-
-
Notifications
You must be signed in to change notification settings - Fork 274
Expand file tree
/
Copy pathDockerfile
More file actions
68 lines (52 loc) · 2.84 KB
/
Dockerfile
File metadata and controls
68 lines (52 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
FROM --platform=$BUILDPLATFORM golang:alpine AS build-env
WORKDIR /src
RUN apk add --no-cache ca-certificates tzdata && update-ca-certificates
COPY ./go.mod ./go.sum ./
RUN go mod download
COPY . .
ARG TARGETOS
ARG TARGETARCH
RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 GOEXPERIMENT=jsonv2 go build -ldflags "-s -w" -v -o wakapi main.go
# Need a statically linked healthcheck binary because we can't use curl in a distroless image in a straightforward way
RUN GOOS=$TARGETOS GOARCH=$TARGETARCH CGO_ENABLED=0 go build -ldflags "-s -w" -v -o healthcheck scripts/healthcheck.go
WORKDIR /staging
RUN mkdir ./data ./app && \
cp /src/wakapi app/ && \
cp /src/healthcheck app/ && \
cp /src/config.default.yml app/config.yml && \
sed -i 's/listen_ipv6: ::1/listen_ipv6: "-"/g' app/config.yml
# Run Stage
# When running the application using `docker run`, you can pass environment variables
# to override config values using `-e` syntax.
# Available options can be found in [README.md#-configuration](README.md#-configuration)
# Note on the distroless image:
# we could use `base:nonroot`, which already includes ca-certificates and tz, but that one it actually larger than alpine,
# probably because of glibc, whereas alpine uses musl. The `static:nonroot`, doesn't include any libc implementation, because only meant for true static binaries without cgo, etc.
FROM gcr.io/distroless/static:nonroot
WORKDIR /app
# See README.md and config.default.yml for all config options
ENV ENVIRONMENT=prod \
WAKAPI_DB_TYPE=sqlite3 \
WAKAPI_DB_USER='' \
WAKAPI_DB_PASSWORD='' \
WAKAPI_DB_HOST='' \
WAKAPI_DB_NAME=/data/wakapi.db \
WAKAPI_PASSWORD_SALT='' \
WAKAPI_LISTEN_IPV4='0.0.0.0' \
WAKAPI_INSECURE_COOKIES='true' \
WAKAPI_ALLOW_SIGNUP='true'
COPY --from=build-env --chown=nonroot:nonroot --chmod=0444 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=build-env --chown=nonroot:nonroot --chmod=0444 /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=build-env --chown=nonroot:nonroot /staging/app /app
COPY --from=build-env --chown=nonroot:nonroot /staging/data /data
LABEL org.opencontainers.image.url="https://github.com/muety/wakapi" \
org.opencontainers.image.documentation="https://github.com/muety/wakapi" \
org.opencontainers.image.source="https://github.com/muety/wakapi" \
org.opencontainers.image.title="Wakapi" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.description="A minimalist, self-hosted WakaTime-compatible backend for coding statistics"
USER nonroot
EXPOSE 3000
# For long-running migrations, you might want to override `---health-start-period` as part of `docker run` or disable healthchecks entirely with `--no-healtcheck`
HEALTHCHECK --interval=60s --timeout=3s --start-period=120s --retries=3 CMD ["/app/healthcheck"]
ENTRYPOINT ["/app/wakapi"]