This commit changes the Dockerfile to adhere closer to the standards set by tools like Sonarqube et al. It enforces the usage of a nonroot user, copies files explicitly between build stages and makes the binary filename consistent with our binary releases fix: #3
This commit is contained in:
parent
0af8f68df6
commit
e19b8dfc7c
GPG Key ID:
79ECA2E54996FF4D
25
Dockerfile
25
Dockerfile
@ -5,19 +5,36 @@ FROM golang:alpine3.19 AS builder
|
|||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Copy the source code into the container
|
# Copy the source code into the container
|
||||||
COPY . .
|
COPY go.mod .
|
||||||
|
COPY go.sum .
|
||||||
|
|
||||||
|
# Download required modules
|
||||||
RUN go mod download
|
RUN go mod download
|
||||||
|
|
||||||
|
# Copy the main application file
|
||||||
|
COPY main.go .
|
||||||
|
|
||||||
# Build the application
|
# Build the application
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go build -o mybot .
|
RUN CGO_ENABLED=0 GOOS=linux go build -o gitea-register-account-bot .
|
||||||
|
|
||||||
# Use a small base image
|
# Use a small base image
|
||||||
FROM alpine:edge
|
FROM alpine:edge
|
||||||
|
|
||||||
|
# Create and set the application directory
|
||||||
WORKDIR /app/
|
WORKDIR /app/
|
||||||
|
|
||||||
|
# Add a non-root user to run the application
|
||||||
|
RUN addgroup -S nonroot \
|
||||||
|
&& adduser -S nonroot -G nonroot
|
||||||
|
|
||||||
# Copy the binary from the builder stage
|
# Copy the binary from the builder stage
|
||||||
COPY --from=builder /app/mybot /app/
|
COPY --from=builder /app/gitea-register-account-bot /app/
|
||||||
|
|
||||||
|
# Change file ownership to the nonroot user
|
||||||
|
RUN chown -R nonroot:nonroot /app
|
||||||
|
|
||||||
|
# Change to nonroot user
|
||||||
|
USER nonroot
|
||||||
|
|
||||||
# Command to run the executable
|
# Command to run the executable
|
||||||
CMD ["./mybot"]
|
CMD ["./gitea-register-account-bot"]
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user