From 0a7b6e470ddf088d070c239406950fe8f72aadef Mon Sep 17 00:00:00 2001 From: Zhe Li Date: Fri, 15 Aug 2025 18:50:01 +0200 Subject: [PATCH 1/4] feat(Dockerfile): add Dockerfile for building and running the telemetry exporter docs(README.md): update README with instructions for building and running the Docker image --- Dockerfile | 47 +++++++++++++++++++++++++++++++++++++++++++++++ README.md | 11 +++++++++++ 2 files changed, 58 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..35279cd --- /dev/null +++ b/Dockerfile @@ -0,0 +1,47 @@ +# Use the latest version of Go as the base image +FROM golang:1.22 AS base + +# Install needed dependencies for base image and update certs +RUN apt-get update \ + && apt-get install -y ca-certificates \ + && update-ca-certificates + +# create a build artifact +FROM base AS builder +# Set the working directory to the root of the project +WORKDIR /app + +# Copy the Go dependencies file and download the dependencies +COPY go.mod . +COPY go.sum . +RUN go mod download + +# Copy the Makefile and the rest of the source code +COPY .git ./.git +COPY . ./ + +# Build the application +RUN go build -o telemetry + +# Create a new, smaller image based on alpine +FROM alpine:latest + +# Install ca-certificates for HTTPS support +RUN apk --no-cache add ca-certificates + +# Create a non-root user +RUN addgroup -g 1001 telemetry && \ + adduser -D -s /bin/sh -u 1001 -G telemetry telemetry + +# Make dir for mounting config file and set ownership +RUN mkdir -p /home/telemetry/.telemetry/config && \ + chown -R telemetry:telemetry /home/telemetry + +# Copy the built executable from the builder image and set ownership +COPY --from=builder /app/telemetry /app/telemetry +RUN chown telemetry:telemetry /app/telemetry + +# Switch to the non-root user +USER telemetry + +ENTRYPOINT ["/app/telemetry"] \ No newline at end of file diff --git a/README.md b/README.md index ee49455..66fe9c5 100644 --- a/README.md +++ b/README.md @@ -120,3 +120,14 @@ If you are running Heimdall v2 (where the version API endpoint has changed), fol After these steps, your telemetry exporter will be compatible with the new Heimdall v2 version API. +## Build Docker Image + +``` +docker buildx build --platform linux/amd64 -t matic-telemetry . +``` + +## Run Docker Image +Run matic-telemetry with the config file in the current directory: +``` +docker run --name matic-telemetry -v config.toml:/home/telemetry/.telemetry/config/config.toml matic-telemetry +``` \ No newline at end of file From eea5737eb4a4de4117dbf4b1c31186c5e42820fa Mon Sep 17 00:00:00 2001 From: Zhe Li Date: Fri, 15 Aug 2025 19:10:12 +0200 Subject: [PATCH 2/4] build(Dockerfile): enable static linking for Alpine to reduce binary size and dependencies --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 35279cd..9182c77 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,8 +20,8 @@ RUN go mod download COPY .git ./.git COPY . ./ -# Build the application -RUN go build -o telemetry +# Build the application with static linking for Alpine +RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o telemetry . # Create a new, smaller image based on alpine FROM alpine:latest From 77629ae8295e2e5c93c476fe1ce92ec6eee58ddf Mon Sep 17 00:00:00 2001 From: Zhe Li Date: Mon, 18 Aug 2025 10:54:22 +0200 Subject: [PATCH 3/4] Address issue CVE-2025-22871 --- Dockerfile | 2 +- go.mod | 23 ++++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9182c77..09c1b0c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Use the latest version of Go as the base image -FROM golang:1.22 AS base +FROM golang:1.23.8 AS base # Install needed dependencies for base image and update certs RUN apt-get update \ diff --git a/go.mod b/go.mod index d3068da..793bae6 100644 --- a/go.mod +++ b/go.mod @@ -1,19 +1,32 @@ module github.com/vitwit/matic-telemetry -go 1.15 +go 1.21.13 + +require ( + github.com/gorilla/websocket v1.4.2 + github.com/sirupsen/logrus v1.8.1 + github.com/spf13/viper v1.7.1 + gopkg.in/go-playground/validator.v9 v9.31.0 +) require ( github.com/fsnotify/fsnotify v1.4.9 // indirect + github.com/go-playground/locales v0.13.0 // indirect github.com/go-playground/universal-translator v0.17.0 // indirect - github.com/gorilla/websocket v1.4.2 + github.com/hashicorp/hcl v1.0.0 // indirect github.com/leodido/go-urn v1.2.1 // indirect - github.com/sirupsen/logrus v1.8.1 + github.com/magiconair/properties v1.8.1 // indirect + github.com/mitchellh/mapstructure v1.1.2 // indirect + github.com/pelletier/go-toml v1.2.0 // indirect + github.com/spf13/afero v1.1.2 // indirect + github.com/spf13/cast v1.3.0 // indirect + github.com/spf13/jwalterweatherman v1.0.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/spf13/viper v1.7.1 github.com/stretchr/testify v1.7.0 // indirect + github.com/subosito/gotenv v1.2.0 // indirect golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c // indirect golang.org/x/text v0.3.3 // indirect gopkg.in/go-playground/assert.v1 v1.2.1 // indirect - gopkg.in/go-playground/validator.v9 v9.31.0 + gopkg.in/ini.v1 v1.51.0 // indirect gopkg.in/yaml.v2 v2.3.0 // indirect ) From 647b36bc3c7bfe7e11c64f28f23692b30a4c6791 Mon Sep 17 00:00:00 2001 From: Zhe Li Date: Mon, 18 Aug 2025 10:58:37 +0200 Subject: [PATCH 4/4] build(Dockerfile): update base image to golang:1.23.12 to ensure the latest version is used and improve security by updating dependencies and certificates. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 09c1b0c..4d9bee7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Use the latest version of Go as the base image -FROM golang:1.23.8 AS base +FROM golang:1.23.12 AS base # Install needed dependencies for base image and update certs RUN apt-get update \