From 6780ff17098a2265de9f2b0e3e512eeff265faab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Pailharey?= <rpailharey@grandlyon.com>
Date: Wed, 21 Jul 2021 10:46:08 +0200
Subject: [PATCH] ci: dockerized server
---
Dockerfile | 70 ++++++++++++++++++++++++++++++++++++++++++++++
docker-compose.yml | 31 ++++++++++++++++++--
2 files changed, 99 insertions(+), 2 deletions(-)
create mode 100644 Dockerfile
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..56f736b
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,70 @@
+# Dockerfile from https://github.com/chemidy/smallest-secured-golang-docker-image
+
+##################################
+# STEP 1 build executable binary #
+##################################
+
+FROM golang:alpine as builder
+
+# Install git + SSL ca certificates.
+# Git is required for fetching the dependencies.
+# Ca-certificates is required to call HTTPS endpoints.
+RUN apk update && apk add --no-cache git ca-certificates tzdata libcap mailcap && update-ca-certificates
+RUN apk add build-base
+
+# Create appuser
+ENV USER=appuser
+ENV UID=1000
+# See https://stackoverflow.com/a/55757473/12429735
+RUN adduser \
+ --disabled-password \
+ --gecos "" \
+ --home "/nonexistent" \
+ --shell "/sbin/nologin" \
+ --no-create-home \
+ --uid "${UID}" \
+ "${USER}"
+
+WORKDIR /app
+
+ADD . .
+
+RUN chown -Rf "${UID}" ./*
+
+# Get dependencies and run tests
+RUN go version
+RUN go get -d -v
+
+# Build the binary
+RUN CGO_ENABLED=1 go build \
+ -ldflags='-w -s -extldflags "-static"' -a \
+ -o /app/backoffice-server .
+
+# Allow running on ports < 1000
+RUN setcap cap_net_bind_service=+ep /app/backoffice-server
+
+##############################
+# STEP 2 build a small image #
+##############################
+FROM alpine:3.14.0
+
+WORKDIR /app
+
+# Import global resources from builder
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+COPY --from=builder /etc/mime.types /etc/mime.types
+
+# Copy static executable and application resources
+COPY --from=builder /app/backoffice-server /app/backoffice-server
+COPY --from=builder /app/dev_certificates /app/dev_certificates
+COPY --from=builder /app/web /app/web
+COPY --from=builder /app/configs /app/configs
+
+# Use an unprivileged user.
+USER appuser:appuser
+
+# Run the binary
+ENTRYPOINT ["./backoffice-server"]
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index eab34bf..332cf6a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,8 +3,6 @@ version: '3.1'
services:
database:
image: mysql:5
- ports:
- - 3306:3306
environment:
MYSQL_ROOT_PASSWORD: ${DATABASE_PASSWORD}
MYSQL_DATABASE: ${DATABASE_NAME}
@@ -17,3 +15,32 @@ services:
- 8008:80
environment:
PMA_HOST: database
+
+ backoffice-container:
+ image: backoffice
+ build: .
+ restart: unless-stopped
+ volumes:
+ - /etc/localtime:/etc/localtime:ro
+ - ./configs:/app/configs
+ - ./letsencrypt_cache:/app/letsencrypt_cache
+ - ./data:/app/data
+ ports:
+ - ${HTTPS_PORT}:${HTTPS_PORT}
+ environment:
+ - HOSTNAME=${HOSTNAME}
+ - HTTPS_PORT=${HTTPS_PORT}
+ - ADMIN_ROLE=${ADMIN_ROLE}
+ - REDIRECT_URL=${REDIRECT_URL}
+ - CLIENT_ID=${CLIENT_ID}
+ - CLIENT_SECRET=${CLIENT_SECRET}
+ - AUTH_URL=${AUTH_URL}
+ - TOKEN_URL=${TOKEN_URL}
+ - USERINFO_URL=${USERINFO_URL}
+ - LOGOUT_URL=${LOGOUT_URL}
+ - DEBUG_MODE=${DEBUG_MODE}
+ - DATABASE_USER=${DATABASE_USER}
+ - DATABASE_NAME=${DATABASE_NAME}
+ - DATABASE_PASSWORD=${DATABASE_PASSWORD}
+ - DATABASE_HOST=database
+
--
GitLab