refactor(Docker): 💥 Changes Dockerfile to more closely adhere to best practice
All checks were successful
Test Changes on Push / build-vet-test (push) Successful in 21s
All checks were successful
Test Changes on Push / build-vet-test (push) Successful in 21s
This commit changes the Dockerfile to adhere closer to the standards set by tools like Sonarqube et al. It enforces the usage of a nonroot user, copies files explicitly between build stages and makes the binary filename consistent with our binary releases fix: #3
This commit is contained in:
25
Dockerfile
25
Dockerfile
@@ -5,19 +5,36 @@ FROM golang:alpine3.19 AS builder
|
||||
WORKDIR /app
|
||||
|
||||
# Copy the source code into the container
|
||||
COPY . .
|
||||
COPY go.mod .
|
||||
COPY go.sum .
|
||||
|
||||
# Download required modules
|
||||
RUN go mod download
|
||||
|
||||
# Copy the main application file
|
||||
COPY main.go .
|
||||
|
||||
# Build the application
|
||||
RUN CGO_ENABLED=0 GOOS=linux go build -o mybot .
|
||||
RUN CGO_ENABLED=0 GOOS=linux go build -o gitea-register-account-bot .
|
||||
|
||||
# Use a small base image
|
||||
FROM alpine:edge
|
||||
|
||||
# Create and set the application directory
|
||||
WORKDIR /app/
|
||||
|
||||
# Add a non-root user to run the application
|
||||
RUN addgroup -S nonroot \
|
||||
&& adduser -S nonroot -G nonroot
|
||||
|
||||
# Copy the binary from the builder stage
|
||||
COPY --from=builder /app/mybot /app/
|
||||
COPY --from=builder /app/gitea-register-account-bot /app/
|
||||
|
||||
# Change file ownership to the nonroot user
|
||||
RUN chown -R nonroot:nonroot /app
|
||||
|
||||
# Change to nonroot user
|
||||
USER nonroot
|
||||
|
||||
# Command to run the executable
|
||||
CMD ["./mybot"]
|
||||
CMD ["./gitea-register-account-bot"]
|
||||
|
||||
Reference in New Issue
Block a user