container from scratch (5M)

This commit is contained in:
Adrien Marquès 2020-03-09 18:40:01 +01:00
parent a2bd3a85f5
commit 0399f38f02
Signed by: xdrm-brackets
GPG Key ID: D75243CA236D825E
1 changed files with 31 additions and 10 deletions

View File

@ -1,18 +1,39 @@
FROM golang:alpine as builder
ENV GO111MODULE=on
RUN apk add git
RUN apk add --no-cache git
ADD . /app
WORKDIR /app
# create appuser
ENV USER=appuser
ENV UID=10001
# See https://stackoverflow.com/a/55757473/12429735RUN
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
"${USER}"
RUN go mod download
RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary
FROM alpine:latest as production
RUN mkdir /app
COPY --from=builder /app/binary /app
COPY --from=builder /app/api.json /app
FROM scratch as production
# import the user and group files from the builder.
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group
# copy executable & config
COPY --from=builder /app/binary /app/
COPY --from=builder /app/api.json /app/
# Use an unprivileged user.
USER appuser:appuser
WORKDIR /app/
WORKDIR /app
EXPOSE 4242/tcp
CMD "/app/binary"
CMD ["/app/binary"]