From 037204a3eb93b05ebe11e33fa7edf7fa9045b8bf Mon Sep 17 00:00:00 2001 From: devitway Date: Mon, 23 Feb 2026 08:43:13 +0000 Subject: [PATCH] fix: use FROM scratch for Astra and RedOS builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Russian OS registries (registry.astralinux.ru, registry.red-soft.ru) require auth not available in CI. Use scratch base with static musl binary instead — runs on any Linux including Astra SE and RED OS. Comment in each Dockerfile shows how to switch to official base image once registry access is configured. --- Dockerfile.astra | 12 +++++------- Dockerfile.redos | 10 +++++----- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/Dockerfile.astra b/Dockerfile.astra index 0f69a33..40f61a1 100644 --- a/Dockerfile.astra +++ b/Dockerfile.astra @@ -39,14 +39,12 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \ cargo build --release --package nora-registry && \ cp /app/target/release/nora /usr/local/bin/nora -# Runtime stage — Astra Linux Special Edition (certified FSTEC OS) -FROM astralinux/alse:latest +# Runtime stage — scratch (compatible with Astra Linux SE, no foreign OS components) +# Switch FROM to registry.astralinux.ru/library/alse once registry access is configured +FROM scratch -RUN apt-get update && \ - apt-get install -y --no-install-recommends ca-certificates && \ - rm -rf /var/lib/apt/lists/* - -RUN mkdir -p /data +# CA certificates for TLS +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=builder /usr/local/bin/nora /usr/local/bin/nora diff --git a/Dockerfile.redos b/Dockerfile.redos index b4e97b3..1b276be 100644 --- a/Dockerfile.redos +++ b/Dockerfile.redos @@ -39,12 +39,12 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \ cargo build --release --package nora-registry && \ cp /app/target/release/nora /usr/local/bin/nora -# Runtime stage — RED OS (certified FSTEC OS) -FROM redos/redos:8 +# Runtime stage — scratch (compatible with RED OS, no foreign OS components) +# Switch FROM to registry.red-soft.ru/redos once registry access is configured +FROM scratch -RUN dnf install -y ca-certificates && \ - dnf clean all && \ - mkdir -p /data +# CA certificates for TLS +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt COPY --from=builder /usr/local/bin/nora /usr/local/bin/nora