Optimize Docker image

.github/workflows/docker-publish.yml

@@ -28,10 +28,18 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v2
 
+      - name: Set build type
+        run: |
+          if [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then
+            echo "BUILD_TYPE=test" >> $GITHUB_ENV
+          else
+            echo "BUILD_TYPE=release" >> $GITHUB_ENV
+          fi
+
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
       - name: Log into registry ${{ env.REGISTRY }}
-        if: github.event_name != 'pull_request'
+        if: env.BUILD_TYPE == 'release'
         uses: docker/login-action@v1
         with:
           registry: ${{ env.REGISTRY }}
@@ -54,14 +62,15 @@ jobs:
       - name: Setup Docker buildx
         id: buildx
         uses: docker/setup-buildx-action@v1
-        
+
       # Build and push Docker image with Buildx (don't push on PR)
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         uses: docker/build-push-action@v2
         with:
           context: .
-          push: ${{ github.event_name != 'pull_request' }}
+          push: ${{ env.BUILD_TYPE == 'release' }}
+          target: ${{ env.BUILD_TYPE }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           platforms: linux/amd64,linux/arm64,linux/arm/v7

Dockerfile

@@ -1,23 +1,82 @@
-FROM golang:1.19.1-alpine3.16 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.19.1-bullseye AS builder-base
 
-RUN apk add --no-cache git
+ARG TARGETOS TARGETARCH
+
+RUN apt-get update && \
+    apt-get install git ca-certificates tzdata && \
+    update-ca-certificates
+
+ENV USER=application
+ENV UID=10001
+
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
+WORKDIR $GOPATH/src/app
+
+COPY go.mod .
+RUN go mod download && go mod verify
 
-WORKDIR /go/src/app
 COPY . .
 
-RUN go get -d -v ./...
-RUN go build -o /go/bin/main -v cmd/main.go
+# ----------------
+
+FROM builder-base AS builder-test
+
+RUN GOOS=$TARGETOS GOARCH=$TARGETARCH \
+    go build \
+    -o /go/bin/main -v cmd/main.go
+
+# ----------------
+
+FROM builder-base AS builder-release
+
+RUN --mount=target=. \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg \
+    CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH \
+    go build \
+    -ldflags="-w -s" -a -installsuffix cgo \
+    -o /go/bin/main -v cmd/main.go
 
 # ----------------
 
-FROM alpine:3.16
+FROM scratch AS base
 
-RUN apk --no-cache add ca-certificates tzdata
+COPY --from=builder-base /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=builder-base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder-base /etc/passwd /etc/passwd
+COPY --from=builder-base /etc/group /etc/group
+
+COPY --from=builder-base /go/src/app/web /app/web
+
+# ----------------
+
+FROM base AS release
+
+COPY --from=builder-release /go/bin/main /app/cmd/main
 
 WORKDIR /app
+ENTRYPOINT [ "/app/cmd/main" ]
+EXPOSE 3000
 
-COPY --from=builder /go/bin/main /app/cmd/main
-COPY --from=builder /go/src/app/web /app/web
+# ----------------
+
+FROM debian:bullseye AS test
+
+COPY --from=base / /
+COPY --from=builder-test /go/bin/main /app/cmd/main
 
-ENTRYPOINT /app/cmd/main
+WORKDIR /app
+ENTRYPOINT [ "/app/cmd/main" ]
 EXPOSE 3000
+
+# ---------------- default target
+
+FROM test

README.md

@@ -27,7 +27,7 @@ services:
 Use Codespaces on GitHub. To build and run the application using Docker, do this:
 
 ```sh
-docker build . -t app && docker run -it --rm --network host app
+DOCKER_BUILDKIT=1 docker build . -t app --target test && docker run -it --rm --network host app
 ```
 
 ## Credits