-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile
59 lines (44 loc) · 1.69 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
FROM golang:1.23-alpine AS base
RUN set -eux \
&& apk --no-cache add ca-certificates \
&& apk --no-cache add --virtual build-dependencies cmake g++ make unzip curl git libcap
WORKDIR ${GOPATH}/src/github.com/AthenZ/garm
COPY go.mod .
COPY go.sum .
RUN GO111MODULE=on go mod download
FROM base AS builder
ENV APP_NAME=garm
ARG APP_VERSION='development version'
COPY . .
RUN adduser -H -S ${APP_NAME}
RUN BUILD_TIME=$(date -u +%Y%m%d-%H%M%S) \
&& GO_VERSION=$(go version | cut -d" " -f3,4) \
&& CGO_ENABLED=1 \
CGO_CXXFLAGS="-g -Ofast -march=native" \
CGO_FFLAGS="-g -Ofast -march=native" \
CGO_LDFLAGS="-g -Ofast -march=native" \
GOOS=$(go env GOOS) \
GOARCH=$(go env GOARCH) \
GO111MODULE=on \
go build -ldflags "-s -w -linkmode 'external' -extldflags '-static -fPIC -m64 -pthread -std=c++11 -lstdc++' -X 'main.Version=${APP_VERSION} at ${BUILD_TIME} by ${GO_VERSION}'" -a -tags "cgo netgo" -installsuffix "cgo netgo" -o "${APP_NAME}" \
&& mv "${APP_NAME}" "/usr/bin/${APP_NAME}"
# allow well-known port binding
RUN setcap 'cap_net_bind_service=+ep' "/usr/bin/${APP_NAME}"
RUN apk del build-dependencies --purge \
&& rm -rf "${GOPATH}"
# Start From Scratch For Running Environment
FROM scratch
# FROM alpine:latest
LABEL maintainer="cncf-athenz-maintainers@lists.cncf.io"
ENV APP_NAME=garm
# Copy certificates for SSL/TLS
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy permissions
COPY --from=builder /etc/passwd /etc/passwd
# Copy our static executable
COPY --from=builder /usr/bin/${APP_NAME} /go/bin/${APP_NAME}
# Copy user
COPY --from=builder /etc/passwd /etc/passwd
USER ${APP_NAME}
HEALTHCHECK NONE
ENTRYPOINT ["/go/bin/garm"]