container executable shrinked with UPX
This commit is contained in:
parent
2431a101ef
commit
2ed811fd73
27
Dockerfile
27
Dockerfile
|
@ -1,9 +1,29 @@
|
|||
FROM golang:alpine as builder
|
||||
|
||||
RUN apk add --no-cache git
|
||||
# ------------------------ #
|
||||
# (1) install dependencies
|
||||
# ------------------------ #
|
||||
|
||||
# git is needed for go modules
|
||||
RUN apk add git
|
||||
|
||||
# upx to shrink executable size
|
||||
ARG UPX_VERSION="3.96"
|
||||
RUN apk add curl && \
|
||||
curl -L https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz -o /tmp/upx.tar.xz && \
|
||||
tar -xf /tmp/upx.tar.xz -C /tmp/ && ls /tmp;
|
||||
|
||||
# copy sources
|
||||
ADD . /app
|
||||
WORKDIR /app
|
||||
|
||||
# compile
|
||||
RUN go mod download && \
|
||||
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /app/binary
|
||||
|
||||
# shrink executable
|
||||
RUN /tmp/upx-${UPX_VERSION}-amd64_linux/upx --brute /app/binary
|
||||
|
||||
# create appuser
|
||||
ENV USER=appuser
|
||||
ENV UID=10001
|
||||
|
@ -18,9 +38,6 @@ RUN adduser \
|
|||
--uid "${UID}" \
|
||||
"${USER}"
|
||||
|
||||
RUN go mod download
|
||||
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary
|
||||
|
||||
FROM scratch as production
|
||||
|
||||
# import the user and group files from the builder.
|
||||
|
@ -30,10 +47,10 @@ COPY --from=builder /etc/group /etc/group
|
|||
# copy executable & config
|
||||
COPY --from=builder /app/binary /app/
|
||||
COPY --from=builder /app/api.json /app/
|
||||
WORKDIR /app/
|
||||
|
||||
# Use an unprivileged user.
|
||||
USER appuser:appuser
|
||||
WORKDIR /app/
|
||||
|
||||
EXPOSE 4242/tcp
|
||||
CMD ["/app/binary"]
|
Loading…
Reference in New Issue