diff options
Diffstat (limited to 'backend/Dockerfile')
| -rw-r--r-- | backend/Dockerfile | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/backend/Dockerfile b/backend/Dockerfile new file mode 100644 index 0000000..caef54a --- /dev/null +++ b/backend/Dockerfile @@ -0,0 +1,79 @@ +# syntax=docker/dockerfile:1 +################################################################################ +# Create a stage for building the application. +ARG GO_VERSION=1.22.5 +FROM --platform=$BUILDPLATFORM golang:${GO_VERSION} AS build +WORKDIR /src + +# Download dependencies as a separate step to take advantage of Docker's caching. +# Leverage a cache mount to /go/pkg/mod/ to speed up subsequent builds. +# Leverage bind mounts to go.sum and go.mod to avoid having to copy them into +# the container. +RUN --mount=type=cache,target=/go/pkg/mod/ \ + --mount=type=bind,source=go.sum,target=go.sum \ + --mount=type=bind,source=go.mod,target=go.mod \ + go mod download -x + +# This is the architecture you're building for, which is passed in by the builder. +# Placing it here allows the previous steps to be cached across architectures. +ARG TARGETARCH + +# Specify the versions of the tools to use. +ARG BUF_VERSION=1.35.1 +ARG MOCKGEN_VERSION=0.4.0 + +# Install required tools for build +RUN go install "go.uber.org/mock/mockgen@v${MOCKGEN_VERSION}" && \ + curl -sSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-$(uname -s)-$(uname -m)" \ + -o "/usr/local/bin/buf" && \ + chmod +x /usr/local/bin/buf && \ + buf --version + +# Bind mounts are read-only, so we copy the source code into the container. +COPY . . + +# Build the application. +# Leverage a cache mount to /go/pkg/mod/ to speed up subsequent builds. +RUN --mount=type=cache,target=/go/pkg/mod/ \ + go generate -v ./... && \ + CGO_ENABLED=0 GOARCH=$TARGETARCH go build -o /bin/server ./cmd + +################################################################################ +# Create a new stage for running the application that contains the minimal +# runtime dependencies for the application. This often uses a different base +# image from the build stage where the necessary files are copied from the build +# stage. +FROM alpine:latest AS final + +# Install any runtime dependencies that are needed to run your application. +# Leverage a cache mount to /var/cache/apk/ to speed up subsequent builds. +RUN --mount=type=cache,target=/var/cache/apk \ + apk --update add \ + ca-certificates \ + tzdata \ + tini \ + && \ + update-ca-certificates + +# Create a non-privileged user that the app will run under. +# See https://docs.docker.com/go/dockerfile-user-best-practices/ +ARG UID=10001 +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid "${UID}" \ + appuser +USER appuser + +# Copy the executable from the "build" stage. +COPY --from=build /bin/server /bin/ + +# Expose the port that the application listens on. +EXPOSE 8000 + +# What the container should run when it is started. +ENTRYPOINT ["/sbin/tini", "--"] +CMD ["/bin/server"] |