56 lines
1.8 KiB
Docker
56 lines
1.8 KiB
Docker
# syntax=docker/dockerfile:1
|
|
|
|
# ---- Build stage ----
|
|
FROM golang:1.26-alpine AS builder
|
|
|
|
ENV CGO_ENABLED=0 GOOS=linux
|
|
|
|
ARG VERSION=docker
|
|
ARG COMMIT=docker
|
|
ARG BUILD_TIME=unknown
|
|
ARG PROJECT=git.loyso.art/frx/kurious
|
|
|
|
WORKDIR /src
|
|
|
|
# Cache module downloads.
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
# Copy the rest of the source.
|
|
# Generated files (templ *_templ.go, mockery mocks) are committed, so no
|
|
# generation step is required here.
|
|
COPY . .
|
|
|
|
# Build the web server and the healthcheck probe.
|
|
RUN go build -trimpath \
|
|
-ldflags "-X ${PROJECT}.version=${VERSION} -X ${PROJECT}.commit=${COMMIT} -X ${PROJECT}.buildTime=${BUILD_TIME}" \
|
|
-o /out/kuriweb ./cmd/kuriweb \
|
|
&& go build -trimpath -o /out/healthcheck ./cmd/healthcheck
|
|
|
|
# Bake a default config into the image (config files are gitignored locally,
|
|
# so the image must be self-contained).
|
|
RUN echo '{"log":{"level":"info","format":"json"},"http":{"listen_addr":":8080","mount_live":false},"sqlite":{"dsn":"/tmp/kurious.sqlite","shutdown_timeout":"10s"},"db_engine":"sqlite","tracing":{"type":"stdout","show_metrics":false}}' > /out/config.json
|
|
|
|
# ---- Final stage ----
|
|
FROM gcr.io/distroless/static-debian12
|
|
|
|
LABEL org.opencontainers.image.title="kuriousweb" \
|
|
org.opencontainers.image.source="git.loyso.art/frx/kurious"
|
|
|
|
COPY --from=builder /out/kuriweb /kuriweb
|
|
COPY --from=builder /out/healthcheck /healthcheck
|
|
COPY --from=builder /out/config.json /etc/kurious/config.json
|
|
|
|
# static-debian12 ships a "nonroot" user (uid 65532).
|
|
USER nonroot:nonroot
|
|
|
|
EXPOSE 8080
|
|
|
|
ENTRYPOINT ["/kuriweb"]
|
|
CMD ["/etc/kurious/config.json"]
|
|
|
|
# Distroless static has no shell/curl, so probing is done via the tiny
|
|
# healthcheck binary built above.
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD ["/healthcheck", "http://127.0.0.1:8080/healthz"]
|