kwilczynski/Dockerfile

## Dockerfile
ARG go_version=1.17
ARG alpine_version=latest

FROM golang:${go_version}-alpine AS builder

ARG GOOS=linux
ARG GOARCH=amd64

ENV GOOS=${GOOS}
ENV GOARCH=${GOARCH}

ENV GOPATH ""
ENV GO111MODULE on
ENV CGO_ENABLED 0
ENV GOGC off

RUN set -eux && \
    mkdir -p /stage && \
    mkdir -p /build

RUN set -eux && \
    mkdir -p /config && \
    chown nobody:nogroup /config && \
    chmod 755 /config

WORKDIR /stage

COPY . ./

RUN set -eux && \
    cp -f go.mod go.sum /build && \
    cd ./dnscrypt-proxy && \
    tar -cf - . | (cd /build; tar -xf -)

WORKDIR /build

RUN set -eux && \
    apk --no-cache --update add ca-certificates

RUN set -eux && \
    echo "GOOS=${GOOS} GOARCH=${GOARCH}" && \
    go get -d -v && \
    go build \
        -ldflags '-extldflags "-static" -w -s' \
        -installsuffix 'static' \
        -a -o dnscrypt-proxy .

RUN set -eux && \
    chmod 755 dnscrypt-proxy

FROM scratch

ARG version=development

LABEL \
    org.label-schema.schema-version="1.0" \
    org.label-schema.name="dnscrypt-proxy" \
    org.label-schema.version="${version}" \
    org.label-schema.description="A flexible DNS proxy, with support for encrypted DNS protocols." \
    org.label-schema.license="ISC" \
    org.label-schema.url="https://github.com/DNSCrypt/dnscrypt-proxy" \
    org.label-schema.vcs-url="https://github.com/DNSCrypt/dnscrypt-proxy.git" \
    org.label-schema.vcs-type="Git" \
    org.label-schema.vendor="Frank Denis" \
    version="${version}" \
    maintainer="Krzysztof Wilczyński <kw@linux.com>" \
    license="Apache-2.0" \
    vendor="Open Source Software"

COPY --from=builder \
    /etc/passwd /etc/group /etc/

COPY --from=builder \
    /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

COPY --from=builder --chown=nobody:nogroup \
    /config /config

COPY --from=builder \
    /build/dnscrypt-proxy /dnscrypt-proxy

USER nobody

STOPSIGNAL SIGTERM

ENTRYPOINT [ "/dnscrypt-proxy" ]

CMD [ "-config", "/config/dnscrypt-proxy.toml" ]
	ARG go_version=1.17
	ARG alpine_version=latest

	FROM golang:${go_version}-alpine AS builder

	ARG GOOS=linux
	ARG GOARCH=amd64

	ENV GOOS=${GOOS}
	ENV GOARCH=${GOARCH}

	ENV GOPATH ""
	ENV GO111MODULE on
	ENV CGO_ENABLED 0
	ENV GOGC off

	RUN set -eux && \
	mkdir -p /stage && \
	mkdir -p /build

	RUN set -eux && \
	mkdir -p /config && \
	chown nobody:nogroup /config && \
	chmod 755 /config

	WORKDIR /stage

	COPY . ./

	RUN set -eux && \
	cp -f go.mod go.sum /build && \
	cd ./dnscrypt-proxy && \
	tar -cf - . \| (cd /build; tar -xf -)

	WORKDIR /build

	RUN set -eux && \
	apk --no-cache --update add ca-certificates

	RUN set -eux && \
	echo "GOOS=${GOOS} GOARCH=${GOARCH}" && \
	go get -d -v && \
	go build \
	-ldflags '-extldflags "-static" -w -s' \
	-installsuffix 'static' \
	-a -o dnscrypt-proxy .

	RUN set -eux && \
	chmod 755 dnscrypt-proxy

	FROM scratch

	ARG version=development

	LABEL \
	org.label-schema.schema-version="1.0" \
	org.label-schema.name="dnscrypt-proxy" \
	org.label-schema.version="${version}" \
	org.label-schema.description="A flexible DNS proxy, with support for encrypted DNS protocols." \
	org.label-schema.license="ISC" \
	org.label-schema.url="https://github.com/DNSCrypt/dnscrypt-proxy" \
	org.label-schema.vcs-url="https://github.com/DNSCrypt/dnscrypt-proxy.git" \
	org.label-schema.vcs-type="Git" \
	org.label-schema.vendor="Frank Denis" \
	version="${version}" \
	maintainer="Krzysztof Wilczyński <kw@linux.com>" \
	license="Apache-2.0" \
	vendor="Open Source Software"

	COPY --from=builder \
	/etc/passwd /etc/group /etc/

	COPY --from=builder \
	/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

	COPY --from=builder --chown=nobody:nogroup \
	/config /config

	COPY --from=builder \
	/build/dnscrypt-proxy /dnscrypt-proxy

	USER nobody

	STOPSIGNAL SIGTERM

	ENTRYPOINT [ "/dnscrypt-proxy" ]

	CMD [ "-config", "/config/dnscrypt-proxy.toml" ]