41 lines
809 B
Docker
41 lines
809 B
Docker
# Build stage
|
|
FROM golang:1.25.4-alpine AS builder
|
|
|
|
# Set working directory
|
|
WORKDIR /app
|
|
|
|
# Copy go mod files first for better caching
|
|
COPY go.mod go.sum ./
|
|
|
|
# Download dependencies
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build the application
|
|
# Static binary without CGO
|
|
RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags '-w -s' -o meshi .
|
|
|
|
# Runtime stage
|
|
FROM alpine:latest AS runtime
|
|
|
|
# Create non-root user for security
|
|
RUN addgroup -g 1000 -S appgroup && \
|
|
adduser -u 1000 -S appuser -G appgroup
|
|
|
|
# Set working directory
|
|
WORKDIR /app
|
|
|
|
# Copy binary from builder stage
|
|
COPY --from=builder /app/meshi .
|
|
|
|
# Create data directory and set permissions
|
|
RUN mkdir -p /app/data && \
|
|
chown -R appuser:appgroup /app
|
|
|
|
# Switch to non-root user
|
|
USER appuser
|
|
|
|
# Run the application
|
|
CMD ["./meshi"] |