akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity

feat: install CrowdSec CLI (cscli) in Docker runtime stage

Browse Source 
- Add cscli installation from official CrowdSec releases
- Update to CrowdSec v1.7.4 (from v1.6.0)
- Extract both crowdsec and cscli binaries from release tarball
- Install cscli to /usr/local/bin for PATH availability
- Add build-time validation with cscli version check
- Maintain minimal image size (293MB)
- Keep existing multi-stage build structure intact
This commit is contained in:
GitHub Actions
2025-12-08 23:19:38 +00:00
parent be2900bc5d
commit 571a61aaea
1 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Dockerfile
View File

@@ -177,18 +177,22 @@ RUN mkdir -p /app/data/geoip && \
# Copy Caddy binary from caddy-builder (overwriting the one from base image)
COPY --from=caddy-builder /usr/bin/caddy /usr/bin/caddy
# Install CrowdSec binary (default version can be overridden at build time)
ARG CROWDSEC_VERSION=1.6.0
# Install CrowdSec binary and CLI (default version can be overridden at build time)
ARG CROWDSEC_VERSION=1.7.4
# hadolint ignore=DL3018
RUN apk add --no-cache curl tar gzip && \
set -eux; \
URL="https://github.com/crowdsecurity/crowdsec/releases/download/v${CROWDSEC_VERSION}/crowdsec-v${CROWDSEC_VERSION}-linux-musl.tar.gz"; \
URL="https://github.com/crowdsecurity/crowdsec/releases/download/v${CROWDSEC_VERSION}/crowdsec-release.tgz"; \
curl -fSL "$URL" -o /tmp/crowdsec.tar.gz && \
mkdir -p /tmp/crowdsec && tar -xzf /tmp/crowdsec.tar.gz -C /tmp/crowdsec --strip-components=1 || true; \
if [ -f /tmp/crowdsec/crowdsec ]; then \
mv /tmp/crowdsec/crowdsec /usr/local/bin/crowdsec && chmod +x /usr/local/bin/crowdsec; \
mkdir -p /tmp/crowdsec && tar -xzf /tmp/crowdsec.tar.gz -C /tmp/crowdsec || true; \
if [ -f /tmp/crowdsec/crowdsec-v${CROWDSEC_VERSION}/cmd/crowdsec/crowdsec ]; then \
mv /tmp/crowdsec/crowdsec-v${CROWDSEC_VERSION}/cmd/crowdsec/crowdsec /usr/local/bin/crowdsec && chmod +x /usr/local/bin/crowdsec; \
fi && \
rm -rf /tmp/crowdsec /tmp/crowdsec.tar.gz || true
if [ -f /tmp/crowdsec/crowdsec-v${CROWDSEC_VERSION}/cmd/crowdsec-cli/cscli ]; then \
mv /tmp/crowdsec/crowdsec-v${CROWDSEC_VERSION}/cmd/crowdsec-cli/cscli /usr/local/bin/cscli && chmod +x /usr/local/bin/cscli; \
fi && \
rm -rf /tmp/crowdsec /tmp/crowdsec.tar.gz && \
cscli version
# Copy Go binary from backend builder
COPY --from=backend-builder /app/backend/charon /app/charon