46 lines
1.3 KiB
Docker
46 lines
1.3 KiB
Docker
# Accept GOOS and GOARCH as build arguments
|
|
ARG GOOS=linux
|
|
ARG GOARCH=amd64
|
|
ARG BuiltAt
|
|
ARG GoVersion
|
|
ARG GitCommit
|
|
ARG Version
|
|
|
|
# Build stage
|
|
FROM golang:1-alpine AS builder
|
|
WORKDIR /app
|
|
COPY . .
|
|
RUN apk add --no-cache bash git go gcc musl-dev curl fuse
|
|
RUN go build -ldflags="-s -w -X 'main.BuiltAt=${BuiltAt}' -X 'main.GoVersion=${GoVersion}' -X 'main.GitCommit=${GitCommit}' -X 'main.Version=${Version}'" -o zurg cmd/zurg/main.go
|
|
|
|
# Obfuscation stage
|
|
FROM alpine:3 AS obfuscator
|
|
WORKDIR /app
|
|
COPY --from=builder /app/zurg .
|
|
# RUN apk add --no-cache upx
|
|
# RUN upx --brute zurg
|
|
# Create a health check script that extracts the port from the config file
|
|
RUN echo $'#!/bin/sh\n\
|
|
port=$(yaml read /app/config.yml port)\n\
|
|
nc -z localhost $port || exit 1' > /app/healthcheck.sh && \
|
|
chmod +x /app/healthcheck.sh
|
|
|
|
# Final stage
|
|
FROM alpine:3
|
|
WORKDIR /app
|
|
|
|
# Copy the obfuscated binary from the obfuscator stage
|
|
COPY --from=obfuscator /app/zurg .
|
|
COPY --from=obfuscator /app/healthcheck.sh .
|
|
|
|
# Copy the rest of the application files, including the config.yml
|
|
COPY config.example.yml /app/config.yml
|
|
|
|
# Install runtime dependencies and configure FUSE
|
|
RUN apk add --no-cache fuse3 netcat-openbsd yaml-cpp curl \
|
|
&& echo 'user_allow_other' >> /etc/fuse.conf
|
|
|
|
HEALTHCHECK --interval=60s --timeout=60s --start-period=10s --retries=10 CMD /app/healthcheck.sh
|
|
|
|
ENTRYPOINT ["./zurg"]
|