Build minimal Docker image that runs without root priviledges (#45)

2021-02-18 09:23:39 +01:00 · 2021-02-18 09:23:39 +01:00 · 3871059dce
parent f21887e4a0
commit 3871059dce
2 changed files with 31 additions and 5 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,4 @@
+*
+!*.go
+!go.mod
+!go.sum
--- a/32
+++ b/32
@ -1,14 +1,36 @@
+ARG BASE=alpine:latest
+ARG GOOS=linux
+ARG GOARCH=amd64
+ 
+# Build the purge binary
+FROM golang:1.15 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go version.go server.go ./
+
 # Build
-FROM prologic/go-builder:latest AS build
+RUN CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} GO111MODULE=on go build -a -o bitraft

-# Runtime
-FROM alpine
+RUN mkdir data

-COPY --from=build /src/bitraft /bitraft
+FROM $BASE 
+WORKDIR /app
+COPY --from=builder /workspace/bitraft .
+COPY --from=builder --chown=65532:65532 /workspace/data /data

 EXPOSE 4920/tcp

+USER 65532:65532
+
 VOLUME /data

-ENTRYPOINT ["/bitraft"]
+ENTRYPOINT ["/app/bitraft"]
 CMD ["-d", "/data"]