From 862304ad31dda9e69771e765cca71775c77c48f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=B2=E6=82=A6?= Date: Wed, 13 Aug 2025 10:32:54 +0800 Subject: [PATCH] =?UTF-8?q?=E9=87=8D=E5=86=99=20Dockerfile?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index a845364..5d0edd9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,34 +1,40 @@ -# Stage 1: Build the Go binary +# Stage 1: Build the application +# Use a specific version of the golang alpine image for reproducibility FROM golang:1.22-alpine AS builder # Set the Current Working Directory inside the container WORKDIR /app -# Copy go mod and sum files -# COPY go.mod go.sum ./ -# RUN go mod download +# Copy go.mod and go.sum files to leverage Docker cache +COPY go.mod ./ +# The go.sum file is not present, but it's a good practice to copy it if it were. +# COPY go.sum ./ + +# Download all dependencies. Dependencies will be cached if the go.mod file is not changed +RUN go mod download # Copy the source code into the container -COPY main.go . +COPY . . -# Build the Go app -# CGO_ENABLED=0 is needed for a static build -# GOOS=linux is to specify the target OS -# -a installs all packages to be rebuilt -# -installsuffix cgo is used with CGO_ENABLED=0 -# -o main specifies the output file name -RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main . +# Build the Go application as a static binary +# -ldflags="-w -s" strips debug information, reducing the binary size +# CGO_ENABLED=0 is crucial for creating a static binary that can run in a minimal container like alpine +RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-w -s" -o /gemini-proxy . -# Stage 2: Create the final, minimal image +# Stage 2: Create the final, small image FROM alpine:latest -WORKDIR /root/ +# Create a non-root user and group for security +RUN addgroup -S appgroup && adduser -S appuser -G appgroup -# Copy the Pre-built binary file from the previous stage -COPY --from=builder /app/main . +# Copy the pre-built binary from the builder stage +COPY --from=builder /gemini-proxy /gemini-proxy -# Expose port 8080 to the outside world +# Expose port 8080, which the application listens on EXPOSE 8080 -# Command to run the executable -CMD ["./main"] \ No newline at end of file +# Switch to the non-root user +USER appuser + +# The command to run when the container starts +CMD ["/gemini-proxy"]