-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
54 lines (39 loc) · 1.38 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# syntax=docker/dockerfile:1
# Hosts a local server on port 8080, written in Go 1.22.2, and packages into a container image.
# Uses a multistage docker build to minimize image size
FROM golang:1.22.2-bullseye as base
#adds non-root user
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid 65532 \
non-root-user
# Sets the active work directory
WORKDIR /app
# Copies go.mod and go.sum, which holds references to all of the dependencies, into the application folder
COPY go.mod go.sum ./
# Downloads all the dependencies needed to run
RUN go mod download
# Copies the source code into the application folder
COPY . ./
# Builds the binaries
RUN CGO_ENABLED=0 GOOS=linux go build -o /go-receipt-processor .
# Runs tests
FROM base AS run-test
RUN go test -v ./...
FROM scratch
# Keeps specific information for security with minimum function
COPY --from=base /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=base /etc/passwd /etc/passwd
COPY --from=base /etc/group /etc/group
# Keeps our actual project
COPY --from=base /go-receipt-processor .
# Sets user / user-permissions
USER non-root-user:non-root-user
# Exposes internal port for communication
EXPOSE 8080
CMD ["./go-receipt-processor"]