-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDockerfile
51 lines (35 loc) · 1.75 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# ============================ Build Stage ============================
FROM --platform=$BUILDPLATFORM golang:1.22.3-alpine3.19 as build
LABEL org.opencontainers.image.source="https://github.com/bandprotocol/falcon"
RUN apk add --update --no-cache curl make git libc-dev bash gcc linux-headers eudev-dev
ARG TARGETARCH
ARG BUILDARCH
RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \
wget -c https://musl.cc/aarch64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr; \
elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then \
wget -c https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr; \
fi
# Set working directory inside the container
WORKDIR /app
ADD . .
RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \
export CC=aarch64-linux-musl-gcc CXX=aarch64-linux-musl-g++;\
elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then \
export CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++; \
fi; \
GOOS=linux GOARCH=$TARGETARCH CGO_ENABLED=1 LDFLAGS='-linkmode external -extldflags "-static"' make install
RUN if [ -d "/go/bin/linux_${TARGETARCH}" ]; then mv /go/bin/linux_${TARGETARCH}/* /go/bin/; fi
# ============================ Final Stage ============================
FROM alpine:3.19
RUN apk add --no-cache ca-certificates
# Set working directory inside the container
WORKDIR /app
# Create non-root user for security
RUN addgroup -S falcon && adduser -S falcon -G falcon
# Copy over binaries from the build
COPY --from=build /go/bin/falcon /usr/bin/falcon
# Set ownership for non-root user
RUN chown -R falcon:falcon /app
# Switch to non-root user
USER falcon
ENTRYPOINT ["falcon", "start"]