Use multi-stage builds to create the image

NeowayLabs · Sep 7, 2019 · 94f6e5d · 94f6e5d
1 parent 65fc9e1
commit 94f6e5d
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 22 deletions.
diff --git a/gootstrap.go b/gootstrap.go
@@ -29,7 +29,6 @@ func CreateProject(cfg Config, rootdir string) error {
 		"README.md":                        template.Readme,
 		"Makefile":                         template.Makefile,
 		"Dockerfile":                       template.Dockerfile,
-		"hack/Dockerfile":                  template.DockerfileDev,
 		"hack/githooks/pre-commit":         template.GitHookPreCommit,
 		".gitignore":                       template.GitIgnore,
 		".dockerignore":                    template.DockerIgnore,

diff --git a/template/dockerfile.go b/template/dockerfile.go
@@ -1,44 +1,60 @@
 package template
 
-const DockerfileDev = `FROM golang:{{.GoVersion}}-stretch
+const Dockerfile = `# ---------------------------------------------------------------------
+#  The first stage container, for image base
+# ---------------------------------------------------------------------
+FROM golang:{{.GoVersion}}-stretch as base
 
 ENV GOLANG_CI_LINT_VERSION=v{{.CILintVersion}}
 
 RUN cd /usr && \
     wget -O - -q https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s ${GOLANG_CI_LINT_VERSION}
 
-ARG USER
 ARG USER_ID
 ARG GROUP_ID
 
-RUN groupadd -f -g ${GROUP_ID} ${USER} && \
-    useradd -m -g ${GROUP_ID} -u ${USER_ID} ${USER} || echo "user already exists"
+RUN groupadd -f -g ${GROUP_ID} appuser && \
+    useradd -m -g ${GROUP_ID} -u ${USER_ID} appuser || echo "user already exists"
 
 USER ${USER_ID}:${GROUP_ID}
 
 WORKDIR /app
-`
 
-const Dockerfile = `FROM alpine:{{.AlpineVersion}} as base
+# ---------------------------------------------------------------------
+#  The second stage container, for building the application
+# ---------------------------------------------------------------------
+FROM base AS builder
+
+RUN apt-get update && \
+    apt-get dist-upgrade -y && \
+    apt-get install -y --no-install-recommends ca-certificates tzdata && \
+	update-ca-certificates
+
+RUN adduser --disabled-password --gecos '' appuser
+
+WORKDIR $GOPATH/src/{{.Module}}
+
+COPY . .
 
-RUN apk --no-cache update && \
-    apk --no-cache add ca-certificates tzdata && \
-    rm -rf /var/cache/apk/*
+RUN go mod download
 
-RUN adduser -D -g '' appuser
+ARG VERSION
 
-COPY ./cmd/{{.Project}}/{{.Project}} /app/{{.Project}}
+RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-w -s -X main.Version=${VERSION}" -o /go/bin/{{.Project}} ./cmd/{{.Project}}
 
+# ---------------------------------------------------------------------
+#  The third stage container, for running the application
+# --------------------------------------------------------------------
 FROM scratch
 
-COPY --from=base /usr/share/zoneinfo /usr/share/zoneinfo
-COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=base /etc/passwd /etc/passwd
-COPY --from=base /etc/group /etc/group
-COPY --from=base /app/{{.Project}} /app/{{.Project}}
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+COPY --from=builder /go/bin/{{.Project}} /bin/{{.Project}}
 
 # Use an unprivileged user.
 USER appuser
 
-ENTRYPOINT ["/app/{{.Project}}"]
+ENTRYPOINT ["/bin/{{.Project}}"]
 `
diff --git a/template/makefile.go b/template/makefile.go
@@ -5,7 +5,7 @@ img = {{.DockerImg}}:$(version)
 imgdev = {{.DockerImg}}dev:$(version)
 uid=$(shell id -u $$USER)
 gid=$(shell id -g $$USER)
-dockerbuilduser=--build-arg USER_ID=$(uid) --build-arg GROUP_ID=$(gid) --build-arg USER
+dockerbuilduser=--build-arg USER_ID=$(uid) --build-arg GROUP_ID=$(gid)
 wd=$(shell pwd)
 modcachedir=$(wd)/.gomodcachedir
 cachevol=$(modcachedir):/go/pkg/mod
@@ -28,11 +28,11 @@ guard-%:
 modcache:
 	@mkdir -p $(modcachedir)
 
-image: build
-	docker build . -t $(img)
+image:
+	docker build . -t $(img) --build-arg VERSION=$(version)
 
 imagedev:
-	docker build . -t $(imgdev) -f ./hack/Dockerfile $(dockerbuilduser)
+	docker build . --target base -t $(imgdev) $(dockerbuilduser)
 
 release: guard-version publish
 	git tag -a $(version) -m "Generated release "$(version)