File tree Expand file tree Collapse file tree 1 file changed +12
-11
lines changed Expand file tree Collapse file tree 1 file changed +12
-11
lines changed Original file line number Diff line number Diff line change @@ -15,23 +15,24 @@ RUN go mod download
1515
1616COPY ./pkg ./pkg
1717
18- RUN go build -o /waterfall ./pkg
19-
18+ # This runs a bit slower but guarantees that the binary does not rely on
19+ # the underlying C environment (e.g. as "static" as possible).
20+ RUN CGO_ENABLED=0 \
21+ GOOS=linux \
22+ GOARCH=amd64 \
23+ go build -o /waterfall ./pkg
2024
2125# #
2226# # Deploy
2327# #
24- FROM ubuntu:22.04
25-
26- RUN apt update \
27- && apt install -y --no-install-recommends \
28- dumb-init \
29- ca-certificates \
30- && rm -rf /var/lib/apt/lists/*
28+ FROM scratch
3129
3230WORKDIR /
3331
3432COPY --from=build /waterfall /usr/bin/waterfall
3533
36- ENTRYPOINT ["dumb-init" , "--" ]
37- CMD ["waterfall" ]
34+ # We need root certificates since we use HTTPS (TLS).
35+ # https://uzimihsr.github.io/post/2022-09-29-golang-scratch-trust-cert/#trust-the-certificate-in-a-scratch-image
36+ COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
37+
38+ ENTRYPOINT ["waterfall" ]
You can’t perform that action at this time.
0 commit comments