Add production stage to Dockerfile and tidy up
This commit is contained in:
Jonny Stoten
29
Dockerfile
29
Dockerfile
@@ -1,38 +1,37 @@
|
||||
ARG BUILDERIMAGE="golang:1.22"
|
||||
ARG BASEIMAGE="gcr.io/distroless/static:nonroot"
|
||||
|
||||
FROM ${BUILDERIMAGE} as builder
|
||||
FROM ${BUILDERIMAGE} AS builder
|
||||
|
||||
ARG LDFLAGS
|
||||
|
||||
ENV GO111MODULE=on \
|
||||
CGO_ENABLED=0
|
||||
ENV CGO_ENABLED=0
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
COPY . .
|
||||
|
||||
# --- This block can be replaced by `RUN go mod download` when github.com/docker/attest is public
|
||||
# --- This block can be removed when github.com/docker/attest is public
|
||||
ENV GOPRIVATE="github.com/docker/attest"
|
||||
RUN --mount=type=cache,target=$GOPATH/pkg/mod --mount=type=secret,id=GITHUB_TOKEN <<EOT
|
||||
RUN --mount=type=secret,id=GITHUB_TOKEN <<EOT
|
||||
set -e
|
||||
GITHUB_TOKEN=${GITHUB_TOKEN:-$(cat /run/secrets/GITHUB_TOKEN)}
|
||||
if [ -n "$GITHUB_TOKEN" ]; then
|
||||
echo "Setting GitHub access token"
|
||||
git config --global "url.https://x-access-token:${GITHUB_TOKEN}@github.com.insteadof" "https://github.com"
|
||||
fi
|
||||
go mod download
|
||||
EOT
|
||||
# ---
|
||||
|
||||
RUN --mount=type=cache,target=$GOPATH/pkg/mod --mount=type=cache,target=/root/.cache/go-build make build
|
||||
RUN --mount=type=bind,source=.,target=/app \
|
||||
--mount=type=cache,target=$GOPATH/pkg/mod \
|
||||
--mount=type=cache,target=/root/.cache/go-build \
|
||||
go build -o /bin/attest main.go
|
||||
|
||||
FROM ${BASEIMAGE}
|
||||
FROM ${BASEIMAGE} AS production
|
||||
|
||||
COPY --from=builder /app/bin/attest /
|
||||
|
||||
COPY --from=builder --chown=65532:65532 /app/certs/tls.crt /app/certs/tls.key /certs/
|
||||
COPY --from=builder /bin/attest /
|
||||
|
||||
USER 65532:65532
|
||||
|
||||
ENTRYPOINT ["/attest"]
|
||||
|
||||
FROM production AS dev
|
||||
|
||||
COPY certs/tls.crt certs/tls.key /certs/
|
||||
|
||||
Reference in New Issue
Block a user