Dockerfile update

2025-10-27 14:52:33 +01:00 · 2025-10-27 14:52:33 +01:00 · e3fbf65ad6
parent 2ea97c1111
commit e3fbf65ad6
1 changed files with 22 additions and 25 deletions
--- a/47
+++ b/47
@ -1,41 +1,38 @@
-# ====== STAGE 1: build ======
-FROM golang:latest AS builder
-
-# Installa tool utili per mod e certs (git, ca)
-RUN apt install  git ca-certificates -y
+# ====== STAGE 1: build (Chainguard/Wolfi -> usa apk) ======
+FROM cgr.dev/chainguard/go:latest AS builder

+#RUN apk add --no-cache git ca-certificates
 WORKDIR /src

+# (consigliato: scarica mod prima per caching)
+#COPY go.mod go.sum ./
+#RUN go mod download
+#RUN go mod vendor
+
 COPY . .
-RUN go mod tidy ; go mod vendor
-
-
-# Compila binario statico e snello
-ENV CGO_ENABLED=0
+RUN go mod tidy
+RUN go mod vendor
+ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
 RUN go build -trimpath -ldflags="-s -w" -o /out/money ./...

-# ====== STAGE 2: runtime ======
-FROM alpine:3.20
+# ====== STAGE 2: runtime (Debian da ECR Public) ======
+FROM public.ecr.aws/docker/library/debian:bookworm-slim

-# Certificati TLS per HTTPS (Binance/THOR/Matrix) + tzdata opzionale
-RUN apk add --no-cache ca-certificates tzdata
+RUN set -eux; \
+    apt-get update; \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+      ca-certificates tzdata bash curl git; \
+    rm -rf /var/lib/apt/lists/*

-# Crea utente non-root
-RUN adduser -D -u 1001 appuser
+# crea utente non-root (USER appuser ti falliva perché non esisteva)
+RUN useradd -r -u 10001 -g root appuser

 WORKDIR /app
-
-# Directory dati persistenti (montabili come volume)
-RUN mkdir -p /app/data /app/state && chown -R appuser:appuser /app
-
-# Copia binario
 COPY --from=builder /out/money /app/money

-USER appuser
+USER 10001

-# Env di default (puoi sovrascriverle in compose)
 ENV DATA_DIR=/app/data \
    STATE_DIR=/app/state

-# Avvio demone
-CMD ["/app/money"]
+ENTRYPOINT ["/app/money"]