modified: Dockerfile

new file:   Dockerfile.arm64
	new file:   Dockerfile.armv6

Dockerfile

@@ -1,27 +1,16 @@
-# This ARG has to be at the top, otherwise the docker daemon does not known what to do with FROM ${RUNTIME_IMAGE}
-ARG RUNTIME_IMAGE=alpine:3.17.2
-
-# All builds should be done using the platform native to the build node to allow
-#  cache sharing of the go mod download step.
-# Go cross compilation is also faster than emulation the go compilation across
-#  multiple platforms.
-FROM --platform=${BUILDPLATFORM} golang:1.19-buster AS builder
+FROM golang:1.19-buster AS builder
 
 # Copy sources
 WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
 
 # Fetch dependencies
 COPY go.mod go.sum ./
-RUN go mod download
+RUN GO111MODULE=on go mod download
 
 # Now pull in our code
 COPY . .
 
-# Arguments go here so that the previous steps can be cached if no external
-#  sources have changed.
 ARG VERSION
-ARG TARGETPLATFORM
-ARG BUILDPLATFORM
 
 # Build binary and make sure there is at least an empty key file.
 #  This is useful for GCP App Engine custom runtime builds, because
@@ -29,26 +18,16 @@ ARG BUILDPLATFORM
 #  build the key into the container and then tell it where it is
 #  by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
 #  in app.yaml instead.
-# Set the cross compilation arguments based on the TARGETPLATFORM which is
-#  automatically set by the docker engine.
-RUN case ${TARGETPLATFORM} in \
-         "linux/amd64")  GOARCH=amd64  ;; \
-         # arm64 and arm64v8 are equivilant in go and do not require a goarm
-         # https://github.com/golang/go/wiki/GoArm
-         "linux/arm64" | "linux/arm/v8")  GOARCH=arm64  ;; \
-         "linux/ppc64le")  GOARCH=ppc64le  ;; \
-         "linux/arm/v6") GOARCH=arm GOARM=6  ;; \
-    esac && \
-    printf "Building OAuth2 Proxy for arch ${GOARCH}\n" && \
-    GOARCH=${GOARCH} VERSION=${VERSION} make build && touch jwt_signing_key.pem
+RUN VERSION=${VERSION} make build && touch jwt_signing_key.pem
 
 # Copy binary to alpine
-FROM ${RUNTIME_IMAGE}
+FROM alpine:3.14
 COPY nsswitch.conf /etc/nsswitch.conf
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
 COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
+COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/pkg/app/pagewriter/login /bin/static/login
 
-# UID/GID 65532 is also known as nonroot user in distroless image
-USER 65532:65532
+USER 2000:2000
 
 ENTRYPOINT ["/bin/oauth2-proxy"]

Dockerfile.arm64

@@ -0,0 +1,32 @@
+FROM golang:1.19-buster AS builder
+
+# Copy sources
+WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
+
+# Fetch dependencies
+COPY go.mod go.sum ./
+RUN GO111MODULE=on go mod download
+
+# Now pull in our code
+COPY . .
+
+ARG VERSION
+
+# Build binary and make sure there is at least an empty key file.
+#  This is useful for GCP App Engine custom runtime builds, because
+#  you cannot use multiline variables in their app.yaml, so you have to
+#  build the key into the container and then tell it where it is
+#  by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
+#  in app.yaml instead.
+RUN VERSION=${VERSION} GOARCH=arm64 make build && touch jwt_signing_key.pem
+
+# Copy binary to alpine
+FROM arm64v8/alpine:3.14
+COPY nsswitch.conf /etc/nsswitch.conf
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
+COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
+
+USER 2000:2000
+
+ENTRYPOINT ["/bin/oauth2-proxy"]

Dockerfile.armv6

@@ -0,0 +1,32 @@
+FROM golang:1.19-buster AS builder
+
+# Copy sources
+WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
+
+# Fetch dependencies
+COPY go.mod go.sum ./
+RUN GO111MODULE=on go mod download
+
+# Now pull in our code
+COPY . .
+
+ARG VERSION
+
+# Build binary and make sure there is at least an empty key file.
+#  This is useful for GCP App Engine custom runtime builds, because
+#  you cannot use multiline variables in their app.yaml, so you have to
+#  build the key into the container and then tell it where it is
+#  by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
+#  in app.yaml instead.
+RUN VERSION=${VERSION} GOARCH=arm GOARM=6 make build && touch jwt_signing_key.pem
+
+# Copy binary to alpine
+FROM arm32v6/alpine:3.14
+COPY nsswitch.conf /etc/nsswitch.conf
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
+COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
+
+USER 2000:2000
+
+ENTRYPOINT ["/bin/oauth2-proxy"]