code-pathfinder/Dockerfile at main · shivasurya/code-pathfinder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
FROM cgr.dev/chainguard/go:latest AS builder

WORKDIR /app

COPY sast-engine .

ARG POSTHOG_WEB_ANALYTICS

ARG PROJECT_COMMIT

ENV POSTHOG_API_KEY=$POSTHOG_WEB_ANALYTICS

ARG PROJECT_VERSION

RUN echo "Building version ${PROJECT_VERSION} with commit ${PROJECT_COMMIT}"

RUN go mod download

RUN go build -ldflags="-s -w -X github.com/shivasurya/code-pathfinder/sast-engine/cmd.Version=${PROJECT_VERSION} -X github.com/shivasurya/code-pathfinder/sast-engine/cmd.GitCommit=${PROJECT_COMMIT} -X github.com/shivasurya/code-pathfinder/sast-engine/analytics.PublicKey=${POSTHOG_API_KEY}" -v -o pathfinder .

FROM cgr.dev/chainguard/wolfi-base:latest

WORKDIR /app

# Install Python 3.14 and pip for DSL execution
RUN apk add --no-cache \
    python3 \
    py3-pip

# Install Python DSL library for rule execution
RUN pip install --no-cache-dir codepathfinder

# Copy pathfinder binary from builder
COPY --from=builder /app/pathfinder /usr/bin/pathfinder

COPY entrypoint.sh /usr/bin/entrypoint.sh

RUN chmod +x /usr/bin/pathfinder

RUN chmod +x /usr/bin/entrypoint.sh

LABEL maintainer="shiva@shivasurya.me"
LABEL io.modelcontextprotocol.server.name="dev.codepathfinder/pathfinder"

# Disable in-product update notices for Docker users — they upgrade by
# pulling a new image tag, so an in-container nudge would be noise.
ENV PATHFINDER_NO_UPDATE_CHECK=1

ENTRYPOINT ["/usr/bin/entrypoint.sh"]