47 lines
1.2 KiB
Docker
47 lines
1.2 KiB
Docker
## Build stage
|
|
FROM golang:1.24-alpine AS builder
|
|
|
|
WORKDIR /src
|
|
|
|
# Install build dependencies (none needed for static build) and enable static build
|
|
# Make the build architecture-aware for buildx multi-arch builds
|
|
ARG TARGETOS
|
|
ARG TARGETARCH
|
|
ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH}
|
|
|
|
# Cache go modules
|
|
COPY app/web/go.mod ./app/web/
|
|
RUN cd app/web && go mod download
|
|
|
|
# Copy source
|
|
COPY app/web/ ./app/web/
|
|
|
|
# Build
|
|
RUN cd app/web && go build -o /out/freemoto-web ./
|
|
|
|
## Runtime stage
|
|
FROM alpine:3.20
|
|
|
|
WORKDIR /app/web
|
|
|
|
# Add CA certificates for any outbound HTTPS (future-proofing)
|
|
RUN apk add --no-cache ca-certificates tzdata wget
|
|
|
|
# Copy binary and static files
|
|
COPY --from=builder /out/freemoto-web /app/web/freemoto-web
|
|
COPY app/web/static/ /app/web/static/
|
|
|
|
# Use non-root user (create group explicitly for Alpine)
|
|
RUN addgroup -S appuser \
|
|
&& adduser -S -D -H -h /nonexistent -G appuser appuser \
|
|
&& chown -R appuser:appuser /app
|
|
USER appuser
|
|
|
|
ENV PORT=8080
|
|
EXPOSE 8080
|
|
|
|
# Simple healthcheck against /healthz
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD wget -qO- http://127.0.0.1:${PORT}/healthz || exit 1
|
|
|
|
ENTRYPOINT ["/app/web/freemoto-web"] |