beisel.org
/
gitea-register-account-bot
3
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

refactor(Docker): 💥 Changes Dockerfile to more closely adhere to best practice
Test Changes on Push / build-vet-test (push) Successful in 21s Details 

This commit changes the Dockerfile to adhere closer to the standards set by tools like Sonarqube et al. It enforces the usage of a nonroot user, copies files explicitly between build stages and makes the binary filename consistent with our binary releases

fix: #3
This commit is contained in:
Florian Beisel 2024-01-12 20:12:34 +01:00
parent 0af8f68df6
commit e19b8dfc7c
Signed by: florian
GPG Key ID: 79ECA2E54996FF4D
1 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Dockerfile
View File

@ -5,19 +5,36 @@ FROM golang:alpine3.19 AS builder
WORKDIR /app WORKDIR /app
# Copy the source code into the container # Copy the source code into the container
COPY . . COPY go.mod .
COPY go.sum .
# Download required modules
RUN go mod download RUN go mod download
# Copy the main application file
COPY main.go .
# Build the application # Build the application
RUN CGO_ENABLED=0 GOOS=linux go build -o mybot . RUN CGO_ENABLED=0 GOOS=linux go build -o gitea-register-account-bot .
# Use a small base image # Use a small base image
FROM alpine:edge FROM alpine:edge
# Create and set the application directory
WORKDIR /app/ WORKDIR /app/
# Add a non-root user to run the application
RUN addgroup -S nonroot \
&& adduser -S nonroot -G nonroot
# Copy the binary from the builder stage # Copy the binary from the builder stage
COPY --from=builder /app/mybot /app/ COPY --from=builder /app/gitea-register-account-bot /app/
# Change file ownership to the nonroot user
RUN chown -R nonroot:nonroot /app
# Change to nonroot user
USER nonroot
# Command to run the executable # Command to run the executable
CMD ["./mybot"] CMD ["./gitea-register-account-bot"]