From 7a7bddcec0a83742af94dbe09ab5d995e460c12a Mon Sep 17 00:00:00 2001 From: Rosyya Date: Wed, 14 Aug 2024 17:11:08 +0800 Subject: [PATCH] add distroless dockerfile --- .github/workflows/docker-release.yml | 5 ++++- Dockerfile.distroless | 26 ++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 Dockerfile.distroless diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml index 9b29c5a..184d263 100644 --- a/.github/workflows/docker-release.yml +++ b/.github/workflows/docker-release.yml @@ -21,7 +21,8 @@ jobs: - name: Build image run: | - docker build -t "${IMAGE_NAME}:server-monitor" . + docker build . -f ./Dockerfile -t "${IMAGE_NAME}:server-monitor" + docker build . -f ./Dockerfile.distroless -t "${IMAGE_NAME}:server-monitor-distroless" - name: Login to GHCR uses: docker/login-action@v2 @@ -40,4 +41,6 @@ jobs: echo IMAGE_NAME=$IMAGE_NAME echo VERSION=$VERSION docker tag ${IMAGE_NAME}:server-monitor $IMAGE_NAME:$VERSION-server-monitor + docker tag ${IMAGE_NAME}:server-monitor-distroless $IMAGE_NAME:$VERSION-server-monitor-distroless docker push $IMAGE_NAME:$VERSION-server-monitor + docker push $IMAGE_NAME:$VERSION-server-monitor-distroless diff --git a/Dockerfile.distroless b/Dockerfile.distroless new file mode 100644 index 0000000..91ef2b8 --- /dev/null +++ b/Dockerfile.distroless @@ -0,0 +1,26 @@ +FROM golang:1.20-alpine AS builder + +RUN apk add --no-cache make git bash protoc + +ADD . /gnfd-qa-test-monitor + +ENV CGO_ENABLED=1 +ENV GO111MODULE=on +ENV EXT_LD_FLAGS=-static + +# For Private REPO +ARG GH_TOKEN="" +RUN go env -w GOPRIVATE="github.com/bnb-chain/*" +RUN git config --global url."https://${GH_TOKEN}@github.com".insteadOf "https://github.com" + +RUN apk add --no-cache gcc libstdc++-dev libc-dev + +RUN cd /gnfd-qa-test-monitor \ + && go build -o build/monitor main.go + +FROM gcr.io/distroless/base-debian11 + +USER nonroot:nonroot +WORKDIR /home/nonroot +COPY --from=builder --chown=nonroot:nonroot /gnfd-qa-test-monitor/build/monitor $WORKDIR +ENTRYPOINT ["./monitor"] \ No newline at end of file