Bump go to 1.17 and use distroless for Docker image

Dockerfile

@@ -2,7 +2,7 @@
 FROM alpine AS certs
 RUN apk --update add ca-certificates
 
-FROM golang:1.16.6-alpine AS base
+FROM golang:1.17.2-alpine AS base
 
 # To fix go get and build with cgo
 RUN apk add --no-cache --virtual .build-deps \
@@ -31,7 +31,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo \
     -o dctna-server ./cmd/dctna-server
 
 # Collect certificates and binary
-FROM alpine
+FROM gcr.io/distroless/base-debian11
 EXPOSE 8086 8443
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 # root user required as the volumes mount as root

go.mod

@@ -1,6 +1,6 @@
 module github.com/philips-labs/dct-notary-admin
 
-go 1.15
+go 1.17
 
 require (
 	github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect

lib/notary/tuf.go

@@ -5,7 +5,6 @@ import (
 	"encoding/base64"
 	"encoding/pem"
 	"fmt"
-	"io/ioutil"
 	"net"
 	"net/http"
 	"net/url"
@@ -70,7 +69,7 @@ func importRootCert(certFilePath string) ([]data.PublicKey, error) {
 	}
 
 	// read certificate from file
-	certPEM, err := ioutil.ReadFile(certFilePath)
+	certPEM, err := os.ReadFile(certFilePath)
 	if err != nil {
 		return nil, fmt.Errorf("error reading certificate file: %v", err)
 	}
@@ -92,7 +91,7 @@ func importRootCert(certFilePath string) ([]data.PublicKey, error) {
 // Attempt to read a role key from a file, and return it as a data.PrivateKey
 // If key is for the Root role, it must be encrypted
 func readKey(role data.RoleName, keyFilename string, retriever notary.PassRetriever) (data.PrivateKey, error) {
-	pemBytes, err := ioutil.ReadFile(keyFilename)
+	pemBytes, err := os.ReadFile(keyFilename)
 	if err != nil {
 		return nil, fmt.Errorf("Error reading input root key file: %v", err)
 	}