-
Notifications
You must be signed in to change notification settings - Fork 9
/
Dockerfile
61 lines (45 loc) · 1.7 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# syntax=docker/dockerfile:1.2
# Image page: <https://hub.docker.com/_/golang>
FROM golang:1.23-alpine as builder
# can be passed with any prefix (like `v1.2.3@GITHASH`)
# e.g.: `docker build --build-arg "APP_VERSION=v1.2.3@GITHASH" .`
ARG APP_VERSION="undefined@docker"
RUN set -x \
&& mkdir /src \
&& apk add --no-cache ca-certificates \
&& update-ca-certificates
WORKDIR /src
COPY . .
# arguments to pass on each go tool link invocation
ENV LDFLAGS="-s -w -X gh.tarampamp.am/tinifier/v4/internal/version.version=$APP_VERSION"
RUN set -x \
&& go version \
&& CGO_ENABLED=0 go build -trimpath -ldflags "$LDFLAGS" -o /tmp/tinifier ./cmd/tinifier/ \
&& /tmp/tinifier --version
# prepare rootfs for runtime
RUN mkdir -p /tmp/rootfs
WORKDIR /tmp/rootfs
RUN set -x \
&& mkdir -p \
./etc/ssl \
./bin \
&& cp -R /etc/ssl/certs ./etc/ssl/certs \
&& echo 'appuser:x:10001:10001::/nonexistent:/sbin/nologin' > ./etc/passwd \
&& echo 'appuser:x:10001:' > ./etc/group \
&& mv /tmp/tinifier ./bin/tinifier
# use empty filesystem
FROM scratch as runtime
ARG APP_VERSION="undefined@docker"
LABEL \
org.opencontainers.image.title="tinifier" \
org.opencontainers.image.description="CLI client for images compressing using tinypng.com API" \
org.opencontainers.image.url="https://github.com/tarampampam/tinifier" \
org.opencontainers.image.source="https://github.com/tarampampam/tinifier" \
org.opencontainers.image.vendor="tarampampam" \
org.opencontainers.image.version="$APP_VERSION" \
org.opencontainers.image.licenses="MIT"
# Import from builder
COPY --from=builder /tmp/rootfs /
# Use an unprivileged user
USER 10001:10001
ENTRYPOINT ["/bin/tinifier"]