diff --git a/README.md b/README.md index e56ea76..58b6e86 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ I only test the linux/amd64, linux/arm64, and windows/amd64 builds, the rest are x86_64 and ARM Docker images of latest version: `oci.seedno.de/seednode/roulette:latest`. -Dockerfile available [here](https://git.seedno.de/seednode/docker-roulette). +Dockerfile available [here](https://git.seedno.de/seednode/roulette/docker/Dockerfile). ## Filtering @@ -113,4 +113,9 @@ Flags: --stats-file string path to optional persistent stats file -v, --verbose log accessed files to stdout -V, --version display version and exit -``` \ No newline at end of file +``` + +## Building the Docker container +From inside the `docker/` subdirectory, build the image using the following command: + +`REGISTRY= LATEST=yes TAG=alpine ./build.sh` \ No newline at end of file diff --git a/build-docker.sh b/build-docker.sh deleted file mode 100755 index cd80cd2..0000000 --- a/build-docker.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/usr/bin/env bash -docker run -it --rm -v "$(pwd)":/code golang:alpine /bin/ash -c 'apk update && apk add bash && cd /code && ./build.sh' diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..dfcaff4 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,49 @@ +# set app name +ARG app=roulette + +# create build stage +ARG TAG +FROM --platform=$BUILDPLATFORM golang:$TAG AS build +ARG app + +# install dependencies +RUN apk add --update-cache git upx + +# clone +RUN git clone https://git.seedno.de/seednode/$app /src/$app + +# build and compress the binary +WORKDIR /src/$app +ARG TARGETOS TARGETARCH +RUN CGO_ENABLED=0 \ + GOOS=$TARGETOS \ + GOARCH=$TARGETARCH \ + go build -ldflags "-s -w" -o $app \ + && upx --best --lzma $app \ + && chmod 500 $app + +# set up final stage +FROM scratch +ARG app + +# copy in user info +COPY --chown=root:root --chmod=0400 passwd /etc/passwd + +# run as nonroot +USER nonroot + +# copy in binary +COPY --from=build --chown=root:root --chmod=0005 /src/$app/$app /$app + +# copy in time zone info +COPY --from=build --chown=root:root --chmod=0004 /usr/local/go/lib/time/zoneinfo.zip / + +# load time zone info +ENV ZONEINFO=/zoneinfo.zip + +# listen on an unprivileged port +EXPOSE 8080 + +# run application +ENTRYPOINT ["/roulette"] +CMD ["-r","/data"] diff --git a/docker/build.sh b/docker/build.sh new file mode 100644 index 0000000..f93b97e --- /dev/null +++ b/docker/build.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +# build, tag, and push docker images + +# exit if a command fails +set -o errexit + +# go docker image tag to use +tag="${TAG:-latest}" + +# if no registry is provided, tag image as "local" registry +registry="${REGISTRY:-local}" + +# set image name +image_name="roulette" + +# set image version +image_version="latest" + +# platforms to build for +platforms="linux/amd64" +platforms+=",linux/arm" +platforms+=",linux/arm64" +platforms+=",linux/ppc64le" + +# copy native image to local image repository +docker buildx build \ + --build-arg TAG="${tag}" \ + -t "${registry}/${image_name}:${image_version}" \ + -f Dockerfile . \ + --load + +# push image to remote registry +docker buildx build --platform "${platforms}" \ + --build-arg TAG="${tag}" \ + -t "${registry}/${image_name}:${image_version}" \ + -f Dockerfile . \ + --push diff --git a/docker/passwd b/docker/passwd new file mode 100644 index 0000000..dd842e0 --- /dev/null +++ b/docker/passwd @@ -0,0 +1,2 @@ +root:x:0:0:root:/root:/sbin/nologin +nonroot:x:65532:65532:nonroot:/home/nonroot:/sbin/nologin \ No newline at end of file