FROM golang:1.21-alpine as build ARG TARGETARCH ARG RELEASE ENV GOPATH /go ENV CGO_ENABLED 0 # Install curl and minisign RUN apk add -U --no-cache ca-certificates && \ apk add -U --no-cache curl && \ go install aead.dev/minisign/cmd/minisign@v0.2.0 # Download minio binary and signature file RUN curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips -o /go/bin/minio && \ curl -s -q https://dl.min.io/server/minio/release/linux-${TARGETARCH}/archive/minio.${RELEASE}.fips.minisig -o /go/bin/minio.minisig && \ chmod +x /go/bin/minio # Verify binary signature using public key "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGavRUN" RUN minisign -Vqm /go/bin/minio -x /go/bin/minio.minisig -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav FROM registry.access.redhat.com/ubi9/ubi-micro:latest ARG RELEASE LABEL name="MinIO" \ vendor="MinIO Inc " \ maintainer="MinIO Inc " \ version="${RELEASE}" \ release="${RELEASE}" \ summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \ description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads." ENV MINIO_ACCESS_KEY_FILE=access_key \ MINIO_SECRET_KEY_FILE=secret_key \ MINIO_ROOT_USER_FILE=access_key \ MINIO_ROOT_PASSWORD_FILE=secret_key \ MINIO_KMS_SECRET_KEY_FILE=kms_master_key \ MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \ MINIO_CONFIG_ENV_FILE=config.env COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=build /go/bin/minio /usr/bin/minio COPY CREDITS /licenses/CREDITS COPY LICENSE /licenses/LICENSE COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh EXPOSE 9000 VOLUME ["/data"] ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"] CMD ["minio"]