Combined Docker repo into main repo

2023-09-05 08:22:06 -05:00 · 2023-09-05 08:22:06 -05:00 · e93dafd08a
parent 38c947e90d
commit e93dafd08a
5 changed files with 95 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -18,7 +18,7 @@ I only test the linux/amd64, linux/arm64, and windows/amd64 builds, the rest are

 x86_64 and ARM Docker images of latest version: `oci.seedno.de/seednode/roulette:latest`.

-Dockerfile available [here](https://git.seedno.de/seednode/docker-roulette).
+Dockerfile available [here](https://git.seedno.de/seednode/roulette/docker/Dockerfile).

 ## Filtering

@ -113,4 +113,9 @@ Flags:
      --stats-file string         path to optional persistent stats file
  -v, --verbose                   log accessed files to stdout
  -V, --version                   display version and exit
-```
+```
+
+## Building the Docker container
+From inside the `docker/` subdirectory, build the image using the following command:
+
+`REGISTRY=<registry url> LATEST=yes TAG=alpine ./build.sh`
--- a/build-docker.sh
+++ b/build-docker.sh
@ -1,2 +0,0 @@
-#!/usr/bin/env bash
-docker run -it --rm -v "$(pwd)":/code golang:alpine /bin/ash -c 'apk update && apk add bash && cd /code && ./build.sh'
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -0,0 +1,49 @@
+# set app name
+ARG app=roulette
+
+# create build stage
+ARG TAG
+FROM --platform=$BUILDPLATFORM golang:$TAG AS build
+ARG app
+
+# install dependencies
+RUN apk add --update-cache git upx
+
+# clone
+RUN git clone https://git.seedno.de/seednode/$app /src/$app
+
+# build and compress the binary
+WORKDIR /src/$app
+ARG TARGETOS TARGETARCH
+RUN CGO_ENABLED=0 \
+    GOOS=$TARGETOS \
+    GOARCH=$TARGETARCH \
+    go build -ldflags "-s -w" -o $app \
+    && upx --best --lzma $app \
+    && chmod 500 $app
+
+# set up final stage
+FROM scratch
+ARG app
+
+# copy in user info
+COPY --chown=root:root --chmod=0400 passwd /etc/passwd
+
+# run as nonroot
+USER nonroot
+
+# copy in binary
+COPY --from=build --chown=root:root --chmod=0005 /src/$app/$app /$app
+
+# copy in time zone info
+COPY --from=build --chown=root:root --chmod=0004 /usr/local/go/lib/time/zoneinfo.zip /
+
+# load time zone info
+ENV ZONEINFO=/zoneinfo.zip
+
+# listen on an unprivileged port
+EXPOSE 8080
+
+# run application
+ENTRYPOINT ["/roulette"]
+CMD ["-r","/data"]
--- a/docker/build.sh
+++ b/docker/build.sh
@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+# build, tag, and push docker images
+
+# exit if a command fails
+set -o errexit
+
+# go docker image tag to use
+tag="${TAG:-latest}"
+
+# if no registry is provided, tag image as "local" registry
+registry="${REGISTRY:-local}"
+
+# set image name
+image_name="roulette"
+
+# set image version
+image_version="latest"
+
+# platforms to build for
+platforms="linux/amd64"
+platforms+=",linux/arm"
+platforms+=",linux/arm64"
+platforms+=",linux/ppc64le"
+
+# copy native image to local image repository
+docker buildx build \
+                    --build-arg TAG="${tag}" \
+                    -t "${registry}/${image_name}:${image_version}" \
+                    -f Dockerfile . \
+                    --load
+
+# push image to remote registry
+docker buildx build --platform "${platforms}" \
+                    --build-arg TAG="${tag}" \
+                    -t "${registry}/${image_name}:${image_version}" \
+                    -f Dockerfile . \
+                    --push
--- a/docker/passwd
+++ b/docker/passwd
@ -0,0 +1,2 @@
+root:x:0:0:root:/root:/sbin/nologin
+nonroot:x:65532:65532:nonroot:/home/nonroot:/sbin/nologin