diff --git a/Dockerfile b/Dockerfile index 0ec4ee7..3b3d5c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # get golang container -FROM golang:1.22.1 +FROM golang:1.22.1 AS builder # get args ARG apiVersion=unknown @@ -21,23 +21,24 @@ RUN CGO_ENABLED=0 go build -ldflags="-w -s -X 'main.apiVersion=${apiVersion}'" - # get alpine container -FROM alpine:3.19.1 +FROM alpine:3.19.1 AS app -# create nonroot user -RUN addgroup -S nonroot \ - && adduser -S nonroot -G nonroot +# create workdir +WORKDIR /opt/app -# add ca-certificates +# add ca-certificates and tzdata RUN apk --no-cache add ca-certificates tzdata -# create workdir -WORKDIR /root/ +# create nonroot user and group +RUN addgroup -S nonroot && \ + adduser -S nonroot -G nonroot && \ + chown -R nonroot:nonroot . -# copy binary from first container -COPY --from=0 /go/src/app . +# set user to nonroot +USER nonroot:nonroot -# set user -USER nonroot +# copy binary from builder +COPY --from=builder --chown=nonroot:nonroot --chmod=544 /go/src/app . # expose port 8080 EXPOSE 8080