added docs and container (podman + docker) setup

2025-10-13 01:28:52 +02:00
parent 67cca9854f
commit 1cccb4e603
16 changed files with 1918 additions and 5 deletions
--- a/assets/.compose
+++ b/assets/.compose
@@ -0,0 +1,43 @@
+version: '3.8'
+
+services:
+  argparse-builder:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    container_name: argparse-builder
+    ports:
+      - "8080:8080"
+    restart: unless-stopped
+    
+    # Resource limits
+    deploy:
+      resources:
+        limits:
+          cpus: '0.5'
+          memory: 128M
+        reservations:
+          cpus: '0.1'
+          memory: 32M
+    
+    # Security
+    read_only: true
+    cap_drop:
+      - ALL
+    security_opt:
+      - no-new-privileges:true
+    
+    # Health check
+    healthcheck:
+      test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1"]
+      interval: 30s
+      timeout: 3s
+      retries: 3
+      start_period: 5s
+    
+    # Logging
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "3"
--- a/assets/Containerfile
+++ b/assets/Containerfile
@@ -0,0 +1,50 @@
+# OCI-compliant multi-stage build for Podman
+# Handles SELinux contexts and rootless operation
+
+FROM docker.io/library/golang:1.23-alpine AS builder
+
+RUN apk add --no-cache git ca-certificates tzdata
+
+WORKDIR /build
+
+COPY go.mod go.sum* ./
+RUN go mod download
+
+COPY . .
+
+# Build static binary with no CGO
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+  -ldflags='-w -s -extldflags "-static"' \
+  -a -installsuffix cgo \
+  -o argparse-builder \
+  .
+
+# Minimal runtime with proper labels
+FROM scratch
+
+LABEL maintainer="your-email@example.com" \
+  org.opencontainers.image.title="Argparse Builder" \
+  org.opencontainers.image.description="Interactive bash argument parser generator" \
+  org.opencontainers.image.version="1.0.0" \
+  org.opencontainers.image.authors="pynezz" \
+  org.opencontainers.image.url="https://git.pynezz.dev/pynezz/argparser" \
+  org.opencontainers.image.source="https://git.pynezz.dev/pynezz/argparser"
+
+# Copy certificates and timezone data
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+
+# Copy binary
+COPY --from=builder /build/argparse-builder /argparse-builder
+
+# Expose port
+EXPOSE 8080
+
+# Run as nobody user
+USER 65534:65534
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD ["/argparse-builder", "health"] || exit 1
+
+ENTRYPOINT ["/argparse-builder"]
--- a/assets/Containerfile.alpine
+++ b/assets/Containerfile.alpine
@@ -0,0 +1,41 @@
+# Alpine-based with shell for debugging
+# SELinux compatible, rootless ready
+
+FROM docker.io/library/golang:1.23-alpine AS builder
+
+RUN apk add --no-cache git ca-certificates
+
+WORKDIR /build
+
+COPY go.mod go.sum* ./
+RUN go mod download
+
+COPY . .
+
+RUN CGO_ENABLED=0 go build \
+  -ldflags='-w -s' \
+  -o argparse-builder \
+  .
+
+FROM docker.io/library/alpine:3.19
+
+LABEL maintainer="your-email@example.com" \
+  org.opencontainers.image.title="Argparse Builder (Alpine)" \
+  org.opencontainers.image.description="Interactive bash argument parser generator" \
+  org.opencontainers.image.version="1.0.0"
+
+RUN apk add --no-cache ca-certificates tzdata && \
+  adduser -D -u 1000 -h /app argparse
+
+WORKDIR /app
+
+COPY --from=builder --chown=argparse:argparse /build/argparse-builder .
+
+USER argparse
+
+EXPOSE 8080
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
+
+ENTRYPOINT ["/app/argparse-builder"]
--- a/assets/Dockerfile
+++ b/assets/Dockerfile
@@ -0,0 +1,48 @@
+# Multi-stage build for minimal final image
+FROM golang:1.23-alpine AS builder
+
+# Install build dependencies
+RUN apk add --no-cache git ca-certificates tzdata
+
+WORKDIR /build
+
+# Copy go mod files
+COPY go.mod go.sum* ./
+
+# Download dependencies (cached layer)
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build with optimizations
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
+    -ldflags='-w -s -extldflags "-static"' \
+    -a -installsuffix cgo \
+    -o argparse-builder \
+    .
+
+# Final stage - minimal image
+FROM scratch
+
+# Copy CA certificates for HTTPS (if needed)
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+
+# Copy timezone data
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+
+# Copy binary
+COPY --from=builder /build/argparse-builder /argparse-builder
+
+# Expose port
+EXPOSE 8080
+
+# Run as non-root (numeric UID for scratch)
+USER 65534:65534
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD ["/argparse-builder", "health"] || exit 1
+
+# Run the application
+ENTRYPOINT ["/argparse-builder"]
--- a/assets/Dockerfile.alpine
+++ b/assets/Dockerfile.alpine
@@ -0,0 +1,38 @@
+# Alpine-based image for debugging and shell access
+FROM golang:1.23-alpine AS builder
+
+RUN apk add --no-cache git ca-certificates
+
+WORKDIR /build
+
+COPY go.mod go.sum* ./
+RUN go mod download
+
+COPY . .
+
+RUN CGO_ENABLED=0 go build \
+  -ldflags='-w -s' \
+  -o argparse-builder \
+  .
+
+# Alpine base for shell access and debugging
+FROM alpine:3.19
+
+RUN apk add --no-cache ca-certificates tzdata && \
+  adduser -D -u 1000 argparse
+
+WORKDIR /app
+
+COPY --from=builder /build/argparse-builder .
+
+# Change ownership
+RUN chown argparse:argparse /app/argparse-builder
+
+USER argparse
+
+EXPOSE 8080
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:8080/ || exit 1
+
+ENTRYPOINT ["/app/argparse-builder"]