From f7810aa2e39aab3c3d361573f05304a0f1eae012 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Thu, 10 Jul 2025 17:14:05 +0800 Subject: [PATCH 01/13] remove comments --- docker/dockerfile-api | 8 -------- 1 file changed, 8 deletions(-) diff --git a/docker/dockerfile-api b/docker/dockerfile-api index b9d408c5..5f90caac 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -34,9 +34,6 @@ ENV GOMODCACHE=${BUILD_DIR}/.gopath/pkg/mod ENV GOCACHE=${BUILD_DIR}/.gocache RUN mkdir -p ${GOMODCACHE} ${GOCACHE} -# Install timezone data so Go’s time.* calls work correctly. -RUN #apk add --no-cache tzdata - # Sets the primary working directory for this stage of the build. WORKDIR ${BUILD_DIR} @@ -62,7 +59,6 @@ RUN CGO_ENABLED=0 go build -tags "${BUILD_TAGS}" -o ${BUILD_DIR}/${BINARY_NAME} # --- Final Stage FROM alpine:${ALPINE_VERSION} -#USER root # Forwards build-time arguments into this final stage so they can be referenced. ARG APP_USER @@ -96,10 +92,6 @@ COPY ${STORAGE_DIR}/${FIXTURES_DIR} ./${STORAGE_DIR}/${FIXTURES_DIR}/ COPY --from=builder ${BUILD_DIR}/${BINARY_NAME} ${BUILD_DIR}/ RUN chmod +x ${BUILD_DIR}/${BINARY_NAME} -# Copy timezone data from builder so Go’s time.* calls work correctly. -#RUN apk add --no-cache tzdata -#COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo - # Recursively sets the ownership of all files in the application's home directory. #RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME} From 684cfb6ac51b643af765e5967d40a06b1ce85bb5 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Thu, 10 Jul 2025 17:28:01 +0800 Subject: [PATCH 02/13] simple names --- docker/dockerfile-api | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/docker/dockerfile-api b/docker/dockerfile-api index 5f90caac..bd637166 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -1,41 +1,39 @@ # --- Build Arguments -ARG GO_VERSION=1.24 -ARG ALPINE_VERSION=latest - -ARG APP_VERSION="0.0.0-dev" +ARG APP_VERSION="0.0.0.1" ARG BUILD_TAGS="posts,experience,profile,projects,social,talks,gus,gocanto" ARG BINARY_NAME=server + ARG APP_HOST_PORT=8080 ARG APP_USER=appuser ARG APP_GROUP=appgroup ARG APP_HOME=/home/${APP_USER} +ARG APP_DIR=/app -ARG BUILD_DIR=/app ARG STORAGE_DIR=storage ARG LOGS_DIR=logs ARG MEDIA_DIR=media ARG FIXTURES_DIR=fixture # --- Build Stage -FROM golang:${GO_VERSION}-alpine AS builder +FROM golang:1.24-alpine AS builder # --- Docker Args always go before ENV vars. # Forwards build-time arguments into this specific stage so they can be referenced. -ARG BUILD_DIR +ARG APP_DIR ARG BINARY_NAME ARG APP_VERSION ARG BUILD_TAGS # --- Go env vars. # Tell Go to keep its module & build caches under /app -ENV GOPATH=${BUILD_DIR}/.gopath -ENV GOMODCACHE=${BUILD_DIR}/.gopath/pkg/mod -ENV GOCACHE=${BUILD_DIR}/.gocache +ENV GOPATH=${APP_DIR}/.gopath +ENV GOMODCACHE=${APP_DIR}/.gopath/pkg/mod +ENV GOCACHE=${APP_DIR}/.gocache RUN mkdir -p ${GOMODCACHE} ${GOCACHE} # Sets the primary working directory for this stage of the build. -WORKDIR ${BUILD_DIR} +WORKDIR ${APP_DIR} # Copies the Go module definition files into the builder. # This is done first to leverage Docker's layer caching. The subsequent @@ -55,16 +53,16 @@ COPY . . # -w: Strips DWARF debugging information, further reducing size. # -X: Injects a value into a string variable at build time. Here, it sets # the application's version by targeting the 