61 lines
No EOL
1.5 KiB
Docker
61 lines
No EOL
1.5 KiB
Docker
# Builder
|
|
FROM golang:alpine as builder
|
|
WORKDIR /app
|
|
|
|
# Install git + SSL ca certificates.
|
|
# Git is required for fetching the dependencies.
|
|
# Ca-certificates is required to call HTTPS endpoints.
|
|
RUN apk update && \
|
|
apk add --no-cache git ca-certificates && \
|
|
update-ca-certificates
|
|
|
|
# Create appuser.
|
|
ENV USER=appuser
|
|
ENV UID=10001
|
|
|
|
# See https://stackoverflow.com/a/55757473/12429735RUN
|
|
RUN adduser \
|
|
--disabled-password \
|
|
--gecos "" \
|
|
--home "/nonexistent" \
|
|
--shell "/sbin/nologin" \
|
|
--no-create-home \
|
|
--uid "${UID}" \
|
|
"${USER}"
|
|
|
|
# Add src files
|
|
ADD . .
|
|
|
|
# Fetch dependencies.
|
|
RUN go mod download
|
|
RUN go mod verify
|
|
|
|
# Build the binary.
|
|
RUN CGO_ENABLED=0 go build -a -installsuffix cgo -ldflags="-w -s" -o /go/bin/oidc-forward-auth
|
|
|
|
# Runner
|
|
FROM scratch
|
|
|
|
# Import the user and group files from the builder.
|
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
|
COPY --from=builder /etc/passwd /etc/passwd
|
|
COPY --from=builder /etc/group /etc/group
|
|
|
|
# Copy our static executable.
|
|
COPY --from=builder /go/bin/oidc-forward-auth /go/bin/oidc-forward-auth
|
|
|
|
# Use an unprivileged user.
|
|
USER appuser:appuser
|
|
|
|
# Set labels
|
|
# Now we DO need these, for the auto-labeling of the image
|
|
ARG BUILD_DATE
|
|
ARG VCS_REF
|
|
|
|
# Good docker practice
|
|
LABEL org.opencontainers.image.created=$BUILD_DATE \
|
|
org.opencontainers.image.authors="StiviiK" \
|
|
org.opencontainers.image.source="https://code.thetadev.de/ThetaDev/oidc-forward-auth" \
|
|
org.opencontainers.image.revision=$VCS_REF
|
|
|
|
ENTRYPOINT ["/go/bin/oidc-forward-auth"] |