Last active
February 7, 2022 18:01
-
-
Save neverping/3ab507425b03dc6eb96962f20b7f3c18 to your computer and use it in GitHub Desktop.
My suggestion
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ################################ | |
| # STEP 1 build executable binary | |
| ################################ | |
| FROM golang:1.16-alpine as builder | |
| RUN apk update && \ | |
| apk add --update bash && \ | |
| apk add --no-cache tzdata curl ca-certificates | |
| # Create appuser. | |
| ENV MY_USER=appuser | |
| ENV MY_UID=10001 | |
| # See https://stackoverflow.com/a/55757473/12429735RUN | |
| RUN adduser \ | |
| --disabled-password \ | |
| --gecos "" \ | |
| --home "/nonexistent" \ | |
| --shell "/sbin/nologin" \ | |
| --no-create-home \ | |
| --uid "${MY_UID}" \ | |
| "${MY_USER}" | |
| WORKDIR /build-dir | |
| COPY . /build-dir | |
| RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -a -installsuffix cgo -o ./app . | |
| ############################ | |
| # STEP 2 build a small image | |
| ############################ | |
| FROM scratch | |
| # Importing dependencies from builder image. | |
| COPY --from=builder /usr/bin/curl /usr/bin/curl | |
| COPY --from=builder /bin/bash /bin | |
| COPY --from=builder /usr/lib/bash /usr/lib/bash | |
| COPY --from=builder /usr/lib/lib* /usr/lib/ | |
| COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo | |
| COPY --from=builder /etc/passwd /etc/passwd | |
| COPY --from=builder /etc/group /etc/group | |
| COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ | |
| # Copy our static executable. | |
| COPY --from=builder /build-dir/app /bin/app | |
| # Use an unprivileged user. | |
| USER appuser:appuser | |
| # Port on which the service will be exposed. | |
| EXPOSE 7008 | |
| ## Command to get application health status | |
| HEALTHCHECK --interval=30s --timeout=3s \ | |
| CMD /usr/bin/curl --fail http://localhost:7008/health || exit 1 | |
| ## Final exec | |
| ENTRYPOINT ["/bin/app"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
################################
STEP 1 build executable binary
################################
FROM golang:1.16-alpine as builder
RUN apk update &&
apk add --update bash &&
apk add --no-cache tzdata curl ca-certificates
Create appuser.
ENV USER=appuser
ENV UID=10001
See https://stackoverflow.com/a/55757473/12429735RUN
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
"${USER}"
WORKDIR /builder
COPY . /builder
RUN CGO_ENABLED=0 go build -mod=vendor -ldflags="-w -s" -o app
#RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -a -installsuffix cgo -o ./app .
############################
STEP 2 build a small image
############################
FROM scratch
Importing dependencies from builder image.
COPY --from=builder /usr/bin/curl /usr/bin/curl
COPY --from=builder /bin/bash /usr/bin/bash
COPY --from=builder /bin/sh /usr/bin/sh
COPY --from=builder /usr/lib/bash /usr/lib/bash
#COPY --from=builder /usr/lib/lib* /usr/lib
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
#RUN chmod +x /usr/bin/*
Copy our static executable.
COPY --from=builder /builder/app /app
Use an unprivileged user.
USER appuser:appuser
Port on which the service will be exposed.
EXPOSE 7008
Command to get application health status
HEALTHCHECK --interval=30s --timeout=3s
CMD /usr/bin/curl --fail http://localhost:7008/health || exit 1
Final exec
ENTRYPOINT ["/app"]