From feba33307d7b5cd1c8f91211f5327f6e910c123f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20de=20la=20Pe=C3=B1a?= <mdelapenya@gmail.com>
Date: Mon, 1 Sep 2025 17:33:11 +0200
Subject: [PATCH 1/2] chore: reduce binary size with upx

---
 linux/Dockerfile   | 16 +++++++++++++++-
 windows/Dockerfile | 10 +++++++++-
 2 files changed, 24 insertions(+), 2 deletions(-)

diff --git a/linux/Dockerfile b/linux/Dockerfile
index 962902a..2264181 100644
--- a/linux/Dockerfile
+++ b/linux/Dockerfile
@@ -16,9 +16,23 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 # Copy source & build
 COPY --link . .
 
+# Build binary:
+# -a: force rebuild
+# -installsuffix cgo: remove cgo support
+# -ldflags="-w -s": omits the DWARF symbol table, symbol table and debug information
+# -trimpath: remove all file system paths from the compiled executable
+# -o /bin/ryuk: output binary to /bin/ryuk
 RUN --mount=type=cache,target=/go/pkg/mod \
     --mount=type=cache,target=/root/.cache/go-build \
-    go build -ldflags '-s' -o /bin/ryuk
+    go build \
+    -a \
+    -installsuffix cgo \
+    -ldflags="-w -s" \
+    -trimpath \
+    -o /bin/ryuk .
+
+# Compress with UPX (trade-off: smaller size vs startup time)
+RUN apk add --no-cache upx && upx --best --lzma /bin/ryuk
 
 # -----------------
 # Certificates
diff --git a/windows/Dockerfile b/windows/Dockerfile
index 6dde78c..4c9e1c4 100644
--- a/windows/Dockerfile
+++ b/windows/Dockerfile
@@ -21,7 +21,15 @@ USER ContainerUser
 
 # Copy source & build
 COPY . .
-RUN go build -v -ldflags "-s" -o /bin/ryuk
+# Build binary:
+# -a: force rebuild
+# -installsuffix cgo: remove cgo support
+# -ldflags="-w -s": omits the DWARF symbol table, symbol table and debug information
+# -trimpath: remove all file system paths from the compiled executable
+# -o /bin/ryuk: output binary to /bin/ryuk
+RUN go build -a -installsuffix cgo -ldflags="-w -s" -trimpath -o /bin/ryuk .
+
+# Do not optimise with UPX on Windows, as nanoserver does not have PowerShell to install it
 
 # -----------------
 # Distributed Image

From dfc27cf8a70c985d2552a1e6162c40e69ee245a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20de=20la=20Pe=C3=B1a?= <mdelapenya@gmail.com>
Date: Mon, 1 Sep 2025 17:47:44 +0200
Subject: [PATCH 2/2] fix: do not use upx on s390x

---
 linux/Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/linux/Dockerfile b/linux/Dockerfile
index 2264181..d720220 100644
--- a/linux/Dockerfile
+++ b/linux/Dockerfile
@@ -32,7 +32,10 @@ RUN --mount=type=cache,target=/go/pkg/mod \
     -o /bin/ryuk .
 
 # Compress with UPX (trade-off: smaller size vs startup time)
-RUN apk add --no-cache upx && upx --best --lzma /bin/ryuk
+# Note: UPX is not available for s390x architecture
+RUN if [ "$(uname -m)" != "s390x" ]; then \
+        apk add --no-cache upx && upx --best --lzma /bin/ryuk; \
+    fi
 
 # -----------------
 # Certificates