htmx-playground/container/Containerfile

# Written and tested using podman version 5.2.5

# See 'man 5 containerfile' for more info
# Alternatively, https://docs.docker.com/reference/dockerfile/#overview

# Builds the server in an isolated stage
FROM docker.io/golang:alpine as go

# Get some common dependencies
# NOTE: that 'gcompat' might be required in the runner stage image
# as well for glibc compatibility (sqlite3 is a notable example)
RUN apk add gcompat
RUN apk add gcc
RUN apk add musl-dev
RUN apk add sqlite

# Set working directory
WORKDIR /build

# go.mod, go.sum e.t.c. are copied first to leverage caching
ADD go.* .

# Get the dependencies
RUN go mod download

# Add the source code, where . is relative to the container build
# context (usually defined directly in the build command)
ADD . .

RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -o ./server ./*.go

# Strip the binary for a smaller image, optional
RUN strip ./server

# The final stage for building a minimal image
FROM docker.io/alpine:latest as runner

# Add a non-root user and group to facilitate dropping
# privileges inside the container
RUN adduser -D nonroot
RUN addgroup nonroot nonroot

# Set working directory and make user 'nonroot' the owner
WORKDIR /app
RUN chown nonroot:nonroot /app

# Copy the server binary
COPY --from=go /build/server server

# Expose port 8080
# NOTE: Reserved ports (0-1023) require root privileges
EXPOSE 8080

# Drop privileges
USER nonroot:nonroot

ENV CONTAINER true

# Run the server
CMD ["./server"]
Containerfile, Justfile targets for container building and control, as well as version information 2024-10-21 07:03:51 +02:00			`# Written and tested using podman version 5.2.5`

			`# See 'man 5 containerfile' for more info`
			`# Alternatively, https://docs.docker.com/reference/dockerfile/#overview`

			`# Builds the server in an isolated stage`
			`FROM docker.io/golang:alpine as go`

			`# Get some common dependencies`
			`# NOTE: that 'gcompat' might be required in the runner stage image`
			`# as well for glibc compatibility (sqlite3 is a notable example)`
			`RUN apk add gcompat`
			`RUN apk add gcc`
			`RUN apk add musl-dev`
			`RUN apk add sqlite`

			`# Set working directory`
			`WORKDIR /build`

			`# go.mod, go.sum e.t.c. are copied first to leverage caching`
			`ADD go.* .`

			`# Get the dependencies`
			`RUN go mod download`

			`# Add the source code, where . is relative to the container build`
			`# context (usually defined directly in the build command)`
			`ADD . .`

			`RUN CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -o ./server ./*.go`

			`# Strip the binary for a smaller image, optional`
			`RUN strip ./server`

			`# The final stage for building a minimal image`
			`FROM docker.io/alpine:latest as runner`

			`# Add a non-root user and group to facilitate dropping`
			`# privileges inside the container`
			`RUN adduser -D nonroot`
			`RUN addgroup nonroot nonroot`

			`# Set working directory and make user 'nonroot' the owner`
			`WORKDIR /app`
			`RUN chown nonroot:nonroot /app`

			`# Copy the server binary`
			`COPY --from=go /build/server server`

			`# Expose port 8080`
			`# NOTE: Reserved ports (0-1023) require root privileges`
			`EXPOSE 8080`

			`# Drop privileges`
			`USER nonroot:nonroot`

			`ENV CONTAINER true`

			`# Run the server`
			`CMD ["./server"]`