container from scratch (5M)
This commit is contained in:
parent
a2bd3a85f5
commit
0399f38f02
41
Dockerfile
41
Dockerfile
|
@ -1,18 +1,39 @@
|
|||
FROM golang:alpine as builder
|
||||
|
||||
ENV GO111MODULE=on
|
||||
RUN apk add git
|
||||
RUN apk add --no-cache git
|
||||
ADD . /app
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
# create appuser
|
||||
ENV USER=appuser
|
||||
ENV UID=10001
|
||||
|
||||
# See https://stackoverflow.com/a/55757473/12429735RUN
|
||||
RUN adduser \
|
||||
--disabled-password \
|
||||
--gecos "" \
|
||||
--home "/nonexistent" \
|
||||
--shell "/sbin/nologin" \
|
||||
--no-create-home \
|
||||
--uid "${UID}" \
|
||||
"${USER}"
|
||||
|
||||
RUN go mod download
|
||||
RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary
|
||||
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary
|
||||
|
||||
FROM alpine:latest as production
|
||||
RUN mkdir /app
|
||||
COPY --from=builder /app/binary /app
|
||||
COPY --from=builder /app/api.json /app
|
||||
FROM scratch as production
|
||||
|
||||
# import the user and group files from the builder.
|
||||
COPY --from=builder /etc/passwd /etc/passwd
|
||||
COPY --from=builder /etc/group /etc/group
|
||||
|
||||
# copy executable & config
|
||||
COPY --from=builder /app/binary /app/
|
||||
COPY --from=builder /app/api.json /app/
|
||||
|
||||
# Use an unprivileged user.
|
||||
USER appuser:appuser
|
||||
WORKDIR /app/
|
||||
|
||||
WORKDIR /app
|
||||
EXPOSE 4242/tcp
|
||||
CMD "/app/binary"
|
||||
CMD ["/app/binary"]
|
Loading…
Reference in New Issue