45 lines
1.0 KiB
Docker
45 lines
1.0 KiB
Docker
# Build stage
|
|
FROM golang:1.23.12-alpine AS builder
|
|
|
|
WORKDIR /build
|
|
|
|
COPY go.mod ./
|
|
COPY main.go .
|
|
|
|
# CGO_ENABLED=0 for static binary
|
|
# -ldflags for smaller binary size
|
|
# GOOS=linux for OS compatibility
|
|
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-w -s' -o interview-server ./main.go
|
|
|
|
# Run stage
|
|
FROM debian:bullseye-slim
|
|
|
|
# Install ca-certificates for HTTPS
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends ca-certificates && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create non-root user for security
|
|
RUN useradd -u 1000 -m appuser
|
|
|
|
# Change directory for runtime
|
|
WORKDIR /app
|
|
|
|
# Copy the binary from builder
|
|
COPY --from=builder /build/interview-server .
|
|
|
|
# Copy entrypoint script
|
|
COPY docker-entrypoint.sh .
|
|
RUN chmod +x docker-entrypoint.sh
|
|
|
|
# Ensure non-root user is running the applicatoin
|
|
USER appuser
|
|
|
|
# Expose on default port
|
|
EXPOSE 8080
|
|
|
|
# Path to config file can be set via ENV variable
|
|
ENV CONFIG_FILE=""
|
|
|
|
# Run the application using JSON form for proper signal handling
|
|
ENTRYPOINT ["./docker-entrypoint.sh"] |