-
-
Notifications
You must be signed in to change notification settings - Fork 190
/
Dockerfile
46 lines (34 loc) · 1.31 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# syntax=docker/dockerfile:1.2
# Image page: <https://hub.docker.com/_/golang>
FROM golang:1.20-alpine as builder
WORKDIR /src
COPY . /src
RUN set -x \
&& CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -o ./evans . \
&& ./evans --version
WORKDIR /tmp/rootfs
# prepare the rootfs for scratch
RUN set -x \
&& mkdir -p ./bin ./etc/ssl ./tmp ./mount ./.config/evans ./.cache \
&& mv /src/evans ./bin/evans \
&& echo 'evans:x:10001:10001::/tmp:/sbin/nologin' > ./etc/passwd \
&& echo 'evans:x:10001:' > ./etc/group \
&& cp -R /etc/ssl/certs ./etc/ssl/certs \
&& chown -R 10001:10001 ./.config ./.cache \
&& chmod -R 777 ./tmp ./mount ./.config ./.cache
# use empty filesystem
FROM scratch as runtime
LABEL \
# Docs: <https://github.com/opencontainers/image-spec/blob/master/annotations.md>
org.opencontainers.image.title="evans" \
org.opencontainers.image.description="more expressive universal gRPC client" \
org.opencontainers.image.url="https://github.com/ktr0731/evans" \
org.opencontainers.image.source="https://github.com/ktr0731/evans" \
org.opencontainers.image.vendor="evans" \
org.opencontainers.image.licenses="MIT"
# use an unprivileged user
USER 10001:10001
# import from builder
COPY --from=builder /tmp/rootfs /
WORKDIR "/mount"
ENTRYPOINT ["/bin/evans"]