articles-api/Dockerfile

56 lines
1.3 KiB
Docker
Raw Permalink Normal View History

FROM golang:alpine as builder
2020-03-09 17:59:04 +00:00
# ------------------------ #
# (1) install dependencies
# ------------------------ #
# git is needed for go modules
RUN apk add git
# upx to shrink executable size
ARG UPX_VERSION="3.96"
RUN apk add curl && \
curl -L https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz -o /tmp/upx.tar.xz && \
tar -xf /tmp/upx.tar.xz -C /tmp/ && ls /tmp;
# copy sources
ADD . /app
WORKDIR /app
2020-03-09 17:40:01 +00:00
2020-03-09 17:59:04 +00:00
# compile
RUN go mod download && \
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /app/binary
# shrink executable
RUN /tmp/upx-${UPX_VERSION}-amd64_linux/upx --brute /app/binary
2020-03-09 17:40:01 +00:00
# create appuser
ENV USER=appuser
ENV UID=10001
# See https://stackoverflow.com/a/55757473/12429735RUN
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
"${USER}"
FROM scratch as production
# import the user and group files from the builder.
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group
# copy executable & config
COPY --from=builder /app/binary /app/
COPY --from=builder /app/api.json /app/
2020-03-09 17:59:04 +00:00
WORKDIR /app/
2020-03-09 17:40:01 +00:00
# Use an unprivileged user.
USER appuser:appuser
EXPOSE 4242/tcp
2020-03-09 18:16:27 +00:00
ENTRYPOINT ["/app/binary"]