From 323f458c7cba170e9a5ccd97f01e2e4666966c36 Mon Sep 17 00:00:00 2001 From: Hugo <hnouts@grandlyon.com> Date: Thu, 8 Oct 2020 14:30:28 +0200 Subject: [PATCH] test from scratch --- Dockerfile | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index 19c484f..255f4f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,26 +5,36 @@ FROM golang:alpine as server-builder WORKDIR /server RUN apk update && apk upgrade && \ - apk add --no-cache bash git openssh build-base + apk add --no-cache bash git openssh build-base && \ + apk add --no-cache git ca-certificates tzdata libcap mailcap && \ + update-ca-certificates ADD . . RUN go get -d -v && \ go test ./... && \ go build -o server -# Running... - -FROM alpine -WORKDIR /app +RUN setcap cap_net_bind_service=+ep server -RUN apk update && apk add ca-certificates libcap -# RUN apk --no-cache add ca-certificates -# ca-certificates for autocert (Let's Encrypt) and mailcap to get mime types for downloaded documents +# Running... +FROM scratch -RUN echo "hosts: files dns" > /etc/nsswitch.conf +WORKDIR /app COPY --from=server-builder /server/server /app - -RUN setcap cap_net_bind_service=+ep server +COPY --from=server-builder /usr/share/zoneinfo /usr/share/zoneinfo +COPY --from=server-builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=server-builder /etc/passwd /etc/passwd +COPY --from=server-builder /etc/group /etc/group +COPY --from=server-builder /etc/mime.types /etc/mime.types + +# Copy static executable and application resources +COPY --from=server-builder /server/server /app/server +COPY --from=server-builder /server/dev_certificates /app/dev_certificates +COPY --from=server-builder /server/web /app/web +COPY --from=server-builder /server/configs /app/configs + +# Use an unprivileged user. +USER appuser:appuser ENTRYPOINT [ "./server"] -- GitLab