-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.multi
48 lines (43 loc) · 1.72 KB
/
Dockerfile.multi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# syntax = docker/dockerfile:1.2
# get modules, if they don't change the cache can be used for faster builds
FROM golang:1.23@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 AS base
ENV GO111MODULE=on
ENV CGO_ENABLED=0
ENV GOOS=linux
# disable, let docker buildx action handle the platform
# ENV GOARCH=amd64
WORKDIR /src
# avoid go.* (sonar security issue)
COPY go.mod .
COPY go.sum .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
# build th application
FROM base AS build
# temp mount all files instead of loading into image with COPY
# temp mount module cache
# temp mount go build cache
# Build arguments for this image (used as -X args in ldflags)
# goreleaser defaults: '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.Date}} -X main.builtBy=goreleaser'
# go run -ldflags="-w -s -X 'main.version=$(shell git describe --tags --abbrev=0)' -X 'main.commit=$(shell git rev-parse --short HEAD)'" \
ARG APP_VERSION=""
ARG APP_COMMIT=""
ARG APP_DATE=""
ARG APP_BUILT_BY=""
RUN --mount=target=. \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
go build -ldflags="-w -s \
-X 'main.version=${APP_VERSION}' \
-X 'main.commit=${APP_COMMIT}' \
-X 'main.date=${APP_DATE}' \
-X 'main.builtBy=${APP_BUILT_BY}' \
-extldflags '-static'" \
-o /app/ ./...
# Import the binary from build stage
FROM gcr.io/distroless/static:nonroot@sha256:6cd937e9155bdfd805d1b94e037f9d6a899603306030936a3b11680af0c2ed58 AS prd
COPY --from=build /app/rubin /rubin
COPY --from=build /app/polly /polly
# this is the numeric version of user nonroot:nonroot to check runAsNonRoot in kubernetes
USER 65532:65532
ENTRYPOINT ["/rubin"]