From 491cef00d121a3aa02fb485e555e728a981b5f56 Mon Sep 17 00:00:00 2001
From: Matthias Bertschy <matthias.bertschy@gmail.com>
Date: Tue, 8 Aug 2023 16:01:38 +0200
Subject: [PATCH] use distroless base image

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
---
 .github/workflows/pr-created.yaml |  4 ++--
 .github/workflows/pr-merged.yaml  |  2 +-
 build/Dockerfile                  | 26 +++++++++++---------------
 go.mod                            |  2 +-
 4 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/pr-created.yaml b/.github/workflows/pr-created.yaml
index 5fb29bb..15cae60 100644
--- a/.github/workflows/pr-created.yaml
+++ b/.github/workflows/pr-created.yaml
@@ -21,5 +21,5 @@ jobs:
   pr-created:
     uses: kubescape/workflows/.github/workflows/incluster-comp-pr-created.yaml@main
     with:
-      GO_VERSION: "1.18"
-    secrets: inherit
\ No newline at end of file
+      GO_VERSION: "1.20"
+    secrets: inherit
diff --git a/.github/workflows/pr-merged.yaml b/.github/workflows/pr-merged.yaml
index 3db4eb1..46f42ed 100644
--- a/.github/workflows/pr-merged.yaml
+++ b/.github/workflows/pr-merged.yaml
@@ -24,7 +24,7 @@ jobs:
       CGO_ENABLED: 0
       GO111MODULE: ""
       BUILD_PLATFORM: linux/amd64,linux/arm64
-      GO_VERSION: "1.18"
+      GO_VERSION: "1.20"
       REQUIRED_TESTS: '[
                         "vulnerability_scanning", 
                         "vulnerability_scanning_trigger_scan_on_new_image", 
diff --git a/build/Dockerfile b/build/Dockerfile
index 71440be..1b5d7f5 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,24 +1,20 @@
-FROM golang:1.19-alpine as builder
-
-ENV GO111MODULE=
-
-ENV CGO_ENABLED=0
+FROM --platform=$BUILDPLATFORM golang:1.20-bullseye as builder
 
+ENV GO111MODULE=on CGO_ENABLED=0
 WORKDIR /work
-ADD . .
+ARG TARGETOS TARGETARCH
 
-RUN apk add git
-
-WORKDIR /work
-RUN go build -o build/gateway
+RUN --mount=target=. \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg \
+    GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/gateway .
 
-FROM alpine
+FROM gcr.io/distroless/static-debian11:nonroot
 
-RUN addgroup -S ks && adduser -S ks -G ks
-USER ks
-WORKDIR /home/ks/
+USER nonroot
+WORKDIR /home/nonroot/
 
-COPY --from=builder /work/build/gateway /usr/bin/gateway
+COPY --from=builder /out/gateway /usr/bin/gateway
 
 ARG image_version
 ENV RELEASE=$image_version
diff --git a/go.mod b/go.mod
index 1de23f1..b86a0a3 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/kubescape/gateway
 
-go 1.19
+go 1.20
 
 require (
 	github.com/armosec/cluster-notifier-api-go v0.0.5