58 lines
1.6 KiB
Docker
58 lines
1.6 KiB
Docker
# Accept GOOS and GOARCH as build arguments
|
|
ARG GOOS=linux
|
|
ARG GOARCH=amd64
|
|
|
|
# Build stage
|
|
FROM golang:1-alpine AS builder
|
|
WORKDIR /app
|
|
COPY . .
|
|
RUN CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} go build -ldflags="-s -w" -o zurg cmd/zurg/main.go
|
|
|
|
# Obfuscation stage
|
|
FROM alpine:3 AS obfuscator
|
|
WORKDIR /app
|
|
COPY --from=builder /app/zurg .
|
|
# RUN apk add --no-cache upx
|
|
# RUN upx --brute zurg
|
|
# Create a health check script that extracts the port from the config file
|
|
RUN echo $'#!/bin/sh\n\
|
|
port=$(yaml read /app/config.yml port)\n\
|
|
nc -z localhost $port || exit 1' > /app/healthcheck.sh && \
|
|
chmod +x /app/healthcheck.sh
|
|
|
|
# Final stage
|
|
FROM alpine:3
|
|
WORKDIR /app
|
|
|
|
# Accept UID and GID as build arguments with default values
|
|
ARG UID=1000
|
|
ARG GID=1000
|
|
|
|
# Add a group with the specified GID
|
|
RUN addgroup -g ${GID} appgroup
|
|
|
|
# Add a user with the specified UID and add to the group
|
|
RUN adduser -u ${UID} -D -G appgroup appuser
|
|
|
|
# Change the ownership of the /app directory to the appuser
|
|
RUN chown -R appuser:appgroup /app
|
|
|
|
# Copy the obfuscated binary from the obfuscator stage
|
|
COPY --from=obfuscator /app/zurg .
|
|
COPY --from=obfuscator /app/healthcheck.sh .
|
|
|
|
# Copy the rest of the application files, including the config.yml
|
|
COPY config.yml.example /app/config.yml
|
|
|
|
# Install runtime dependencies and configure FUSE
|
|
RUN apk add --no-cache fuse3 netcat-openbsd yaml-cpp \
|
|
&& echo 'user_allow_other' >> /etc/fuse.conf
|
|
|
|
# Use the non-root user to run the application
|
|
USER appuser
|
|
|
|
# Use the script for the health check
|
|
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD /app/healthcheck.sh
|
|
|
|
ENTRYPOINT ["./zurg"]
|