Compare commits
3 Commits
fc425425b5
...
a2857ce16f
Author | SHA1 | Date |
---|---|---|
Seednode | a2857ce16f | |
Seednode | f5c031af7e | |
Seednode | a29c46aa7f |
|
@ -182,7 +182,7 @@ Flags:
|
||||||
--video enable support for video files
|
--video enable support for video files
|
||||||
```
|
```
|
||||||
|
|
||||||
## Building the Docker container
|
## Building the Docker image
|
||||||
From inside the `docker/` subdirectory, build the image using the following command:
|
From inside the cloned repository, build the image using the following command:
|
||||||
|
|
||||||
`REGISTRY=<registry url> LATEST=yes TAG=alpine ./build.sh`
|
`REGISTRY=<registry url> LATEST=yes TAG=alpine ./build-docker.sh`
|
||||||
|
|
|
@ -14,7 +14,7 @@ registry="${REGISTRY:-local}"
|
||||||
image_name="roulette"
|
image_name="roulette"
|
||||||
|
|
||||||
# set image version
|
# set image version
|
||||||
image_version="$(grep "ReleaseVersion" ../cmd/root.go | head -n1 | awk '{print $4}' | sed 's/\"//g')"
|
image_version="$(grep "ReleaseVersion" cmd/root.go | head -n1 | awk '{print $4}' | sed 's/\"//g')"
|
||||||
|
|
||||||
# platforms to build for
|
# platforms to build for
|
||||||
platforms="linux/amd64"
|
platforms="linux/amd64"
|
||||||
|
@ -27,7 +27,7 @@ docker buildx build \
|
||||||
--build-arg TAG="${tag}" \
|
--build-arg TAG="${tag}" \
|
||||||
-t "${registry}/${image_name}:${image_version}" \
|
-t "${registry}/${image_name}:${image_version}" \
|
||||||
$(if [ "${LATEST}" == "yes" ]; then echo "-t ${registry}/${image_name}:latest"; fi) \
|
$(if [ "${LATEST}" == "yes" ]; then echo "-t ${registry}/${image_name}:latest"; fi) \
|
||||||
-f Dockerfile . \
|
-f docker/Dockerfile . \
|
||||||
--load
|
--load
|
||||||
|
|
||||||
# push image to remote registry
|
# push image to remote registry
|
||||||
|
@ -35,7 +35,7 @@ docker buildx build --platform "${platforms}" \
|
||||||
--build-arg TAG="${tag}" \
|
--build-arg TAG="${tag}" \
|
||||||
-t "${registry}/${image_name}:${image_version}" \
|
-t "${registry}/${image_name}:${image_version}" \
|
||||||
$(if [ "${LATEST}" == "yes" ]; then echo "-t ${registry}/${image_name}:latest"; fi) \
|
$(if [ "${LATEST}" == "yes" ]; then echo "-t ${registry}/${image_name}:latest"; fi) \
|
||||||
-f Dockerfile . \
|
-f docker/Dockerfile . \
|
||||||
--push
|
--push
|
||||||
|
|
||||||
# copy debug image to local image repository
|
# copy debug image to local image repository
|
||||||
|
@ -43,7 +43,7 @@ docker buildx build \
|
||||||
--build-arg TAG="${tag}" \
|
--build-arg TAG="${tag}" \
|
||||||
-t "${registry}/${image_name}:${image_version}-debug" \
|
-t "${registry}/${image_name}:${image_version}-debug" \
|
||||||
$(if [ "${LATEST}" == "yes" ]; then echo "-t ${registry}/${image_name}:debug"; fi) \
|
$(if [ "${LATEST}" == "yes" ]; then echo "-t ${registry}/${image_name}:debug"; fi) \
|
||||||
-f Dockerfile.debug . \
|
-f docker/Dockerfile.debug . \
|
||||||
--load
|
--load
|
||||||
|
|
||||||
# push debug image to remote registry
|
# push debug image to remote registry
|
||||||
|
@ -51,5 +51,5 @@ docker buildx build --platform "${platforms}" \
|
||||||
--build-arg TAG="${tag}" \
|
--build-arg TAG="${tag}" \
|
||||||
