From 3871059dce7bf05ca823f3dc0e3517d613bfda28 Mon Sep 17 00:00:00 2001
From: Sebastien Leger <sebastien.regel@gmail.com>
Date: Thu, 18 Feb 2021 09:23:39 +0100
Subject: [PATCH] Build minimal Docker image that runs without root priviledges
 (#45)

---
 .dockerignore |  4 ++++
 Dockerfile    | 32 +++++++++++++++++++++++++++-----
 2 files changed, 31 insertions(+), 5 deletions(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..b6f8530
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,4 @@
+*
+!*.go
+!go.mod
+!go.sum
diff --git a/Dockerfile b/Dockerfile
index 1a48cc1..d7cab87 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,36 @@
+ARG BASE=alpine:latest
+ARG GOOS=linux
+ARG GOARCH=amd64
+ 
+# Build the purge binary
+FROM golang:1.15 as builder
+
+WORKDIR /workspace
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN go mod download
+
+# Copy the go source
+COPY main.go version.go server.go ./
+
 # Build
-FROM prologic/go-builder:latest AS build
+RUN CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} GO111MODULE=on go build -a -o bitraft
 
-# Runtime
-FROM alpine
+RUN mkdir data
 
-COPY --from=build /src/bitraft /bitraft
+FROM $BASE 
+WORKDIR /app
+COPY --from=builder /workspace/bitraft .
+COPY --from=builder --chown=65532:65532 /workspace/data /data
 
 EXPOSE 4920/tcp
 
+USER 65532:65532
+
 VOLUME /data
 
-ENTRYPOINT ["/bitraft"]
+ENTRYPOINT ["/app/bitraft"]
 CMD ["-d", "/data"]