pixa/Dockerfile

# Build stage
FROM golang:1.24-alpine AS builder

ARG VERSION=dev

# Install build dependencies for CGO image libraries
RUN apk add --no-cache \
    build-base \
    vips-dev \
    libheif-dev \
    pkgconfig

WORKDIR /src

# Copy go mod files first for better layer caching
COPY go.mod go.sum ./
RUN GOTOOLCHAIN=auto go mod download

# Copy source code
COPY . .

# Build with CGO enabled
RUN CGO_ENABLED=1 GOTOOLCHAIN=auto go build -ldflags "-X main.Version=${VERSION}" -o /pixad ./cmd/pixad

# Runtime stage
FROM alpine:3.21

# Install runtime dependencies only
RUN apk add --no-cache \
    vips \
    libheif \
    ca-certificates \
    tzdata

# Copy binary from builder
COPY --from=builder /pixad /usr/local/bin/pixad

# Create non-root user, config directory, and data directory
RUN adduser -D -H -s /sbin/nologin pixad && \
    mkdir -p /var/lib/pixa /etc/pixa && \
    chown pixad:pixad /var/lib/pixa

# Copy default config (edit signing_key before use)
COPY config.example.yml /etc/pixa/config.yml

USER pixad
WORKDIR /var/lib/pixa

EXPOSE 8080

ENTRYPOINT ["/usr/local/bin/pixad", "--config", "/etc/pixa/config.yml"]