'Version' variable in the 'main' package. -RUN CGO_ENABLED=0 go build -tags "${BUILD_TAGS}" -o ${BUILD_DIR}/${BINARY_NAME} -ldflags="-s -w -X main.Version=${APP_VERSION}" . +RUN CGO_ENABLED=0 go build -tags "${BUILD_TAGS}" -o ${APP_DIR}/${BINARY_NAME} -ldflags="-s -w -X main.Version=${APP_VERSION}" . # --- Final Stage -FROM alpine:${ALPINE_VERSION} +FROM alpine:latest # Forwards build-time arguments into this final stage so they can be referenced. -ARG APP_USER -ARG APP_GROUP +#ARG APP_USER +#ARG APP_GROUP #ARG APP_HOME -ARG BUILD_DIR +ARG APP_DIR ARG BINARY_NAME ARG STORAGE_DIR ARG LOGS_DIR @@ -89,8 +87,8 @@ RUN mkdir -p ${STORAGE_DIR}/${FIXTURES_DIR} ${STORAGE_DIR}/${FIXTURES_DIR} COPY ${STORAGE_DIR}/${FIXTURES_DIR} ./${STORAGE_DIR}/${FIXTURES_DIR}/ # Copies the compiled application binary from the 'builder' stage. -COPY --from=builder ${BUILD_DIR}/${BINARY_NAME} ${BUILD_DIR}/ -RUN chmod +x ${BUILD_DIR}/${BINARY_NAME} +COPY --from=builder ${APP_DIR}/${BINARY_NAME} ${APP_DIR}/ +RUN chmod +x ${APP_DIR}/${BINARY_NAME} # Recursively sets the ownership of all files in the application's home directory. #RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME} @@ -99,6 +97,4 @@ RUN chmod +x ${BUILD_DIR}/${BINARY_NAME} EXPOSE ${APP_HOST_PORT} -#CMD ["./server"] -#CMD ["/app/${BINARY_NAME}"] ENTRYPOINT ["/app/server"] From e777627da3462d7c49b8fafdb2d99723be2f1149 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Thu, 10 Jul 2025 17:42:49 +0800 Subject: [PATCH 03/13] args --- docker-compose.yml | 4 +++- docker/dockerfile-api | 18 +++++++++++------- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 81e6a536..b69d7468 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -110,10 +110,12 @@ services: context: . dockerfile: ./docker/dockerfile-api args: - - APP_VERSION=v1.0.0-release + - APP_VERSION=0.0.0.1 - APP_HOST_PORT=${ENV_HTTP_PORT} - APP_USER=${ENV_DOCKER_USER} - APP_GROUP=${ENV_DOCKER_USER_GROUP} + - APP_DIR=/app + - BINARY_NAME=oullin_api container_name: oullin_api restart: unless-stopped secrets: diff --git a/docker/dockerfile-api b/docker/dockerfile-api index bd637166..0f69d8d7 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -1,8 +1,8 @@ # --- Build Arguments -ARG APP_VERSION="0.0.0.1" +ARG APP_VERSION=0.0.0.1 ARG BUILD_TAGS="posts,experience,profile,projects,social,talks,gus,gocanto" -ARG BINARY_NAME=server +ARG BINARY_NAME=oullin_api ARG APP_HOST_PORT=8080 ARG APP_USER=appuser @@ -57,7 +57,6 @@ RUN CGO_ENABLED=0 go build -tags "${BUILD_TAGS}" -o ${APP_DIR}/${BINARY_NAME} -l # --- Final Stage FROM alpine:latest - # Forwards build-time arguments into this final stage so they can be referenced. #ARG APP_USER #ARG APP_GROUP @@ -77,11 +76,16 @@ RUN apk add --no-cache tzdata ENV TZ=Asia/Singapore # Make sure the home exists & switch into it. -WORKDIR /app +WORKDIR ${APP_DIR} # Creates the necessary storage directories inside the container. -RUN mkdir -p ${STORAGE_DIR}/${LOGS_DIR} ${STORAGE_DIR}/${MEDIA_DIR} -RUN mkdir -p ${STORAGE_DIR}/${FIXTURES_DIR} ${STORAGE_DIR}/${FIXTURES_DIR} +RUN mkdir -p \ + ${STORAGE_DIR}/${LOGS_DIR} \ + ${STORAGE_DIR}/${MEDIA_DIR} \ + +RUN mkdir -p \ + ${STORAGE_DIR}/${FIXTURES_DIR} \ + ${STORAGE_DIR}/${FIXTURES_DIR} # Copies the 'fixture' files from the local project directory into the container. COPY ${STORAGE_DIR}/${FIXTURES_DIR} ./${STORAGE_DIR}/${FIXTURES_DIR}/ @@ -97,4 +101,4 @@ RUN chmod +x ${APP_DIR}/${BINARY_NAME} EXPOSE ${APP_HOST_PORT} -ENTRYPOINT ["/app/server"] +ENTRYPOINT ["/bin/sh","-c","exec ${APP_DIR}/${BINARY_NAME}"] From 74c4731984e3c08ff125cd07eaebfbdd09d37d4c Mon Sep 17 00:00:00 2001 From: Gus Date: Thu, 10 Jul 2025 21:17:38 +0800 Subject: [PATCH 04/13] Empty - Commit From 723415925958378ed1ca2eaf3ece47ccb912976b Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Thu, 10 Jul 2025 21:27:59 +0800 Subject: [PATCH 05/13] =?UTF-8?q?