diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..f16c7e4 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +formless diff --git a/.gitignore b/.gitignore index 9a3a8d8..344d801 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +formless # ---> Go # Binaries for programs and plugins *.exe @@ -12,3 +13,4 @@ # Output of the go coverage tool, specifically when used with LiteIDE *.out +.env diff --git a/Dockerfile b/Dockerfile index 346aa55..e694939 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,11 @@ ## build image: -FROM golang:1.15 as builder +ARG GO_VERSION=1.15 +FROM golang:${GO_VERSION}-alpine AS builder + +RUN mkdir /user && \ + echo 'nobody:x:65534:65534:nobody:/:' > /user/passwd && \ + echo 'nobody:x:65534:' > /user/group +RUN apk add --no-cache ca-certificates git bzip2 make gcc libc-dev RUN mkdir -p /go/src/git.eeqj.de/sneak/formless WORKDIR /go/src/git.eeqj.de/sneak/formless @@ -8,14 +14,16 @@ COPY go.mod . COPY go.sum . RUN go mod download -ADD . /go/src/git.eeqj.de/sneak/formless/ +COPY ./ ./ RUN make build +RUN tar -c /go | bzip2 > /go.tbz2 ## output image: -FROM scratch - +FROM scratch as final +COPY --from=builder /user/group /user/passwd /etc/ +COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /go/src/git.eeqj.de/sneak/formless/formless /app/formless -COPY --from=builder /go /go.archive +COPY --from=builder /go.tbz2 /go.tbz2 WORKDIR /app @@ -24,4 +32,6 @@ ENV DBURL none EXPOSE 8080 -CMD ["./formless"] +USER nobody:nobody + +ENTRYPOINT ["./formless"] diff --git a/Makefile b/Makefile index 9b30eea..26f62c5 100644 --- a/Makefile +++ b/Makefile @@ -77,4 +77,8 @@ upload-docker-image: docker docker push $(IMAGENAME):$(BUILDTIMETAG) docker push $(IMAGENAME):latest +vet: + go vet ./... + bash -c 'test -z "$$(gofmt -l .)"' + .PHONY: build fmt test is_uncommitted docker dist hub upload-docker-image clean run rundebug default build-docker-image-dist diff --git a/go.mod b/go.mod index cbfb5ac..12acd83 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/gin-gonic/gin v1.6.3 github.com/google/uuid v1.1.2 github.com/jinzhu/gorm v1.9.16 + github.com/joho/godotenv v1.3.0 github.com/k0kubun/pp v3.0.1+incompatible github.com/labstack/echo v3.3.10+incompatible github.com/labstack/gommon v0.3.0 diff --git a/go.sum b/go.sum index 15af617..c3152d4 100644 --- a/go.sum +++ b/go.sum @@ -123,6 +123,8 @@ github.com/jinzhu/gorm v1.9.16/go.mod h1:G3LB3wezTOWM2ITLzPxEXgSkOXAntiLHS7UdBef github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= +github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc= +github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9 h1:9yzud/Ht36ygwatGx56VwCZtlI/2AD15T1X2sjSuGns= diff --git a/process/formless.go b/process/formless.go index 1701add..860edd4 100644 --- a/process/formless.go +++ b/process/formless.go @@ -5,6 +5,8 @@ import ( "os" "time" + "github.com/joho/godotenv" + "git.eeqj.de/sneak/formless/database" _ "github.com/jinzhu/gorm/dialects/postgres" _ "github.com/jinzhu/gorm/dialects/sqlite" @@ -17,6 +19,12 @@ import ( // CLIEntry is the main entrypoint func CLIEntry(version string, buildarch string) int { + + err := godotenv.Load() + if err != nil { + panic("Error loading .env file") + } + f := new(Formless) f.version = version f.buildarch = buildarch