# Stage 1: Build the application # Use a specific version of the golang alpine image for reproducibility FROM golang:1.22-alpine AS builder # Set the Current Working Directory inside the container WORKDIR /app # Copy go.mod and go.sum files to leverage Docker cache COPY go.mod ./ # The go.sum file is not present, but it's a good practice to copy it if it were. # COPY go.sum ./ # Download all dependencies. Dependencies will be cached if the go.mod file is not changed RUN go mod download # Copy the source code into the container COPY . . # Build the Go application as a static binary # -ldflags="-w -s" strips debug information, reducing the binary size # CGO_ENABLED=0 is crucial for creating a static binary that can run in a minimal container like alpine RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-w -s" -o /gemini-proxy . # Stage 2: Create the final, small image FROM alpine:latest # Create a non-root user and group for security RUN addgroup -S appgroup && adduser -S appuser -G appgroup # Copy the pre-built binary from the builder stage COPY --from=builder /gemini-proxy /gemini-proxy # Expose port 8080, which the application listens on EXPOSE 8080 # Switch to the non-root user USER appuser # The command to run when the container starts CMD ["/gemini-proxy"]