Information: This image builds against latest at the time of building Go version and master branch of tianon/gosu
The aim of this was to build against latest versions of Go, and in turn reducing the overwhelming amount of CVEs being flagged by common security engines due to Go version. gosu in itself isn't vulnerable to them but for some very adamant companies, that won't be enough to convince them. So, here's a solution to that problem I guess.
Idea and solution to this problem originally coined by @xcke on gosu issue page, I just ended up creating a Dockerfile for it by using Alpine image as it's base as oppossed to golang image. The comment since then was marked "off-topic" by the repository owner.
These images are built using GitHub actions, workflow file can be found here
You can find the repository + Dockerfile for this project here
- Pull this image in your project with
FROM docker.io/mrrubberducky/qor-gosu:alpine AS gosu COPYor use this image as a base, it usesalpine:edgeforlinux/amd64,linux/i386andlinux/arm64
FROM docker.io/mrrubberducky/qor-gosu:alpine AS gosu
FROM docker.io/library/alpine:edge
WORKDIR /app
ARG TARGETARCH
COPY --from=gosu /app/gosu /app/gosu