66 lines
1.7 KiB
Docker
66 lines
1.7 KiB
Docker
# Build stage
|
|
FROM golang:1.24-bookworm AS builder
|
|
|
|
# Install build dependencies (zstd for archive, gcc for CGO/sqlite3)
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
zstd \
|
|
gcc \
|
|
libc6-dev \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /src
|
|
|
|
# Copy everything
|
|
COPY . .
|
|
|
|
# Vendor dependencies (must be after copying source)
|
|
RUN go mod download && go mod vendor
|
|
|
|
# Build the binary with CGO enabled (required for sqlite3)
|
|
RUN CGO_ENABLED=1 GOOS=linux go build -o /routewatch ./cmd/routewatch
|
|
|
|
# Create source archive with vendored dependencies
|
|
RUN tar --zstd -cf /routewatch-source.tar.zst \
|
|
--exclude='.git' \
|
|
--exclude='*.tar.zst' \
|
|
.
|
|
|
|
# Runtime stage
|
|
FROM debian:bookworm-slim
|
|
|
|
# Install runtime dependencies
|
|
# - ca-certificates: for HTTPS connections
|
|
# - curl: for health checks
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
curl \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create non-root user
|
|
RUN useradd -r -u 1000 -m routewatch
|
|
|
|
RUN mkdir -p /var/lib/berlin.sneak.app.routewatch && chown routewatch:routewatch /var/lib/berlin.sneak.app.routewatch
|
|
|
|
RUN mkdir /app
|
|
WORKDIR /app
|
|
|
|
# Copy binary and source archive from builder
|
|
COPY --from=builder /routewatch /app/routewatch
|
|
COPY --from=builder /routewatch-source.tar.zst /app/source/routewatch-source.tar.zst
|
|
|
|
# Set ownership
|
|
RUN chown -R routewatch:routewatch /app
|
|
|
|
USER routewatch
|
|
|
|
ENV XDG_DATA_HOME=/var/lib
|
|
|
|
# Expose HTTP port
|
|
EXPOSE 8080
|
|
|
|
# Health check using the health endpoint
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD curl -sf http://localhost:8080/.well-known/healthcheck.json || exit 1
|
|
|
|
ENTRYPOINT ["/app/routewatch"]
|