Add docker improvements

* Add multistaged build effectively reducing image size
* Change deprecated MAINTAINER to LABEL
* Change ADD to COPY
* Start container as a non-root user
This commit is contained in:
Ilya Glotov 2017-12-12 14:41:01 +03:00
parent d28c6717b1
commit ae7a13db21
No known key found for this signature in database
GPG key ID: AE18CC224730A36D

View file

@ -1,5 +1,5 @@
FROM golang:alpine FROM golang:alpine AS build-env
MAINTAINER Jimmy Zelinskie <jimmyzelinskie@gmail.com> LABEL maintainer "Jimmy Zelinskie <jimmyzelinskie@gmail.com>"
# Install OS-level dependencies. # Install OS-level dependencies.
RUN apk update && \ RUN apk update && \
@ -8,16 +8,21 @@ RUN apk update && \
# Copy our source code into the container. # Copy our source code into the container.
WORKDIR /go/src/github.com/chihaya/chihaya WORKDIR /go/src/github.com/chihaya/chihaya
ADD . /go/src/github.com/chihaya/chihaya COPY . /go/src/github.com/chihaya/chihaya
# Install our golang dependencies and compile our binary. # Install our golang dependencies and compile our binary.
RUN glide install RUN glide install
RUN go install github.com/chihaya/chihaya/cmd/chihaya RUN CGO_ENABLED=0 GOOS=linux go install github.com/chihaya/chihaya/cmd/chihaya
RUN adduser -D chihaya
# Delete the compiler from the container. FROM scratch
# This makes the container much smaller when using Quay's squashing feature. COPY --from=build-env /go/bin/chihaya /chihaya
RUN rm -r /usr/local/go COPY --from=build-env /etc/passwd /etc/passwd
# Expose a docker interface to our binary. # Expose a docker interface to our binary.
EXPOSE 6880 6881 EXPOSE 6880 6881
ENTRYPOINT ["chihaya"]
# Drop root privileges
USER chihaya
ENTRYPOINT ["/chihaya"]