From ae7a13db21959694e3a876f4624182a306761d70 Mon Sep 17 00:00:00 2001
From: Ilya Glotov <ilya.glotov@gmail.com>
Date: Tue, 12 Dec 2017 14:41:01 +0300
Subject: [PATCH] Add docker improvements

* Add multistaged build effectively reducing image size
* Change deprecated MAINTAINER to LABEL
* Change ADD to COPY
* Start container as a non-root user
---
 Dockerfile | 21 +++++++++++++--------
 1 file changed, 13 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cc9e0bb..2a3ae65 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
-FROM golang:alpine
-MAINTAINER Jimmy Zelinskie <jimmyzelinskie@gmail.com>
+FROM golang:alpine AS build-env
+LABEL maintainer "Jimmy Zelinskie <jimmyzelinskie@gmail.com>"
 
 # Install OS-level dependencies.
 RUN apk update && \
@@ -8,16 +8,21 @@ RUN apk update && \
 
 # Copy our source code into the container.
 WORKDIR /go/src/github.com/chihaya/chihaya
-ADD . /go/src/github.com/chihaya/chihaya
+COPY . /go/src/github.com/chihaya/chihaya
 
 # Install our golang dependencies and compile our binary.
 RUN glide install
-RUN go install github.com/chihaya/chihaya/cmd/chihaya
+RUN CGO_ENABLED=0 GOOS=linux go install github.com/chihaya/chihaya/cmd/chihaya
+RUN adduser -D chihaya
 
-# Delete the compiler from the container.
-# This makes the container much smaller when using Quay's squashing feature.
-RUN rm -r /usr/local/go
+FROM scratch
+COPY --from=build-env /go/bin/chihaya /chihaya
+COPY --from=build-env /etc/passwd /etc/passwd
 
 # Expose a docker interface to our binary.
 EXPOSE 6880 6881
-ENTRYPOINT ["chihaya"]
+
+# Drop root privileges
+USER chihaya
+
+ENTRYPOINT ["/chihaya"]