=F0=9F=94=90=20Test=20GPG=20signing?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From a6c32f737a54a6511354db824c4a095313574b65 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Thu, 10 Jul 2025 21:32:11 +0800 Subject: [PATCH 06/13] =?UTF-8?q?=F0=9F=94=90=20Test=20GPG=20signing=20(is?= =?UTF-8?q?la)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From c58b181f76e292b105795c4500557d456fc1716e Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 11 Jul 2025 09:29:33 +0800 Subject: [PATCH 07/13] wip --- config/makefile/db.mk | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/config/makefile/db.mk b/config/makefile/db.mk index d6d9a870..c735a811 100644 --- a/config/makefile/db.mk +++ b/config/makefile/db.mk @@ -46,12 +46,8 @@ db\:delete: docker compose down -v --remove-orphans db\:chmod: - #ostgreSQL has a strict rule for security. The SSL private key file (server.key) cannot be owned by a regular user. - # When you mount the file from your host server, the file inside the container is still owned by your user (gocanto), - # not by root or the postgres user. PostgreSQL sees this as a security risk and refuses to start. - #sudo chown root:root ./database/infra/ssl/server.key - #sudo chmod 600 ./database/infra/ssl/server.key - chmod 600 $(DB_INFRA_SERVER_KEY) + sudo chmod 600 $(DB_INFRA_SERVER_KEY) + sudo chmod 644 $(DB_INFRA_SERVER_CRT) db\:secure: rm -f $(DB_INFRA_SERVER_CRT) $(DB_INFRA_SERVER_CSR) $(DB_INFRA_SERVER_KEY) From bc027856fb282cc79ff7b9abb2447f13d2aa74a9 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 11 Jul 2025 09:47:18 +0800 Subject: [PATCH 08/13] wip --- docker/dockerfile-api | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/docker/dockerfile-api b/docker/dockerfile-api index 0f69d8d7..a5f2428e 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -57,10 +57,11 @@ RUN CGO_ENABLED=0 go build -tags "${BUILD_TAGS}" -o ${APP_DIR}/${BINARY_NAME} -l # --- Final Stage FROM alpine:latest + # Forwards build-time arguments into this final stage so they can be referenced. -#ARG APP_USER -#ARG APP_GROUP -#ARG APP_HOME +ARG APP_USER +ARG APP_GROUP +ARG APP_HOME ARG APP_DIR ARG BINARY_NAME ARG STORAGE_DIR @@ -70,7 +71,10 @@ ARG FIXTURES_DIR ARG APP_HOST_PORT # Creates a dedicated, non-root user and group to run the application with. -#RUN addgroup -S ${APP_GROUP} && adduser -S ${APP_USER} -G ${APP_GROUP} -h ${APP_HOME} +RUN mkdir -p ${APP_HOME} \ + && addgroup -S ${APP_GROUP} \ + && adduser -S ${APP_USER} -G ${APP_GROUP} -h ${APP_HOME} ${APP_USER} + RUN apk add --no-cache tzdata ENV TZ=Asia/Singapore @@ -95,9 +99,10 @@ COPY --from=builder ${APP_DIR}/${BINARY_NAME} ${APP_DIR}/ RUN chmod +x ${APP_DIR}/${BINARY_NAME} # Recursively sets the ownership of all files in the application's home directory. -#RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME} +RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME} +RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_DIR} -#USER ${APP_USER} +USER ${APP_USER}:${APP_GROUP} EXPOSE ${APP_HOST_PORT} From 125b72a9b397706983517d08f1cb30d71330ff23 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 11 Jul 2025 10:11:42 +0800 Subject: [PATCH 09/13] wip --- docker/dockerfile-api | 122 ++++++++++++++++++++++++++---------------- 1 file changed, 76 insertions(+), 46 deletions(-) diff --git a/docker/dockerfile-api b/docker/dockerfile-api index a5f2428e..435b827c 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -1,64 +1,83 @@ -# --- Build Arguments +# +# ---------------------------------------------------------------------------------------------------------------------- +# GLOBAL BUILD ARGUMENTS +# ---------------------------------------------------------------------------------------------------------------------- +# +# These args can be overridden at build time with `--build-arg NAME=value`. +# Otherwise, you could use you docker-compose file to achive the same purpose. +# +# ---------------------------------------------------------------------------------------------------------------------- +# + ARG APP_VERSION=0.0.0.1 ARG BUILD_TAGS="posts,experience,profile,projects,social,talks,gus,gocanto" - ARG BINARY_NAME=oullin_api -ARG APP_HOST_PORT=8080 +# Non-root user/group settings. ARG APP_USER=appuser ARG APP_GROUP=appgroup ARG APP_HOME=/home/${APP_USER} + +# Container runtime port. +ARG APP_HOST_PORT=8080 + +# Application directory inside container. ARG APP_DIR=/app +# Storage directories (relative to APP_DIR). ARG STORAGE_DIR=storage ARG LOGS_DIR=logs ARG MEDIA_DIR=media ARG FIXTURES_DIR=fixture -# --- Build Stage +# ---------------------------------------------------------------------------------------------------------------------- +# BUILDER STAGE +# ---------------------------------------------------------------------------------------------------------------------- FROM golang:1.24-alpine AS builder -# --- Docker Args always go before ENV vars. -# Forwards build-time arguments into this specific stage so they can be referenced. +# Bring in the build args needed in this stage. ARG APP_DIR ARG BINARY_NAME ARG APP_VERSION ARG BUILD_TAGS -# --- Go env vars. -# Tell Go to keep its module & build caches under /app +# Configure Go build cache and module cache under our APP_DIR. ENV GOPATH=${APP_DIR}/.gopath ENV GOMODCACHE=${APP_DIR}/.gopath/pkg/mod ENV GOCACHE=${APP_DIR}/.gocache + +# Create the Go module & build cache directories. RUN mkdir -p ${GOMODCACHE} ${GOCACHE} -# Sets the primary working directory for this stage of the build. +# Set the working directory for the build. WORKDIR ${APP_DIR} -# Copies the Go module definition files into the builder. -# This is done first to leverage Docker's layer caching. The subsequent -# 'go mod download' step will only be re-run if these files have changed. +# Copy Go module files and download dependencies. COPY go.mod go.sum ./ - RUN go mod download -# Copies the rest of the application's source code into the builder. +# Copy remaining source code into the builder. COPY . . -# Compiles the Go application into a single, statically-linked binary. -# -tags: Applies build constraints, allowing for conditional compilation. -# -o: Specifies the output path and name for the compiled binary. -# -ldflags: Provides flags