39 lines
988 B
Docker
39 lines
988 B
Docker
# ====== STAGE 1: build (Chainguard/Wolfi -> usa apk) ======
|
|
FROM cgr.dev/chainguard/go:latest AS builder
|
|
|
|
#RUN apk add --no-cache git ca-certificates
|
|
WORKDIR /src
|
|
|
|
# (consigliato: scarica mod prima per caching)
|
|
#COPY go.mod go.sum ./
|
|
#RUN go mod download
|
|
#RUN go mod vendor
|
|
|
|
COPY . .
|
|
RUN go mod tidy
|
|
RUN go mod vendor
|
|
ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
|
|
RUN go build -trimpath -ldflags="-s -w" -o /out/money ./...
|
|
|
|
# ====== STAGE 2: runtime (Debian da ECR Public) ======
|
|
FROM public.ecr.aws/docker/library/debian:bookworm-slim
|
|
|
|
RUN set -eux; \
|
|
apt-get update; \
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
|
|
ca-certificates tzdata bash curl git; \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# crea utente non-root (USER appuser ti falliva perché non esisteva)
|
|
RUN useradd -r -u 10001 -g root appuser
|
|
|
|
WORKDIR /app
|
|
COPY --from=builder /out/money /app/money
|
|
|
|
USER 10001
|
|
|
|
ENV DATA_DIR=/app/data \
|
|
STATE_DIR=/app/state
|
|
|
|
ENTRYPOINT ["/app/money"]
|