container executable shrinked with UPX

2020-03-09 18:59:04 +01:00 · 2020-03-09 18:59:04 +01:00 · 2ed811fd73
parent 2431a101ef
commit 2ed811fd73
1 changed files with 22 additions and 5 deletions
--- a/27
+++ b/27
@ -1,9 +1,29 @@
 FROM golang:alpine as builder

-RUN apk add --no-cache git
+# ------------------------ #
+# (1) install dependencies
+# ------------------------ #
+
+# git is needed for go modules
+RUN apk add git
+
+# upx to shrink executable size
+ARG UPX_VERSION="3.96"
+RUN apk add curl && \
+	curl -L https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz -o /tmp/upx.tar.xz && \
+	tar -xf /tmp/upx.tar.xz -C /tmp/ && ls /tmp;
+
+# copy sources
 ADD . /app
 WORKDIR /app

+# compile
+RUN go mod download && \
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /app/binary
+
+# shrink executable
+RUN /tmp/upx-${UPX_VERSION}-amd64_linux/upx --brute /app/binary
+
 # create appuser
 ENV USER=appuser
 ENV UID=10001
@ -18,9 +38,6 @@ RUN adduser \
    --uid "${UID}" \
    "${USER}"

-RUN go mod download
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary
-
 FROM scratch as production

 # import the user and group files from the builder.
@ -30,10 +47,10 @@ COPY --from=builder /etc/group /etc/group
 # copy executable & config
 COPY --from=builder /app/binary /app/
 COPY --from=builder /app/api.json /app/
+WORKDIR /app/

 # Use an unprivileged user.
 USER appuser:appuser
-WORKDIR /app/

 EXPOSE 4242/tcp
 CMD ["/app/binary"]