to the linker. -# -s: Strips the symbol table, reducing binary size. -# -w: Strips DWARF debugging information, further reducing size. -# -X: Injects a value into a string variable at build time. Here, it sets -# the application's version by targeting the 'Version' variable in the 'main' package. -RUN CGO_ENABLED=0 go build -tags "${BUILD_TAGS}" -o ${APP_DIR}/${BINARY_NAME} -ldflags="-s -w -X main.Version=${APP_VERSION}" . - -# --- Final Stage +# Compile a statically-linked binary. +# +# * CGO_ENABLED=0: disable CGO for static builds. +# * -tags: apply build tags. +# * -o: output binaries path/name. +# * -ldflags: strip symbols and inject version. +# +RUN CGO_ENABLED=0 go build \ + -tags "${BUILD_TAGS}" \ + -o ${APP_DIR}/${BINARY_NAME} \ + -ldflags="-s -w -X main.Version=${APP_VERSION}" \ + . + +# ---------------------------------------------------------------------------------------------------------------------- +# FINAL STAGE +# ---------------------------------------------------------------------------------------------------------------------- FROM alpine:latest -# Forwards build-time arguments into this final stage so they can be referenced. +# Bring in the runtime args. ARG APP_USER ARG APP_GROUP ARG APP_HOME @@ -70,40 +89,51 @@ ARG MEDIA_DIR ARG FIXTURES_DIR ARG APP_HOST_PORT -# Creates a dedicated, non-root user and group to run the application with. -RUN mkdir -p ${APP_HOME} \ - && addgroup -S ${APP_GROUP} \ - && adduser -S ${APP_USER} -G ${APP_GROUP} -h ${APP_HOME} ${APP_USER} - - +# Install timezone data so Go’s time.* functions work correctly. RUN apk add --no-cache tzdata ENV TZ=Asia/Singapore -# Make sure the home exists & switch into it. -WORKDIR ${APP_DIR} +# Create the system group for our non-root user. +RUN addgroup -S ${APP_GROUP} -# Creates the necessary storage directories inside the container. -RUN mkdir -p \ - ${STORAGE_DIR}/${LOGS_DIR} \ - ${STORAGE_DIR}/${MEDIA_DIR} \ +# Create the system user, assign to group, set its home. +RUN adduser -S ${APP_USER} \ + -G ${APP_GROUP} \ + -h ${APP_HOME} \ + ${APP_USER} + +# Ensure the user’s home directory actually exists. +RUN mkdir -p ${APP_HOME} + +# Switch to the application directory (implicitly creates it if missing). +WORKDIR ${APP_DIR} -RUN mkdir -p \ - ${STORAGE_DIR}/${FIXTURES_DIR} \ - ${STORAGE_DIR}/${FIXTURES_DIR} +# Create storage subdirectories under the APP_DIR. +# +# * logs/: for application logs +# * media/: for uploaded/static media +# * fixture/: for static fixtures data +# +RUN mkdir -p ${STORAGE_DIR}/${LOGS_DIR} +RUN mkdir -p ${STORAGE_DIR}/${MEDIA_DIR} +RUN mkdir -p ${STORAGE_DIR}/${FIXTURES_DIR} -# Copies the 'fixture' files from the local project directory into the container. -COPY ${STORAGE_DIR}/${FIXTURES_DIR} ./${STORAGE_DIR}/${FIXTURES_DIR}/ +# Copy fixture files from builder stage. +COPY --from=builder ${STORAGE_DIR}/${FIXTURES_DIR} ${STORAGE_DIR}/${FIXTURES_DIR}/ -# Copies the compiled application binary from the 'builder' stage. +# Copy the compiled binary and mark it executable. COPY --from=builder ${APP_DIR}/${BINARY_NAME} ${APP_DIR}/ RUN chmod +x ${APP_DIR}/${BINARY_NAME} -# Recursively sets the ownership of all files in the application's home directory. +# Give ownership of home and app directories to our non-root user. RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME} RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_DIR} +# Switch