container executable shrinked with UPX

This commit is contained in:
Adrien Marquès 2020-03-09 18:59:04 +01:00
parent 2431a101ef
commit 2ed811fd73
Signed by: xdrm-brackets
GPG Key ID: D75243CA236D825E
1 changed files with 22 additions and 5 deletions

View File

@ -1,9 +1,29 @@
FROM golang:alpine as builder
RUN apk add --no-cache git
# ------------------------ #
# (1) install dependencies
# ------------------------ #
# git is needed for go modules
RUN apk add git
# upx to shrink executable size
ARG UPX_VERSION="3.96"
RUN apk add curl && \
curl -L https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz -o /tmp/upx.tar.xz && \
tar -xf /tmp/upx.tar.xz -C /tmp/ && ls /tmp;
# copy sources
ADD . /app
WORKDIR /app
# compile
RUN go mod download && \
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /app/binary
# shrink executable
RUN /tmp/upx-${UPX_VERSION}-amd64_linux/upx --brute /app/binary
# create appuser
ENV USER=appuser
ENV UID=10001
@ -18,9 +38,6 @@ RUN adduser \
--uid "${UID}" \
"${USER}"
RUN go mod download
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary
FROM scratch as production
# import the user and group files from the builder.
@ -30,10 +47,10 @@ COPY --from=builder /etc/group /etc/group
# copy executable & config
COPY --from=builder /app/binary /app/
COPY --from=builder /app/api.json /app/
WORKDIR /app/
# Use an unprivileged user.
USER appuser:appuser
WORKDIR /app/
EXPOSE 4242/tcp
CMD ["/app/binary"]