48 lines
1.4 KiB
Docker
48 lines
1.4 KiB
Docker
## Multi-stage build for TodoWindy
|
|
## Builder
|
|
FROM --platform=$BUILDPLATFORM golang:1.24-bookworm AS builder
|
|
WORKDIR /src
|
|
|
|
COPY go.mod go.sum ./
|
|
RUN --mount=type=cache,target=/go/pkg/mod go mod download
|
|
|
|
COPY . .
|
|
ARG TARGETOS TARGETARCH
|
|
ENV CGO_ENABLED=0
|
|
RUN --mount=type=cache,target=/go/pkg/mod \
|
|
--mount=type=cache,target=/root/.cache/go-build \
|
|
GOOS=$TARGETOS GOARCH=$TARGETARCH \
|
|
go build -trimpath -buildvcs=false -ldflags "-s -w" -o /out/todowindy-server ./cmd/server
|
|
|
|
# 运行时阶段可保持不变;可选更严谨:
|
|
# FROM --platform=$TARGETPLATFORM debian:bookworm-slim
|
|
|
|
## Runtime
|
|
FROM debian:bookworm-slim
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
ca-certificates tzdata curl && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /app
|
|
COPY --from=builder /out/todowindy-server /app/todowindy-server
|
|
|
|
# Create unprivileged user and writable data dir (for SQLite)
|
|
RUN useradd -r -u 10001 -g root appuser && \
|
|
mkdir -p /app/data && chown -R appuser:root /app
|
|
|
|
# Reasonable defaults; allow override by docker-compose or env-file
|
|
ENV TZ=UTC \
|
|
TW_ADDR=:8080 \
|
|
GIN_MODE=release \
|
|
TW_DB_PATH=/app/data/todowindy.db
|
|
|
|
VOLUME ["/app/data"]
|
|
EXPOSE 8080
|
|
|
|
# Basic liveness check against /healthz
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD curl -fsS http://127.0.0.1:8080/healthz || exit 1
|
|
|
|
USER appuser
|
|
ENTRYPOINT ["/app/todowindy-server"]
|