stackman/Dockerfile at master · SomeBlackMagic/stackman · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# syntax=docker/dockerfile:1.8
# check=error=true

FROM --platform=$BUILDPLATFORM golang:1.24-alpine AS build

ENV CGO_ENABLED=0 \
    GOMODCACHE=/go/pkg/mod \
    GOCACHE=/root/.cache/go-build \
    GOTOOLCHAIN=local \
    TZ=UTC \
    SOURCE_DATE_EPOCH=0

WORKDIR /workspace

# warm up module cache
COPY go.mod go.sum ./
RUN \
    --mount=type=cache,target=/go/pkg/mod \
    --mount=type=cache,target=/root/.cache/go-build \
    go mod download

# copy sources
COPY . .


# target parameters for cross-compilation
ARG TARGETOS
ARG TARGETARCH
ARG VERSION
ARG REVISION

# build the binary
RUN --mount=type=cache,target=/go/pkg/mod \
    --mount=type=cache,target=/root/.cache/go-build \
    GOOS=${TARGETOS:-$(go env GOOS)} \
    GOARCH=${TARGETARCH:-$(go env GOARCH)} \
    go build \
      -v \
      -o /workspace/stackman \
      -trimpath \
      -mod=readonly \
      -buildvcs=false \
      -tags netgo,osusergo,timetzdata \
      -pgo=auto \
      -ldflags "-s -w -buildid= \
                -extldflags '-static' \
                -X 'main.version=${VERSION}' \
                -X 'main.revision=${REVISION}'" \
      .

# minimal runtime image
FROM busybox

COPY --from=curlimages/curl:8.7.1 /usr/bin/curl /usr/bin/curl

# copy the binary (read/execute permissions are enough)
COPY --from=build --chmod=0555 /workspace/stackman /usr/local/bin/stackman

# run as non-root (65532 = nobody in most base images)
USER 65532:65532

CMD ["/usr/local/bin/stackman"]