Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

*: optimize Dockerfile #3281

Merged
merged 6 commits into from
Oct 15, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 17 additions & 8 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,14 +1,18 @@
# Container for building Go binary.
FROM golang:1.23.2-bookworm AS builder
# Install dependencies
RUN apt-get update && apt-get install -y build-essential git
RUN apt-get update && apt-get install -y --no-install-recommends build-essential git

# Prep and copy source
WORKDIR /app/charon

COPY . .

# Populate GO_BUILD_FLAG with a build arg to provide an optional go build flag.
ARG GO_BUILD_FLAG
ENV GO_BUILD_FLAG=${GO_BUILD_FLAG}
RUN echo "Building with GO_BUILD_FLAG='${GO_BUILD_FLAG}'"

# Build with Go module and Go build caches.
RUN \
--mount=type=cache,target=/go/pkg \
Expand All @@ -18,30 +22,35 @@ RUN echo "Built charon version=$(./charon version)"

# Copy final binary into light stage.
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates wget fio
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates fio wget \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
ARG GITHUB_SHA=local
ENV GITHUB_SHA=${GITHUB_SHA}

COPY --from=builder /app/charon/charon /usr/local/bin/

# Don't run container as root
ENV USER=charon
ENV UID=1000
ENV GID=1000
RUN addgroup --gid "$GID" "$USER"
RUN adduser \
RUN addgroup --gid "$GID" "$USER" \
&& adduser \
--disabled-password \
--gecos "charon" \
--home "/opt/$USER" \
--ingroup "$USER" \
--no-create-home \
--uid "$UID" \
"$USER"
RUN chown charon /usr/local/bin/charon
RUN chmod u+x /usr/local/bin/charon
"$USER" \
&& chown "$USER" /usr/local/bin/charon \
&& chmod u+x /usr/local/bin/charon

WORKDIR "/opt/$USER"
RUN chown charon "/opt/$USER"
USER charon

ENTRYPOINT ["/usr/local/bin/charon"]
CMD ["run"]

# Used by GitHub to associate container with repo.
LABEL org.opencontainers.image.source="https://github.com/obolnetwork/charon"
LABEL org.opencontainers.image.title="charon"
Expand Down
Loading