重写 Dockerfile

This commit is contained in:
史悦
2025-08-13 10:32:54 +08:00
parent 0563c4b4c3
commit 862304ad31

View File

@@ -1,34 +1,40 @@
# Stage 1: Build the Go binary # Stage 1: Build the application
# Use a specific version of the golang alpine image for reproducibility
FROM golang:1.22-alpine AS builder FROM golang:1.22-alpine AS builder
# Set the Current Working Directory inside the container # Set the Current Working Directory inside the container
WORKDIR /app WORKDIR /app
# Copy go mod and sum files # Copy go.mod and go.sum files to leverage Docker cache
# COPY go.mod go.sum ./ COPY go.mod ./
# RUN go mod download # The go.sum file is not present, but it's a good practice to copy it if it were.
# COPY go.sum ./
# Download all dependencies. Dependencies will be cached if the go.mod file is not changed
RUN go mod download
# Copy the source code into the container # Copy the source code into the container
COPY main.go . COPY . .
# Build the Go app # Build the Go application as a static binary
# CGO_ENABLED=0 is needed for a static build # -ldflags="-w -s" strips debug information, reducing the binary size
# GOOS=linux is to specify the target OS # CGO_ENABLED=0 is crucial for creating a static binary that can run in a minimal container like alpine
# -a installs all packages to be rebuilt RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-w -s" -o /gemini-proxy .
# -installsuffix cgo is used with CGO_ENABLED=0
# -o main specifies the output file name
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o main .
# Stage 2: Create the final, minimal image # Stage 2: Create the final, small image
FROM alpine:latest FROM alpine:latest
WORKDIR /root/ # Create a non-root user and group for security
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
# Copy the Pre-built binary file from the previous stage # Copy the pre-built binary from the builder stage
COPY --from=builder /app/main . COPY --from=builder /gemini-proxy /gemini-proxy
# Expose port 8080 to the outside world # Expose port 8080, which the application listens on
EXPOSE 8080 EXPOSE 8080
# Command to run the executable # Switch to the non-root user
CMD ["./main"] USER appuser
# The command to run when the container starts
CMD ["/gemini-proxy"]