to non-root user for all subsequent container processes. USER ${APP_USER}:${APP_GROUP} +# Expose the application port. EXPOSE ${APP_HOST_PORT} -ENTRYPOINT ["/bin/sh","-c","exec ${APP_DIR}/${BINARY_NAME}"] +# Launch the binary (shell-form so that environment variables are expanded). +ENTRYPOINT ["/bin/sh", "-c", "exec ${APP_DIR}/${BINARY_NAME}"] From b6051fa058e80edd49be934f4a708b159f198c7e Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 11 Jul 2025 10:14:32 +0800 Subject: [PATCH 10/13] wip --- docker/dockerfile-api | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/dockerfile-api b/docker/dockerfile-api index 435b827c..913c5acb 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -119,7 +119,7 @@ RUN mkdir -p ${STORAGE_DIR}/${MEDIA_DIR} RUN mkdir -p ${STORAGE_DIR}/${FIXTURES_DIR} # Copy fixture files from builder stage. -COPY --from=builder ${STORAGE_DIR}/${FIXTURES_DIR} ${STORAGE_DIR}/${FIXTURES_DIR}/ +COPY ${STORAGE_DIR}/${FIXTURES_DIR} ${STORAGE_DIR}/${FIXTURES_DIR}/ # Copy the compiled binary and mark it executable. COPY --from=builder ${APP_DIR}/${BINARY_NAME} ${APP_DIR}/ From 7331aec324c4075cde000059442439b2fb7ba52e Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 11 Jul 2025 10:27:01 +0800 Subject: [PATCH 11/13] wip --- docker/dockerfile-api | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker/dockerfile-api b/docker/dockerfile-api index 913c5acb..a8969338 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -132,6 +132,9 @@ RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_DIR} # Switch to non-root user for all subsequent container processes. USER ${APP_USER}:${APP_GROUP} +ENV APP_DIR=${APP_DIR} +ENV BINARY_NAME=${BINARY_NAME} + # Expose the application port. EXPOSE ${APP_HOST_PORT} From d197c3ea19c03bbc561588e43450082b3c0180af Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 11 Jul 2025 10:39:34 +0800 Subject: [PATCH 12/13] wip --- docker/dockerfile-api | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker/dockerfile-api b/docker/dockerfile-api index a8969338..13102766 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -132,6 +132,8 @@ RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_DIR} # Switch to non-root user for all subsequent container processes. USER ${APP_USER}:${APP_GROUP} +# Arguments do not exist at container runtime, so ${APP_DIR} and ${BINARY_NAME} are empty when the entryoint is called. +# Therefore, we need to send those values as environment variables for the shell to pick them up at runtime. ENV APP_DIR=${APP_DIR} ENV BINARY_NAME=${BINARY_NAME} From 1b64eb316b822ab97f9a032e8d4de02ed92c52f2 Mon Sep 17 00:00:00 2001 From: Gustavo Ocanto Date: Fri, 11 Jul 2025 10:50:04 +0800 Subject: [PATCH 13/13] pin alpine version instead --- docker/dockerfile-api | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/dockerfile-api b/docker/dockerfile-api index 13102766..cea85ace 100644 --- a/docker/dockerfile-api +++ b/docker/dockerfile-api @@ -75,7 +75,7 @@ RUN CGO_ENABLED=0 go build \ # ---------------------------------------------------------------------------------------------------------------------- # FINAL STAGE # ---------------------------------------------------------------------------------------------------------------------- -FROM alpine:latest +FROM alpine:3.22 # Bring in the runtime args. ARG APP_USER