-t "${registry}/${image_name}:${image_version}-debug" \
|
-t "${registry}/${image_name}:${image_version}-debug" \
|
||||||
$(if [ "${LATEST}" == "yes" ]; then echo "-t ${registry}/${image_name}:debug"; fi) \
|
$(if [ "${LATEST}" == "yes" ]; then echo "-t ${registry}/${image_name}:debug"; fi) \
|
||||||
-f Dockerfile.debug . \
|
-f docker/Dockerfile.debug . \
|
||||||
--push
|
--push
|
|
@ -7,12 +7,12 @@ FROM --platform=$BUILDPLATFORM golang:$TAG AS build
|
||||||
ARG app
|
ARG app
|
||||||
|
|
||||||
# install dependencies
|
# install dependencies
|
||||||
RUN apk add --update-cache git upx
|
RUN apk add --update-cache upx
|
||||||
|
|
||||||
# clone
|
# copy source files into the container
|
||||||
RUN git clone https://git.seedno.de/seednode/$app /src/$app
|
COPY . /src/$app/
|
||||||
|
|
||||||
# build and compress the binary
|
# build, strip, and compress the binary
|
||||||
WORKDIR /src/$app
|
WORKDIR /src/$app
|
||||||
ARG TARGETOS TARGETARCH
|
ARG TARGETOS TARGETARCH
|
||||||
RUN CGO_ENABLED=0 \
|
RUN CGO_ENABLED=0 \
|
||||||
|
@ -27,7 +27,7 @@ FROM scratch
|
||||||
ARG app
|
ARG app
|
||||||
|
|
||||||
# copy in user info
|
# copy in user info
|
||||||
COPY --chown=root:root --chmod=0400 passwd /etc/passwd
|
COPY --chown=root:root --chmod=0400 docker/passwd /etc/passwd
|
||||||
|
|
||||||
# run as nonroot
|
# run as nonroot
|
||||||
USER nonroot
|
USER nonroot
|
||||||
|
|
|
@ -6,20 +6,16 @@ ARG TAG
|
||||||
FROM --platform=$BUILDPLATFORM golang:$TAG AS build
|
FROM --platform=$BUILDPLATFORM golang:$TAG AS build
|
||||||
ARG app
|
ARG app
|
||||||
|
|
||||||
# install dependencies
|
# copy source files into the container
|
||||||
RUN apk add --update-cache git upx
|
COPY . /src/$app/
|
||||||
|
|
||||||
# clone
|
# build the binary
|
||||||
RUN git clone https://git.seedno.de/seednode/$app /src/$app
|
|
||||||
|
|
||||||
# build and compress the binary
|
|
||||||
WORKDIR /src/$app
|
WORKDIR /src/$app
|
||||||
ARG TARGETOS TARGETARCH
|
ARG TARGETOS TARGETARCH
|
||||||
RUN CGO_ENABLED=0 \
|
RUN CGO_ENABLED=0 \
|
||||||
GOOS=$TARGETOS \
|
GOOS=$TARGETOS \
|
||||||
GOARCH=$TARGETARCH \
|
GOARCH=$TARGETARCH \
|
||||||
go build -trimpath -ldflags "-s -w" -tags timetzdata -o $app \
|
go build -trimpath -tags timetzdata -o $app \
|
||||||
&& upx --best --lzma $app \
|
|
||||||
&& chmod 500 $app
|
&& chmod 500 $app
|
||||||
|
|
||||||
# set up final stage
|
# set up final stage
|
||||||
|
@ -27,7 +23,7 @@ FROM --platform=$BUILDPLATFORM alpine:latest
|
||||||
ARG app
|
ARG app
|
||||||
|
|
||||||
# copy in user info
|
# copy in user info
|
||||||
COPY --chown=root:root --chmod=0400 passwd /etc/passwd
|
COPY --chown=root:root --chmod=0400 docker/passwd /etc/passwd
|
||||||
|
|
||||||
# run as root for debug
|
# run as root for debug
|
||||||
USER root
|
USER root
|
||||||
|
@ -38,5 +34,5 @@ COPY --from=build --chown=root:root --chmod=0005 /src/$app/$app /$app
|
||||||
# listen on an unprivileged port
|
# listen on an unprivileged port
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|
||||||
# run application
|
# launch a shell by default
|
||||||
ENTRYPOINT ["/bin/ash"]
|
ENTRYPOINT ["/bin/ash"]
|
||||||
|
|
Loading…
Reference in New Issue