44 lines
859 B
Docker
44 lines
859 B
Docker
# set app name
|
|
ARG app=roulette
|
|
|
|
# create build stage
|
|
ARG TAG
|
|
FROM --platform=$BUILDPLATFORM golang:$TAG AS build
|
|
ARG app
|
|
|
|
# install dependencies
|
|
RUN apk add --update-cache upx
|
|
|
|
# copy source files into the container
|
|
COPY . /src/$app/
|
|
|
|
# build, strip, and compress the binary
|
|
WORKDIR /src/$app
|
|
ARG TARGETOS TARGETARCH
|
|
RUN CGO_ENABLED=0 \
|
|
GOOS=$TARGETOS \
|
|
GOARCH=$TARGETARCH \
|
|
go build -trimpath -ldflags "-s -w" -tags timetzdata -o $app \
|
|
&& upx --best --lzma $app \
|
|
&& chmod 500 $app
|
|
|
|
# set up final stage
|
|
FROM scratch
|
|
ARG app
|
|
|
|
# copy in user info
|
|
COPY --chown=root:root --chmod=0400 docker/passwd /etc/passwd
|
|
|
|
# run as nonroot
|
|
USER nonroot
|
|
|
|
# copy in binary
|
|
COPY --from=build --chown=root:root --chmod=0005 /src/$app/$app /$app
|
|
|
|
# listen on an unprivileged port
|
|
EXPOSE 8080
|
|
|
|
# run application
|
|
ENTRYPOINT ["/roulette"]
|
|
CMD ["-r","/data"]
|