Add Dockerfile with multi-stage build and source archive
- Builder stage: vendor dependencies, build binary, create source archive - Source archive (.tar.zst) includes all code and vendored dependencies - Runtime stage: minimal Debian image with binary and source archive - Health check via curl to /.well-known/healthcheck.json - Runs as non-root user (routewatch:1000)
This commit is contained in:
parent
5d7358fce6
commit
8e79b8c074
70
Dockerfile
Normal file
70
Dockerfile
Normal file
@ -0,0 +1,70 @@
|
||||
# Build stage
|
||||
FROM golang:1.24-bookworm AS builder
|
||||
|
||||
# Install build dependencies (zstd for archive, gcc for CGO/sqlite3)
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
zstd \
|
||||
gcc \
|
||||
libc6-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /src
|
||||
|
||||
# Copy go.mod and go.sum first for better layer caching
|
||||
COPY go.mod go.sum ./
|
||||
|
||||
# Download and vendor dependencies
|
||||
RUN go mod download
|
||||
RUN go mod vendor
|
||||
|
||||
# Copy source code
|
||||
COPY . .
|
||||
|
||||
# Build the binary with CGO enabled (required for sqlite3)
|
||||
RUN CGO_ENABLED=1 GOOS=linux go build -o /routewatch ./cmd/routewatch
|
||||
|
||||
# Create source archive with vendored dependencies
|
||||
RUN tar --zstd -cf /routewatch-source.tar.zst \
|
||||
--exclude='.git' \
|
||||
--exclude='*.tar.zst' \
|
||||
.
|
||||
|
||||
# Runtime stage
|
||||
FROM debian:bookworm-slim
|
||||
|
||||
# Install runtime dependencies
|
||||
# - ca-certificates: for HTTPS connections
|
||||
# - curl: for health checks
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
ca-certificates \
|
||||
curl \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Create non-root user
|
||||
RUN useradd -r -u 1000 -m routewatch
|
||||
|
||||
# Create state directory
|
||||
RUN mkdir -p /var/lib/routewatch && chown routewatch:routewatch /var/lib/routewatch
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
# Copy binary and source archive from builder
|
||||
COPY --from=builder /routewatch /app/routewatch
|
||||
COPY --from=builder /routewatch-source.tar.zst /app/source/routewatch-source.tar.zst
|
||||
|
||||
# Set ownership
|
||||
RUN chown -R routewatch:routewatch /app
|
||||
|
||||
USER routewatch
|
||||
|
||||
# Default state directory
|
||||
ENV ROUTEWATCH_STATE_DIR=/var/lib/routewatch
|
||||
|
||||
# Expose HTTP port
|
||||
EXPOSE 8080
|
||||
|
||||
# Health check using the health endpoint
|
||||
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
||||
CMD curl -sf http://localhost:8080/.well-known/healthcheck.json || exit 1
|
||||
|
||||
ENTRYPOINT ["/app/routewatch"]
|
||||
Loading…
Reference in New Issue
Block a user