-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathDockerfile
146 lines (119 loc) · 4.2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# Build a tiny image of 20 MB including the static website:
#
# export DOCKER_BUILDKIT=1
# docker build -t quid .
# podman build -t quid .
# buildah build -t quid .
#
# Run in prod as a daemon (-d)
#
# docker run --rm -d -p 0.0.0.0:8090:8090 -e POSTGRES_PASSWORD=myDBpwd --name quid quid -env
# podman run --rm -d -p 0.0.0.0:8090:8090 -e POSTGRES_PASSWORD=myDBpwd --name quid quid -env
#
# Run in dev. mode with local PostgreSQL
#
# docker run --rm --network=host --name quid quid -dev
# podman run --rm --network=host --name quid quid -dev
# Arguments with default values to run Quid as unprivileged.
#
# Set arguments at build time:
#
# docker build --build-arg uid=1122 --build-arg gid=0 .
#
ARG uid=6606
ARG gid=6606
# --------------------------------------------------------------------
FROM docker.io/node:22-alpine AS ui-builder
WORKDIR /code
COPY ui/package.json \
ui/yarn.lock ./
RUN set -ex ;\
node --version ;\
npm install
COPY ui/index.html \
ui/postcss.config.js \
ui/tailwind.config.js \
ui/tsconfig.json \
ui/vite.config.ts ./
COPY ui/public public
COPY ui/src src
RUN set -ex ;\
ls -lShA ;\
npm run build
# --------------------------------------------------------------------
FROM docker.io/golang:1.22-alpine AS go-builder
WORKDIR /code
COPY go.mod go.sum ./
RUN set -ex ;\
ls -lShA ;\
go version ;\
go mod download ;\
go mod verify
COPY cmd cmd
COPY crypt crypt
COPY server server
COPY tokens tokens
# Go build flags "-s -w" removes all debug symbols: https://pkg.go.dev/cmd/link
# GOAMD64=v3 --> https://github.com/golang/go/wiki/MinimumRequirements#amd64
RUN set -ex ;\
ls -lShA ;\
CGO_ENABLED=0 \
GOFLAGS="-trimpath -modcacherw" \
GOLDFLAGS="-d -s -w -extldflags=-static" \
GOAMD64=v3 \
GOEXPERIMENT=newinliner \
go build -a -tags osusergo,netgo -installsuffix netgo ./cmd/quid ;\
ls -sh quid ;\
./quid -help # smoke test
# --------------------------------------------------------------------
FROM docker.io/golang:1.22-alpine AS integrator
WORKDIR /target
ARG uid
ARG gid
# Copy HTTPS root certificates (adds about 200 KB)
# and create user & group files.
RUN set -ex ;\
mkdir -p etc/ssl/certs ;\
cp /etc/ssl/certs/ca-certificates.crt etc/ssl/certs ;\
echo 'quid:x:${uid}:${gid}::/:' > etc/passwd ;\
echo 'quid:x:${gid}:' > etc/group
# Copy the static website and backend executable.
COPY --from=ui-builder /code/dist ui/dist
COPY --from=go-builder /code/quid .
# --------------------------------------------------------------------
FROM scratch AS final
# Run as unprivileged.
ARG uid gid
USER "${uid}:${gid}"
# In this tiny image, put only the static website,
# the executable "quid", the SSL certificates,
# the "passwd" and "group" files. No shell commands.
COPY --chown="${uid}:${gid}" --from=integrator /target /
# QUID_ADMIN_* and QUID_KEY are used to initialize the Database.
ARG QUID_ADMIN_USR=quid-admin
ARG QUID_ADMIN_PWD=quid-admin-password
ARG QUID_KEY=95c14b86ac89362e8246661bd2c05c3b
ARG POSTGRES_USER=pguser
ARG POSTGRES_PASSWORD=myDBpwd
ARG POSTGRES_DB=quid
ARG DB_HOST=db
ARG DB_PORT=5432
ARG DB_URL=
# Default timezone is UTC.
ENV TZ=UTC0
ENV QUID_ADMIN_USR=$QUID_ADMIN_USR
ENV QUID_ADMIN_PWD=$QUID_ADMIN_PWD
ENV QUID_KEY=$QUID_KEY
ENV POSTGRES_USER=$POSTGRES_USER
ENV POSTGRES_PASSWORD=$POSTGRES_PASSWORD
ENV POSTGRES_DB=$POSTGRES_DB
ENV PORT=8090
ENV DB_HOST=$DB_HOST
ENV DB_PORT=$DB_PORT
ENV DB_URL=$DB_URL
# PORT is the web+API port exposed outside of the container.
EXPOSE ${PORT}
# The default command to run the container.
ENTRYPOINT ["/quid"]
# Default argument(s) appended to ENTRYPOINT.
CMD [""]