Optimized GO HTTP Server Dockerfile - Kubernetes, Private VCS Compatible

Dockerfile

# syntax = docker/dockerfile:1.0-experimental

FROM golang:1.22-alpine as BUILD

# ARG NETRCPASSWORD
# ENV NETRCPASSWORD "${NETRCPASSWORD}"
# ENV GOPRIVATE "github.com/example/*"

ENV GOOS "linux"
ENV GOVCS "*:all"
ENV CGO_ENABLED "0"

WORKDIR /

COPY . ./

# RUN echo "machine github.com" > ~/.netrc
# RUN echo "login Segmentational" >> ~/.netrc
# RUN echo "password ${NETRCPASSWORD}" >> ~/.netrc

RUN apk add --no-cache git

RUN go mod download && go build -ldflags "-s -w" -o /http-api

# --> Prevents shell access
RUN adduser -h "/dev/null" -g "" -s "/sbin/nologin" -D -H -u 10001 api-service-user

FROM scratch as RELEASE

WORKDIR /

COPY --from=BUILD /.env /.env
COPY --from=BUILD /etc/passwd /etc/passwd
COPY --from=BUILD /http-api /usr/local/bin/http-api
COPY --from=BUILD /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

USER api-service-user

CMD ["http-api"]

Ideal usage would mount a .netrc as a Docker Secret (for private build dependencies), and the .env as s Kubernetes Secret.