56 lines
1.2 KiB
Plaintext
56 lines
1.2 KiB
Plaintext
# Build stage
|
|
# FROM golang:1.23-bullseye as base
|
|
FROM golang:bullseye as base
|
|
|
|
RUN adduser \
|
|
--disabled-password \
|
|
--gecos "" \
|
|
--home "/nonexistent" \
|
|
--shell "/sbin/nologin" \
|
|
--no-create-home \
|
|
--uid 65532 \
|
|
small-user
|
|
|
|
WORKDIR /app
|
|
|
|
COPY . .
|
|
|
|
# RUN go mod download
|
|
# RUN go mod verify
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
gcc \
|
|
libc6-dev
|
|
|
|
RUN GOFLAGS=-mod=vendor \
|
|
CGO_ENABLED=1 \
|
|
GOOS=linux \
|
|
GOARCH=amd64 \
|
|
CGO_LDFLAGS="-static -w -s" \
|
|
go build \
|
|
-ldflags '-extldflags "-static"' \
|
|
-o main .
|
|
|
|
# Final stage
|
|
# Pick your poison
|
|
# Ordered by size desc
|
|
# FROM ubuntu:latest
|
|
FROM alpine:latest
|
|
# FROM scratch
|
|
RUN apk add --no-cache libc6-compat
|
|
|
|
# Run this for ubuntu
|
|
# RUN apt-get update && apt-get install -y curl vim git && apt-get clean
|
|
|
|
# Copy the binary from the build stage
|
|
COPY --from=base /app/main /main
|
|
|
|
# Copy necessary files from the build stage
|
|
COPY --from=base /usr/share/zoneinfo /usr/share/zoneinfo
|
|
COPY --from=base /etc/passwd /etc/passwd
|
|
COPY --from=base /etc/group /etc/group
|
|
|
|
# Use the non-root user
|
|
# USER small-user
|
|
|
|
CMD ["/main"] |