From 2ed811fd73427ff6a3dac99358c6a65889f6d3d4 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Mon, 9 Mar 2020 18:59:04 +0100 Subject: [PATCH] container executable shrinked with UPX --- Dockerfile | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index b88088e..351036c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,29 @@ FROM golang:alpine as builder -RUN apk add --no-cache git +# ------------------------ # +# (1) install dependencies +# ------------------------ # + +# git is needed for go modules +RUN apk add git + +# upx to shrink executable size +ARG UPX_VERSION="3.96" +RUN apk add curl && \ + curl -L https://github.com/upx/upx/releases/download/v${UPX_VERSION}/upx-${UPX_VERSION}-amd64_linux.tar.xz -o /tmp/upx.tar.xz && \ + tar -xf /tmp/upx.tar.xz -C /tmp/ && ls /tmp; + +# copy sources ADD . /app WORKDIR /app +# compile +RUN go mod download && \ + CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /app/binary + +# shrink executable +RUN /tmp/upx-${UPX_VERSION}-amd64_linux/upx --brute /app/binary + # create appuser ENV USER=appuser ENV UID=10001 @@ -18,9 +38,6 @@ RUN adduser \ --uid "${UID}" \ "${USER}" -RUN go mod download -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o binary - FROM scratch as production # import the user and group files from the builder. @@ -30,10 +47,10 @@ COPY --from=builder /etc/group /etc/group # copy executable & config COPY --from=builder /app/binary /app/ COPY --from=builder /app/api.json /app/ +WORKDIR /app/ # Use an unprivileged user. USER appuser:appuser -WORKDIR /app/ EXPOSE 4242/tcp CMD ["/app/binary"] \ No newline at end of file