Update Dockerfile to create a minimal size image

dockerfile

@@ -1,30 +1,32 @@
-# syntax=docker/dockerfile:1
+FROM golang:1.21.6 as base
-FROM golang:1.22-rc-alpine
 
-# Set destination for COPY
+RUN adduser \
-WORKDIR /app
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid 65532 \
+  small-user
+
+WORKDIR $GOPATH/src/app/
+
+COPY . .
 
-# Download Go modules
-COPY go.mod go.sum ./
 RUN go mod download
+RUN go mod verify
 
-# Copy the source code. Note the slash at the end, as explained in
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o /main .
-# https://docs.docker.com/engine/reference/builder/#copy
-# May not be enough for complex projects
-COPY *.go ./
 
-# Build
+FROM scratch
-# Add GOOS=linux for linux
-# GOOS=windows
-# GOOS=darwin
-RUN go build -o /main
 
-# Optional:
+COPY --from=base /usr/share/zoneinfo /usr/share/zoneinfo
-# To bind to a TCP port, runtime parameters must be supplied to the docker command.
+COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-# But we can document in the Dockerfile what ports
+COPY --from=base /etc/passwd /etc/passwd
-# the application is going to listen on by default.
+COPY --from=base /etc/group /etc/group
-# https://docs.docker.com/engine/reference/builder/#expose
+
-# EXPOSE 8080
+COPY --from=base /main .
+
+USER small-user:small-user
 
-# Run
 CMD ["/main"]