-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
44 lines (36 loc) · 1.66 KB
/
Copy pathDockerfile
File metadata and controls
44 lines (36 loc) · 1.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# syntax=docker/dockerfile:1.7
# ---- build stage ---------------------------------------------------------
FROM golang:1.25-alpine AS build
WORKDIR /src
# ca-certificates are required by the runtime, but pulling them here keeps
# the runtime stage minimal.
RUN apk add --no-cache ca-certificates git
# Cache module downloads in a separate layer so source-only changes don't
# re-pull dependencies.
COPY go.mod go.sum* ./
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
go mod download
COPY . .
ARG VERSION=dev
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
CGO_ENABLED=0 GOOS=linux \
go build -trimpath -ldflags "-s -w -X main.version=${VERSION}" -o /out/uptime-api ./cmd/api && \
CGO_ENABLED=0 GOOS=linux \
go build -trimpath -ldflags "-s -w -X main.version=${VERSION}" -o /out/uptime-worker ./cmd/worker && \
CGO_ENABLED=0 GOOS=linux \
go build -trimpath -ldflags "-s -w -X main.version=${VERSION}" -o /out/uptime-scheduler ./cmd/scheduler && \
CGO_ENABLED=0 GOOS=linux \
go build -trimpath -ldflags "-s -w -X main.version=${VERSION}" -o /out/uptime-migrate ./cmd/migrate
# ---- runtime stage -------------------------------------------------------
FROM alpine:3.20
WORKDIR /app
# Run as non-root with a known UID so PodSecurity / kubelet checks pass.
RUN apk add --no-cache ca-certificates tzdata && \
addgroup -S -g 65532 uptime && \
adduser -S -u 65532 -G uptime uptime
COPY --from=build /out/uptime-api /out/uptime-worker /out/uptime-scheduler /out/uptime-migrate /app/
USER 65532:65532
EXPOSE 8008 8009
ENV APP_PORT=8008 METRICS_PORT=8009