Created
October 16, 2020 08:08
-
-
Save eloylp/254ab0adede6041e218133d2ecc4fd94 to your computer and use it in GitHub Desktop.
Optmized Dockerfile for golang projects
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM golang:1.15.3 AS build | |
| WORKDIR /src | |
| COPY . . | |
| # Dont run your programs as root. | |
| RUN useradd -u 10001 nonprivuser | |
| # CGO_ENABLED=0 -Disable CGO to discard CGO stuff and completely use pure Go net stack. | |
| # -trimpath -Skip your local paths in error stacktraces, take only from the root of the repo. | |
| # -ldflags="-s -w" -Skip debugging symbol table (DWARF tables) from the binary. About ~25 % less of weight. | |
| # -tags timetzdata -Add tzdata for be docker image indepent. Around ~800KB more size. | |
| RUN CGO_ENABLED=0 go build -trimpath -ldflags="-s -w" -tags timetzdata -o my-binary | |
| | |
| FROM scratch | |
| # Copy CA certificates from build image. | |
| COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ | |
| # Copy users table from build image | |
| COPY --from=build /etc/passwd /etc/passwd | |
| # Copy binary build image | |
| COPY --from=build /src/my-binary /app/my-binary | |
| | |
| EXPOSE 8080 | |
| USER nonprivuser | |
| WORKDIR /app | |
| CMD ["./my-binary"] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment