51 lines
1.4 KiB
Docker
51 lines
1.4 KiB
Docker
# OCI-compliant multi-stage build for Podman
|
|
# Handles SELinux contexts and rootless operation
|
|
|
|
FROM docker.io/library/golang:1.23-alpine AS builder
|
|
|
|
RUN apk add --no-cache git ca-certificates tzdata
|
|
|
|
WORKDIR /build
|
|
|
|
COPY go.mod go.sum* ./
|
|
RUN go mod download
|
|
|
|
COPY . .
|
|
|
|
# Build static binary with no CGO
|
|
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
|
|
-ldflags='-w -s -extldflags "-static"' \
|
|
-a -installsuffix cgo \
|
|
-o argparse-builder \
|
|
.
|
|
|
|
# Minimal runtime with proper labels
|
|
FROM scratch
|
|
|
|
LABEL maintainer="your-email@example.com" \
|
|
org.opencontainers.image.title="Argparse Builder" \
|
|
org.opencontainers.image.description="Interactive bash argument parser generator" \
|
|
org.opencontainers.image.version="1.0.0" \
|
|
org.opencontainers.image.authors="pynezz" \
|
|
org.opencontainers.image.url="https://git.pynezz.dev/pynezz/argparser" \
|
|
org.opencontainers.image.source="https://git.pynezz.dev/pynezz/argparser"
|
|
|
|
# Copy certificates and timezone data
|
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
|
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
|
|
|
|
# Copy binary
|
|
COPY --from=builder /build/argparse-builder /argparse-builder
|
|
|
|
# Expose port
|
|
EXPOSE 8080
|
|
|
|
# Run as nobody user
|
|
USER 65534:65534
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
|
|
CMD ["/argparse-builder", "health"] || exit 1
|
|
|
|
ENTRYPOINT ["/argparse-builder"]
|