This commit is contained in:
26
Dockerfile
26
Dockerfile
@@ -1,34 +1,22 @@
|
||||
# ---------- Build Stage ----------
|
||||
# --- Build ---
|
||||
FROM golang:1.24-alpine AS build
|
||||
WORKDIR /src
|
||||
# System‑Deps nur für Build
|
||||
RUN apk add --no-cache git ca-certificates tzdata && update-ca-certificates
|
||||
|
||||
# Module separat cachen
|
||||
COPY go.mod go.sum ./
|
||||
RUN go mod download
|
||||
|
||||
# Quellcode
|
||||
COPY . .
|
||||
|
||||
# statisch bauen (kein CGO), mit kleinen Binaries
|
||||
ENV CGO_ENABLED=0
|
||||
RUN --mount=type=cache,target=/root/.cache/go-build \
|
||||
go build -trimpath -ldflags="-s -w" -o /out/dashboard ./cmd/dashboard
|
||||
|
||||
# ---------- Runtime Stage ----------
|
||||
# Distroless ist sehr klein/sicher; enthält CA‑Zertifikate für HTTPS‑Calls
|
||||
# --- Runtime ---
|
||||
FROM gcr.io/distroless/base-debian12:nonroot
|
||||
WORKDIR /app
|
||||
|
||||
# Expose Port
|
||||
EXPOSE 8080
|
||||
|
||||
# Copy Binary + benötigte Zeitzonen/Certs sind in Distroless bereits enthalten
|
||||
# Binärdatei
|
||||
COPY --from=build /out/dashboard /app/dashboard
|
||||
|
||||
# Security: läuft als nonroot User (Distroless nonroot UID 65532)
|
||||
# Statische Dateien:
|
||||
COPY web /app/web
|
||||
ENV WEB_ROOT=/app/web
|
||||
USER nonroot:nonroot
|
||||
|
||||
# Healthcheck via Startkommando ist nicht möglich in Distroless – per Compose lösen
|
||||
ENTRYPOINT ["/app/dashboard"]
|
||||
ENTRYPOINT ["/app/dashboard"]
|
||||
|
||||
Reference in New Issue
Block a user