重写 Dockerfile
This commit is contained in:
44
Dockerfile
44
Dockerfile
@@ -1,34 +1,40 @@
|
|||||||
# Stage 1: Build the Go binary
|
# Stage 1: Build the application
|
||||||
|
# Use a specific version of the golang alpine image for reproducibility
|
||||||
FROM golang:1.22-alpine AS builder
|
FROM golang:1.22-alpine AS builder
|
||||||
|
|
||||||
# Set the Current Working Directory inside the container
|
# Set the Current Working Directory inside the container
|
||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
# Copy go mod and sum files
|
# Copy go.mod and go.sum files to leverage Docker cache
|
||||||
# COPY go.mod go.sum ./
|
COPY go.mod ./
|
||||||
# RUN go mod download
|
# The go.sum file is not present, but it's a good practice to copy it if it were.
|
||||||
|
# COPY go.sum ./
|
||||||
|
|
||||||
|
# Download all dependencies. Dependencies will be cached if the go.mod file is not changed
|
||||||
|
RUN go mod download
|
||||||
|
|
||||||
# Copy the source code into the container
|
# Copy the source code into the container
|
||||||
COPY main.go .
|
COPY . .
|
||||||
|
|
||||||
# Build the Go app
|
# Build the Go application as a static binary
|
||||||
# CGO_ENABLED=0 is needed for a static build
|
# -ldflags="-w -s" strips debug information, reducing the binary size
|
||||||
# GOOS=linux is to specify the target OS
|
# CGO_ENABLED=0 is crucial for creating a static binary that can run in a minimal container like alpine
|
||||||
# -a installs all packages to be rebuilt
|
RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-w -s" -o /gemini-proxy .
|
||||||
# -installsuffix cgo is used with CGO_ENABLED=0
|
|
||||||
# -o main specifies the output file name
|
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main .
|
|
||||||
|
|
||||||
# Stage 2: Create the final, minimal image
|
# Stage 2: Create the final, small image
|
||||||
FROM alpine:latest
|
FROM alpine:latest
|
||||||
|
|
||||||
WORKDIR /root/
|
# Create a non-root user and group for security
|
||||||
|
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
|
||||||
|
|
||||||
# Copy the Pre-built binary file from the previous stage
|
# Copy the pre-built binary from the builder stage
|
||||||
COPY --from=builder /app/main .
|
COPY --from=builder /gemini-proxy /gemini-proxy
|
||||||
|
|
||||||
# Expose port 8080 to the outside world
|
# Expose port 8080, which the application listens on
|
||||||
EXPOSE 8080
|
EXPOSE 8080
|
||||||
|
|
||||||
# Command to run the executable
|
# Switch to the non-root user
|
||||||
CMD ["./main"]
|
USER appuser
|
||||||
|
|
||||||
|
# The command to run when the container starts
|
||||||
|
CMD ["/gemini-proxy"]
|
||||||
|
|||||||
Reference in New Issue
Block a user