akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 8 Packages Projects Releases Wiki Activity

feat: install CrowdSec CLI (cscli) in Docker runtime stage

Browse Source 
- Add cscli installation from official CrowdSec releases
- Update to CrowdSec v1.7.4 (from v1.6.0)
- Extract both crowdsec and cscli binaries from release tarball
- Install cscli to /usr/local/bin for PATH availability
- Add build-time validation with cscli version check
- Maintain minimal image size (293MB)
- Keep existing multi-stage build structure intact
This commit is contained in:
GitHub Actions
2025-12-08 23:19:38 +00:00
parent be2900bc5d
commit 571a61aaea
1 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+11 -7
View File
@@ -177,18 +177,22 @@ RUN mkdir -p /app/data/geoip && \
# Copy Caddy binary from caddy-builder (overwriting the one from base image) # Copy Caddy binary from caddy-builder (overwriting the one from base image)
COPY --from=caddy-builder /usr/bin/caddy /usr/bin/caddy COPY --from=caddy-builder /usr/bin/caddy /usr/bin/caddy
# Install CrowdSec binary (default version can be overridden at build time) # Install CrowdSec binary and CLI (default version can be overridden at build time)
ARG CROWDSEC_VERSION=1.6.0 ARG CROWDSEC_VERSION=1.7.4
# hadolint ignore=DL3018 # hadolint ignore=DL3018
RUN apk add --no-cache curl tar gzip && \ RUN apk add --no-cache curl tar gzip && \
set -eux; \ set -eux; \
URL="https://github.com/crowdsecurity/crowdsec/releases/download/v${CROWDSEC_VERSION}/crowdsec-v${CROWDSEC_VERSION}-linux-musl.tar.gz"; \ URL="https://github.com/crowdsecurity/crowdsec/releases/download/v${CROWDSEC_VERSION}/crowdsec-release.tgz"; \
curl -fSL "$URL" -o /tmp/crowdsec.tar.gz && \ curl -fSL "$URL" -o /tmp/crowdsec.tar.gz && \
mkdir -p /tmp/crowdsec && tar -xzf /tmp/crowdsec.tar.gz -C /tmp/crowdsec --strip-components=1 || true; \ mkdir -p /tmp/crowdsec && tar -xzf /tmp/crowdsec.tar.gz -C /tmp/crowdsec || true; \
if [ -f /tmp/crowdsec/crowdsec ]; then \ if [ -f /tmp/crowdsec/crowdsec-v${CROWDSEC_VERSION}/cmd/crowdsec/crowdsec ]; then \
mv /tmp/crowdsec/crowdsec /usr/local/bin/crowdsec && chmod +x /usr/local/bin/crowdsec; \ mv /tmp/crowdsec/crowdsec-v${CROWDSEC_VERSION}/cmd/crowdsec/crowdsec /usr/local/bin/crowdsec && chmod +x /usr/local/bin/crowdsec; \
fi && \ fi && \
rm -rf /tmp/crowdsec /tmp/crowdsec.tar.gz || true if [ -f /tmp/crowdsec/crowdsec-v${CROWDSEC_VERSION}/cmd/crowdsec-cli/cscli ]; then \
mv /tmp/crowdsec/crowdsec-v${CROWDSEC_VERSION}/cmd/crowdsec-cli/cscli /usr/local/bin/cscli && chmod +x /usr/local/bin/cscli; \
fi && \
rm -rf /tmp/crowdsec /tmp/crowdsec.tar.gz && \
cscli version
# Copy Go binary from backend builder # Copy Go binary from backend builder
COPY --from=backend-builder /app/backend/charon /app/charon COPY --from=backend-builder /app/backend/charon /app/charon