35 lines
752 B
Docker
35 lines
752 B
Docker
# Build stage
|
|
FROM golang:1.25-alpine AS builder
|
|
|
|
WORKDIR /app
|
|
|
|
# Install ca-certificates for HTTPS
|
|
RUN apk add --no-cache ca-certificates git
|
|
|
|
ENV GOPRIVATE=git.daviestechlabs.io
|
|
ENV GONOSUMCHECK=git.daviestechlabs.io
|
|
|
|
# Copy go mod files
|
|
COPY go.mod go.sum ./
|
|
RUN --mount=type=secret,id=netrc,target=/root/.netrc go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build static binary
|
|
RUN CGO_ENABLED=0 GOOS=linux GOAMD64=v3 go build -ldflags="-w -s" -o /tts-module .
|
|
|
|
# Runtime stage - scratch for minimal image
|
|
FROM scratch
|
|
|
|
# Copy CA certificates for HTTPS
|
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
|
|
|
# Copy binary
|
|
COPY --from=builder /tts-module /tts-module
|
|
|
|
# Run as non-root
|
|
USER 65534:65534
|
|
|
|
ENTRYPOINT ["/tts-module"]
|