sneak
377b51f2db
- Add DOCKER_HOST export to Makefile for remote Docker daemon - Create multi-stage Dockerfile: - Build stage: golang:1.24-alpine with gcc, make, git - Runtime stage: alpine with ca-certificates, gnupg - Runs as non-root 'secret' user - Add Makefile targets: - docker: build container as sneak/secret - docker-run: run container interactively - Add .dockerignore to exclude build artifacts but keep .git for potential linker flags Container includes GPG support for PGP unlockers and runs on Linux, making it suitable for cross-platform testing and deployment.
50 lines
840 B
Docker
50 lines
840 B
Docker
# Build stage
|
|
FROM golang:1.24-alpine AS builder
|
|
|
|
# Install build dependencies
|
|
RUN apk add --no-cache \
|
|
gcc \
|
|
musl-dev \
|
|
make \
|
|
git
|
|
|
|
# Set working directory
|
|
WORKDIR /build
|
|
|
|
# Copy go mod files
|
|
COPY go.mod go.sum ./
|
|
|
|
# Download dependencies
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build the binary
|
|
RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
|
|
|
|
# Runtime stage
|
|
FROM alpine:latest
|
|
|
|
# Install runtime dependencies
|
|
RUN apk add --no-cache \
|
|
ca-certificates \
|
|
gnupg
|
|
|
|
# Create non-root user
|
|
RUN adduser -D -s /bin/sh secret
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /build/secret /usr/local/bin/secret
|
|
|
|
# Ensure binary is executable
|
|
RUN chmod +x /usr/local/bin/secret
|
|
|
|
# Switch to non-root user
|
|
USER secret
|
|
|
|
# Set working directory
|
|
WORKDIR /home/secret
|
|
|
|
# Set entrypoint
|
|
ENTRYPOINT ["secret"] |