-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
39 lines (27 loc) · 813 Bytes
/
Dockerfile
File metadata and controls
39 lines (27 loc) · 813 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# Build stage
FROM golang:1.25.9 AS builder
# Set non-root user for build
RUN useradd -u 10001 -m builder
USER builder
ENV GOOS=linux
ENV CGO_ENABLED=0
WORKDIR /app
# Copy source code
COPY --chown=builder:builder . .
# Build the application
RUN make build
# Runtime stage
FROM gcr.io/distroless/static-debian12:nonroot
# Security labels
LABEL \
org.opencontainers.image.title="promgithub" \
org.opencontainers.image.description="GitHub webhook handler for Prometheus metrics" \
org.opencontainers.image.vendor="darthfork" \
security.non-root="true" \
security.no-shell="true"
# Use distroless nonroot user (uid=65532, gid=65532)
USER nonroot:nonroot
WORKDIR /app
COPY --from=builder --chown=nonroot:nonroot /app/build/promgithub /app/promgithub
EXPOSE 8080
CMD ["/app/promgithub"]