# Build stage # FROM golang:1.23-bullseye as base FROM golang:bullseye as base RUN adduser \ --disabled-password \ --gecos "" \ --home "/nonexistent" \ --shell "/sbin/nologin" \ --no-create-home \ --uid 65532 \ small-user WORKDIR /app COPY . . # RUN go mod download # RUN go mod verify RUN apt-get update && apt-get install -y \ gcc \ libc6-dev RUN GOFLAGS=-mod=vendor \ CGO_ENABLED=1 \ GOOS=linux \ GOARCH=amd64 \ CGO_LDFLAGS="-static -w -s" \ go build \ -ldflags '-extldflags "-static"' \ -o main . # Final stage # Pick your poison # Ordered by size desc # FROM ubuntu:latest FROM alpine:latest # FROM scratch RUN apk add --no-cache libc6-compat # Run this for ubuntu # RUN apt-get update && apt-get install -y curl vim git && apt-get clean # Copy the binary from the build stage COPY --from=base /app/main /main # Copy necessary files from the build stage COPY --from=base /usr/share/zoneinfo /usr/share/zoneinfo COPY --from=base /etc/passwd /etc/passwd COPY --from=base /etc/group /etc/group # Use the non-root user # USER small-user CMD ["/main"]