-
Notifications
You must be signed in to change notification settings - Fork 3
/
Dockerfile
26 lines (22 loc) · 1014 Bytes
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
FROM golang:latest as builder
ADD ./api /go/src/apigee-opa-callout/api
ADD ./cmd/server /go/src/apigee-opa-callout/cmd/server
ADD ./pkg /go/src/apigee-opa-callout/pkg
ADD go.mod /go/src/apigee-opa-callout
ADD go.sum /go/src/apigee-opa-callout
WORKDIR /go/src/apigee-opa-callout
RUN groupadd -r -g 20000 app && useradd -M -u 20001 -g 0 -r -c "Default app user" app && chown -R 20001:0 /go
ENV GO111MODULE=on
RUN go mod download
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -a -ldflags='-s -w -extldflags "-static"' -o /go/bin/apigee-opa-callout /go/src/apigee-opa-callout/cmd/server/main.go
#without these certificates, we cannot verify the JWT token
FROM alpine:latest as certs
RUN apk --update add ca-certificates
FROM scratch
WORKDIR /
COPY --from=builder /go/bin/apigee-opa-callout .
COPY --from=builder /etc/passwd /etc/group /etc/shadow /etc/
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
USER 20001
EXPOSE 50051
ENTRYPOINT ["/apigee-opa-callout"]