-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
43 lines (30 loc) · 1.16 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Build stage
FROM golang:1.22 AS builder
# do people even care about the LFS hirarchy anymore?
WORKDIR /app
# Copy go mod and sum files in first so we can cache the dependencies
COPY go.mod go.sum ./
RUN go mod download
# copy in the app and build it
COPY ./cmd ./cmd
COPY ./internal ./internal
# statically compile the go binary for the presumed target of amd64 linux
# whilst its larger, its more portable and will run in a scratch container
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o api-server ./cmd/api
# hack to create the nobody user for the scratch container.
# hadolint ignore=DL3059
RUN echo "nobody:x:65534:65534:Nobody:/:" > /etc_passwd
# Use multi stage builds. This is the final runtime stage. We can use ephemeral containers in kubernetes now :tada:
# We could make a development target if this displeases people too.
FROM scratch
# expose the port and hardcode it for now
EXPOSE 8080
# copy in the nobody user in
COPY --from=builder /etc_passwd /etc/passwd
WORKDIR /app
COPY data ./data
COPY --from=builder /app/api-server /app/api-server
# dont run the app as root, it is insecure
USER nobody
ENV PORT_FILE="/app/data/ports.json"
CMD ["./api-server"]