fix: use FROM scratch for Astra and RedOS builds

Russian OS registries (registry.astralinux.ru, registry.red-soft.ru) require auth not available in CI. Use scratch base with static musl binary instead — runs on any Linux including Astra SE and RED OS. Comment in each Dockerfile shows how to switch to official base image once registry access is configured.
2026-04-12 06:50:31 +00:00 · 2026-02-23 08:43:13 +00:00
parent 1e01d4df56
commit 037204a3eb
2 changed files with 10 additions and 12 deletions
--- a/Dockerfile.redos
+++ b/Dockerfile.redos
@@ -39,12 +39,12 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
    cargo build --release --package nora-registry && \
    cp /app/target/release/nora /usr/local/bin/nora

-# Runtime stage — RED OS (certified FSTEC OS)
-FROM redos/redos:8
+# Runtime stage — scratch (compatible with RED OS, no foreign OS components)
+# Switch FROM to registry.red-soft.ru/redos once registry access is configured
+FROM scratch

-RUN dnf install -y ca-certificates && \
-    dnf clean all && \
-    mkdir -p /data
+# CA certificates for TLS
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

 COPY --from=builder /usr/local/bin/nora /usr/local/bin/nora