mirror of
https://github.com/Pull-Pal/pull-pal.git
synced 2025-01-02 23:46:55 -05:00
60 lines
1.6 KiB
Docker
60 lines
1.6 KiB
Docker
|
# Check out this cool article:
|
||
|
# https://chemidy.medium.com/create-the-smallest-and-secured-golang-docker-image-based-on-scratch-4752223b7324
|
||
|
|
||
|
# We recommend building with docker's buildx toolset
|
||
|
|
||
|
ARG BUILDER_IMAGE=golang:alpine
|
||
|
############################
|
||
|
# STEP 1 build executable binary
|
||
|
############################
|
||
|
FROM ${BUILDER_IMAGE} as builder
|
||
|
|
||
|
# Install git + SSL ca certificates.
|
||
|
# Git is required for fetching the dependencies.
|
||
|
# Ca-certificates is required to call HTTPS endpoints.
|
||
|
RUN apk update && apk add --no-cache git ca-certificates tzdata && update-ca-certificates
|
||
|
|
||
|
# Create appuser
|
||
|
ENV USER=pullpal
|
||
|
ENV UID=10001
|
||
|
|
||
|
# See https://stackoverflow.com/a/55757473/12429735
|
||
|
RUN adduser \
|
||
|
--disabled-password \
|
||
|
--gecos "" \
|
||
|
--home "/nonexistent" \
|
||
|
--shell "/sbin/nologin" \
|
||
|
--no-create-home \
|
||
|
--uid "${UID}" \
|
||
|
"${USER}"
|
||
|
WORKDIR $GOPATH/src/mypackage/myapp/
|
||
|
COPY . .
|
||
|
|
||
|
# Fetch dependencies.
|
||
|
RUN go get -d -v
|
||
|
|
||
|
# Build the binary
|
||
|
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
|
||
|
-ldflags='-w -s -extldflags "-static"' -a \
|
||
|
-o /go/bin/pullpal .
|
||
|
|
||
|
############################
|
||
|
# STEP 2 build a small image
|
||
|
############################
|
||
|
FROM alpine
|
||
|
|
||
|
# Import from builder.
|
||
|
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
|
||
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||
|
COPY --from=builder /etc/passwd /etc/passwd
|
||
|
COPY --from=builder /etc/group /etc/group
|
||
|
|
||
|
# Copy our static executable
|
||
|
COPY --from=builder /go/bin/pullpal /go/bin/pullpal
|
||
|
|
||
|
# Use an unprivileged user.
|
||
|
USER pullpal:pullpal
|
||
|
|
||
|
# Run the pullpal binary.
|
||
|
ENTRYPOINT ["/go/bin/pullpal","--config=/etc/pullpal/config.yaml"]
|