Add docker improvements

* Add multistaged build effectively reducing image size * Change deprecated MAINTAINER to LABEL * Change ADD to COPY * Start container as a non-root user
2017-12-12 14:41:01 +03:00 · 2017-12-12 14:41:01 +03:00 · ae7a13db21
parent d28c6717b1
commit ae7a13db21
1 changed files with 13 additions and 8 deletions
--- a/21
+++ b/21
@ -1,5 +1,5 @@
-FROM golang:alpine
-MAINTAINER Jimmy Zelinskie <jimmyzelinskie@gmail.com>
+FROM golang:alpine AS build-env
+LABEL maintainer "Jimmy Zelinskie <jimmyzelinskie@gmail.com>"

 # Install OS-level dependencies.
 RUN apk update && \
@ -8,16 +8,21 @@ RUN apk update && \

 # Copy our source code into the container.
 WORKDIR /go/src/github.com/chihaya/chihaya
-ADD . /go/src/github.com/chihaya/chihaya
+COPY . /go/src/github.com/chihaya/chihaya

 # Install our golang dependencies and compile our binary.
 RUN glide install
-RUN go install github.com/chihaya/chihaya/cmd/chihaya
+RUN CGO_ENABLED=0 GOOS=linux go install github.com/chihaya/chihaya/cmd/chihaya
+RUN adduser -D chihaya

-# Delete the compiler from the container.
-# This makes the container much smaller when using Quay's squashing feature.
-RUN rm -r /usr/local/go
+FROM scratch
+COPY --from=build-env /go/bin/chihaya /chihaya
+COPY --from=build-env /etc/passwd /etc/passwd

 # Expose a docker interface to our binary.
 EXPOSE 6880 6881
-ENTRYPOINT ["chihaya"]
+
+# Drop root privileges
+USER chihaya
+
+ENTRYPOINT ["/chihaya"]