ci: dockerized server

6780ff17 · Rémi PAILHAREY · 7304a704 · 6780ff17 · 6780ff17
Commit 6780ff17 authored 3 years ago by Rémi PAILHAREY
--- a/Dockerfile
+++ b/Dockerfile
+# Dockerfile from https://github.com/chemidy/smallest-secured-golang-docker-image
+##################################
+# STEP 1 build executable binary #
+##################################
+FROM golang:alpine as builder
+# Install git + SSL ca certificates.
+# Git is required for fetching the dependencies.
+# Ca-certificates is required to call HTTPS endpoints.
+RUN apk update && apk add --no-cache git ca-certificates tzdata libcap mailcap && update-ca-certificates
+RUN apk add build-base
+# Create appuser
+ENV USER=appuser
+ENV UID=1000
+# See https://stackoverflow.com/a/55757473/12429735
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+WORKDIR /app
+ADD . .
+RUN chown -Rf "${UID}" ./*
+# Get dependencies and run tests
+RUN go version
+RUN go get -d -v
+# Build the binary
+RUN CGO_ENABLED=1 go build \
+    -ldflags='-w -s -extldflags "-static"' -a \
+    -o /app/backoffice-server .
+# Allow running on ports < 1000
+RUN setcap cap_net_bind_service=+ep /app/backoffice-server
+##############################
+# STEP 2 build a small image #
+##############################
+FROM alpine:3.14.0
+WORKDIR /app
+# Import global resources from builder
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+COPY --from=builder /etc/mime.types /etc/mime.types
+# Copy static executable and application resources
+COPY --from=builder /app/backoffice-server /app/backoffice-server
+COPY --from=builder /app/dev_certificates /app/dev_certificates
+COPY --from=builder /app/web /app/web
+COPY --from=builder /app/configs /app/configs
+# Use an unprivileged user.
+USER appuser:appuser
+# Run the binary
+ENTRYPOINT ["./backoffice-server"]
\ No newline at end of file
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,8 +3,6 @@ version: '3.1'
 services: 
    database:
        image: mysql:5
-        ports:
-            - 3306:3306
        environment:
            MYSQL_ROOT_PASSWORD: ${DATABASE_PASSWORD}
            MYSQL_DATABASE: ${DATABASE_NAME}
@@ -17,3 +15,32 @@ services:
            - 8008:80
        environment:
            PMA_HOST: database
+    backoffice-container:
+        image: backoffice
+        build: .
+        restart: unless-stopped
+        volumes:
+            - /etc/localtime:/etc/localtime:ro
+            - ./configs:/app/configs
+            - ./letsencrypt_cache:/app/letsencrypt_cache
+            - ./data:/app/data
+        ports:
+            - ${HTTPS_PORT}:${HTTPS_PORT}
+        environment:
+            - HOSTNAME=${HOSTNAME}
+            - HTTPS_PORT=${HTTPS_PORT}
+            - ADMIN_ROLE=${ADMIN_ROLE}
+            - REDIRECT_URL=${REDIRECT_URL}
+            - CLIENT_ID=${CLIENT_ID}
+            - CLIENT_SECRET=${CLIENT_SECRET}
+            - AUTH_URL=${AUTH_URL}
+            - TOKEN_URL=${TOKEN_URL}
+            - USERINFO_URL=${USERINFO_URL}
+            - LOGOUT_URL=${LOGOUT_URL}
+            - DEBUG_MODE=${DEBUG_MODE}
+            - DATABASE_USER=${DATABASE_USER}
+            - DATABASE_NAME=${DATABASE_NAME}
+            - DATABASE_PASSWORD=${DATABASE_PASSWORD}
+            - DATABASE_HOST=database