-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build with:
docker build -t intercert .
run with
docker run -p 6300 intercert serve --agree --dns-provider=azure- Loading branch information
Showing
2 changed files
with
62 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,59 @@ | ||
| # Accept the Go version for the image to be set as a build argument. | ||
| ARG GO_VERSION=1.12 | ||
|
|
||
| ARG INTERCERT_VERSION="DEV-SNAPSHOT" | ||
|
|
||
| # First stage: build the executable. | ||
| FROM golang:${GO_VERSION}-alpine AS builder | ||
|
|
||
| # Create the user and group files that will be used in the running container to | ||
| # run the process as an unprivileged user. | ||
| RUN mkdir /user && \ | ||
| echo 'nobody:x:65534:65534:nobody:/:' > /user/passwd && \ | ||
| echo 'nobody:x:65534:' > /user/group | ||
|
|
||
| # Install the Certificate-Authority certificates for the app to be able to make | ||
| # calls to HTTPS endpoints. | ||
| # Git is required for fetching the dependencies. | ||
| RUN apk add --no-cache ca-certificates git | ||
|
|
||
| # Set the working directory outside $GOPATH to enable the support for modules. | ||
| WORKDIR /src | ||
|
|
||
| # Fetch dependencies first; they are less susceptible to change on every build | ||
| # and will therefore be cached for speeding up the next build | ||
| COPY ./go.mod ./go.sum ./ | ||
| RUN go mod download | ||
|
|
||
| # Import the code from the context. | ||
| COPY ./ ./ | ||
|
|
||
| # Build the executable to `/app`. Mark the build as statically linked. | ||
| RUN CGO_ENABLED=0 go build -ldflags \ | ||
| "-s -w -X main.Version=DEV-SNAPSHOT -X main.Commit=$(`echo git rev-parse --short HEAD`)" -o /app . | ||
|
|
||
| # Final stage: the running container. | ||
| FROM scratch AS final | ||
|
|
||
| # Import the user and group files from the first stage. | ||
| COPY --from=builder /user/group /user/passwd /etc/ | ||
|
|
||
| # Import the Certificate-Authority certificates for enabling HTTPS. | ||
| COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ | ||
|
|
||
| # Import the compiled executable from the first stage. | ||
| COPY --from=builder /app /app | ||
|
|
||
| # Declare the port on which the server will be exposed. | ||
| # As we're going to run the executable as an unprivileged user, we can't bind | ||
| # to ports below 1024. | ||
| EXPOSE 6300 | ||
|
|
||
| VOLUME /server-data | ||
| VOLUME /.intercert | ||
|
|
||
| # Perform any further action as an unprivileged user. | ||
| USER nobody:nobody | ||
|
|
||
| # Run the compiled binary. | ||
| ENTRYPOINT ["/app"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters