Skip to content

Commit 95da967

Browse files
11notes11notes
committed
[feature] better build, stripping and distroless filesystem
1 parent 55e7bc6 commit 95da967

1 file changed

Lines changed: 42 additions & 17 deletions

File tree

arch.dockerfile

Lines changed: 42 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,22 +1,47 @@
1-
# :: Distroless
2-
FROM alpine AS fs
3-
USER root
4-
RUN set -ex; \
5-
mkdir -p /rootfs/run/proxy; \
6-
mkdir -p /rootfs/etc; \
7-
echo "root:x:0:0:root:/root:/bin/sh" > /rootfs/etc/passwd; \
8-
echo "root:x:0:root" > /rootfs/etc/group;
1+
# :: Util
2+
FROM 11notes/util AS util
93

10-
# :: Build // socket-proxy
11-
FROM golang:1.24-alpine AS socket-proxy
4+
# :: Build / socket-proxy
5+
FROM golang:1.24-alpine AS build
126
ARG TARGETARCH
137
ENV CGO_ENABLED=0
8+
ENV BUILD_DIR=/go/socket-proxy
9+
ENV BUILD_BIN=${BUILD_DIR}/socket-proxy
10+
1411
USER root
12+
COPY --from=util /usr/local/bin/ /usr/local/bin
1513
COPY ./go/ /go
14+
15+
RUN set -ex; \
16+
apk --update --no-cache add \
17+
build-base \
18+
upx;
19+
1620
RUN set -ex; \
17-
cd /go/socket-proxy; \
18-
go build -ldflags="-extldflags=-static" -o socket-proxy main.go; \
19-
mv socket-proxy /usr/local/bin/socket-proxy;
21+
cd ${BUILD_DIR}; \
22+
mkdir -p /distroless/usr/local/bin; \
23+
go build -ldflags="-extldflags=-static" -o ${BUILD_BIN} main.go; \
24+
eleven strip ${BUILD_BIN}; \
25+
cp ${BUILD_BIN} /distroless/usr/local/bin;
26+
27+
# :: Distroless / socket-proxy
28+
FROM scratch AS distroless-socket-proxy
29+
COPY --from=build /distroless/ /
30+
31+
# :: Build / file system
32+
FROM alpine AS fs
33+
ARG APP_ROOT
34+
USER root
35+
36+
RUN set -ex; \
37+
mkdir -p ${APP_ROOT}/etc;
38+
39+
COPY ./rootfs /
40+
41+
# :: Distroless / file system
42+
FROM scratch AS distroless-fs
43+
ARG APP_ROOT
44+
COPY --from=fs ${APP_ROOT} /${APP_ROOT}
2045

2146
# :: Header
2247
FROM 11notes/distroless AS distroless
@@ -43,11 +68,11 @@
4368
ENV SOCKET_PROXY_GID=1000
4469

4570
# :: multi-stage
46-
COPY --from=distroless / /
47-
COPY --from=socket-proxy /usr/local/bin/socket-proxy /
71+
COPY --from=distroless-fs / /
72+
COPY --from=distroless-socket-proxy / /
4873

4974
# :: Monitor
50-
HEALTHCHECK --interval=5s --timeout=2s CMD ["/socket-proxy", "--healthcheck"]
75+
HEALTHCHECK --interval=5s --timeout=2s CMD ["socket-proxy", "--healthcheck"]
5176

5277
# :: Start
53-
ENTRYPOINT ["/socket-proxy"]
78+
ENTRYPOINT ["socket-proxy"]

0 commit comments

Comments
 (0)