From 89b4d3f4e6c0dc59e6853bd08c219b9e7fc9e401 Mon Sep 17 00:00:00 2001 From: skidoodle Date: Thu, 22 Jan 2026 04:37:33 +0100 Subject: [PATCH] chore: use scratch Signed-off-by: skidoodle --- Dockerfile | 40 ++++++++++++++++++++-------------------- Dockerfile.release | 30 ++++++++++++++++++------------ 2 files changed, 38 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index 551436b..eb6d10a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ -FROM --platform=$BUILDPLATFORM golang:1.25.6 AS builder - -WORKDIR /app +FROM --platform=$BUILDPLATFORM golang:1.25.6-alpine AS builder +WORKDIR /src COPY go.mod go.sum ./ RUN go mod download @@ -15,28 +14,29 @@ RUN --mount=type=cache,target=/root/.cache/go-build \ CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build \ -ldflags="-s -w -X github.com/skidoodle/safebin/internal/app.Version=$VERSION" \ -trimpath \ - -o /app/safebin . + -o /bin/safebin . -FROM debian:trixie-slim +FROM alpine:latest AS sys-context +RUN apk add --no-cache ca-certificates mailcap +RUN echo "appuser:x:10001:10001:appuser:/:/sbin/nologin" > /etc/passwd_app \ + && echo "appuser:x:10001:appuser" > /etc/group_app +RUN mkdir -p /app/storage -LABEL org.opencontainers.image.source="https://github.com/skidoodle/safebin" -LABEL org.opencontainers.image.description="Minimalist, self-hosted file storage with Zero-Knowledge at Rest encryption." -LABEL org.opencontainers.image.licenses="GPL-2.0-only" +FROM scratch +COPY --from=sys-context /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=sys-context /etc/mime.types /etc/mime.types +COPY --from=sys-context /etc/passwd_app /etc/passwd +COPY --from=sys-context /etc/group_app /etc/group +COPY --from=builder /bin/safebin /app/safebin +COPY --from=sys-context --chown=10001:10001 /app/storage /app/storage -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates \ - media-types \ - && rm -rf /var/lib/apt/lists/* - -RUN useradd -m -u 10001 -s /bin/bash appuser WORKDIR /app - -COPY --from=builder /app/safebin . - -RUN mkdir -p /app/storage && chown 10001:10001 /app/storage -VOLUME ["/app/storage"] - USER 10001 +VOLUME ["/app/storage"] EXPOSE 8080 +ENV SAFEBIN_HOST=0.0.0.0 \ + SAFEBIN_PORT=8080 \ + SAFEBIN_STORAGE=/app/storage + ENTRYPOINT ["/app/safebin"] diff --git a/Dockerfile.release b/Dockerfile.release index 3f61504..5be983b 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -1,19 +1,25 @@ -FROM debian:trixie-slim +FROM alpine:latest AS sys-context +RUN apk add --no-cache ca-certificates mailcap +RUN echo "appuser:x:10001:10001:appuser:/:/sbin/nologin" > /etc/passwd_app \ + && echo "appuser:x:10001:appuser" > /etc/group_app +RUN mkdir -p /app/storage -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates \ - media-types \ - && rm -rf /var/lib/apt/lists/* +FROM scratch +COPY --from=sys-context /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=sys-context /etc/mime.types /etc/mime.types +COPY --from=sys-context /etc/passwd_app /etc/passwd +COPY --from=sys-context /etc/group_app /etc/group + +COPY safebin /app/safebin +COPY --from=sys-context --chown=10001:10001 /app/storage /app/storage -RUN useradd -m -u 10001 -s /bin/bash appuser WORKDIR /app - -COPY safebin . - -RUN mkdir -p /app/storage && chown 10001:10001 /app/storage -VOLUME ["/app/storage"] - USER 10001 +VOLUME ["/app/storage"] EXPOSE 8080 +ENV SAFEBIN_HOST=0.0.0.0 \ + SAFEBIN_PORT=8080 \ + SAFEBIN_STORAGE=/app/storage + ENTRYPOINT ["/app/safebin"]