{print $1}' | tr -d ' \n\r'); \
fi; \
echo "${SOPS_SHA} /tmp/sops" | sha256sum -c -; \
echo "${SOPS_URL}" > /tmp/sops.src; \
echo "${SOPS_SHA}" > /tmp/sops.sha
# renovate: datasource=docker depName=cgr.dev/chainguard/wolfi-base
FROM cgr.dev/chainguard/wolfi-base:latest
ARG TALOSCTL_VERSION
ARG TALHELPER_VERSION
ARG SOPS_VERSION
LABEL org.opencontainers.image.title="talosctl + talhelper + sops"
LABEL org.opencontainers.image.description="Utility image containing talosctl, talhelper, and sops"
LABEL org.opencontainers.image.source="$GITHUB_SERVER_URL/$GITHUB_REPOSITORY"
LABEL org.opencontainers.image.licenses="MIT"
LABEL org.opencontainers.image.version.talosctl="${TALOSCTL_VERSION}"
LABEL org.opencontainers.image.version.talhelper="${TALHELPER_VERSION}"
LABEL org.opencontainers.image.version.sops="${SOPS_VERSION}"
LABEL org.opencontainers.image.url.talosctl="https://github.com/siderolabs/talos"
LABEL org.opencontainers.image.url.talhelper="https://github.com/budimanjojo/talhelper"
LABEL org.opencontainers.image.url.sops="https://github.com/getsops/sops"
RUN set -eux; \
apk add --no-cache ca-certificates-bundle bash git openssh-client; \
mkdir -p /usr/local/share/checksums
COPY --from=downloader /tmp/talosctl /usr/local/bin/talosctl
COPY --from=downloader /tmp/talhelper.bin /usr/local/bin/talhelper
COPY --from=downloader /tmp/sops /usr/local/bin/sops
COPY --from=downloader /tmp/*.sha /usr/local/share/checksums/
COPY --from=downloader /tmp/*.src /usr/local/share/checksums/
RUN set -eux; \
chmod +x /usr/local/bin/talosctl /usr/local/bin/talhelper /usr/local/bin/sops
ENV PAGER=cat
# Print versions by default so users can see what's inside quickly.
CMD talosctl version --client && talhelper --version && sops --version
Reference in a new issue View git blame Copy permalink