-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
90 lines (69 loc) · 1.95 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#############################
# builder
#############################
FROM golang:1.16-buster as builder
LABEL maintainer="https://github.com/arieffian"
ARG BUILD_TYPE
ENV TYPE=$BUILD_TYPE
ENV GO111MODULE=on \
GOOS=linux \
GOARCH=amd64
ENV GOPATH /go
WORKDIR /build
# Set timezone
RUN echo Asia/Jakarta > /etc/timezone && \
rm /etc/localtime && \
ln -snf /usr/share/zoneinfo/Asia/Jakarta /etc/localtime && \
dpkg-reconfigure -f noninteractive tzdata
# Create appuser.
ENV USER=appuser
ENV UID=10001
# See https://stackoverflow.com/a/55757473/12429735RUN
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
"${USER}"
RUN apt-get update && apt-get -y dist-upgrade
RUN apt-get -y install \
build-essential \
libssl-dev \
ca-certificates
RUN apt-get clean && apt-get -y autoremove && \
rm -rf /tmp/* /var/tmp/*
COPY . .
RUN go build -ldflags "-s -w" -o /build/mw-backend-test.app cmd/main.go
#############################
# runtime
#############################
FROM debian:buster-slim
# Set working directory
WORKDIR /app
# Set timezone
RUN echo Asia/Jakarta > /etc/timezone && \
rm /etc/localtime && \
ln -snf /usr/share/zoneinfo/Asia/Jakarta /etc/localtime && \
dpkg-reconfigure -f noninteractive tzdata
# Copy user
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group
# Install dependencies
RUN apt-get update && apt-get -y install \
libssl-dev \
curl \
&& rm -rf /var/lib/apt/lists/*
# Cleanup
RUN apt-get clean && apt-get -y autoremove && \
rm -rf /tmp/* /var/tmp/*
# Copy executable file
COPY --from=builder --chown=appuser:appuser /build/mw-backend-test.app /app/
# Change directory permission
RUN chown -R appuser:appuser /app/
# Use an unprivileged user.
USER appuser:appuser
# Bind host from any ip
EXPOSE 8080
CMD ["sh", "-c", "/app/mw-backend-test.app"]