11# Stage 1: Build the Next.js frontend
2- FROM node:18-alpine AS web-builder
3- WORKDIR /web
4- # Copy the Next.js project files into the image
5- COPY ./web/package.json ./web/package-lock.json ./
6- # Install dependencies
7- RUN npm ci
8- # Copy the rest of the Next.js project files
9- COPY ./web .
10- # Build the Next.js project
2+ FROM node:20-alpine AS web-builder
3+ RUN apk add --no-cache libc6-compat
4+ WORKDIR /app
5+ COPY web/package.json web/package-lock.json ./web/
6+ WORKDIR /app/web
7+ RUN npm ci && npm cache clean --force
8+ COPY web/ .
119RUN npm run build
1210
1311# Stage 2: Build the Go backend
14- FROM golang:alpine AS builder
12+ FROM golang:1.23-alpine AS go-builder
13+ RUN apk add --no-cache ca-certificates tzdata
1514ARG VERSION
16- WORKDIR /godns
17- ADD . .
18- # Copy the Next.js build from the previous stage
19- COPY --from=web-builder /web/out ./web/out
15+ ARG TARGETOS
16+ ARG TARGETARCH
17+ WORKDIR /app
18+ COPY go.mod go.sum ./
19+ RUN go mod download && go mod verify
20+ COPY cmd/ ./cmd/
21+ COPY internal/ ./internal/
22+ COPY pkg/ ./pkg/
23+ COPY --from=web-builder /app/web/out ./web/out
2024RUN go generate ./...
21- RUN CGO_ENABLED=0 go build -ldflags "-X main.Version=${VERSION}" -o godns cmd/godns/godns.go
25+ RUN CGO_ENABLED=0 \
26+ GOOS=${TARGETOS} \
27+ GOARCH=${TARGETARCH} \
28+ go build \
29+ -ldflags="-w -s -X main.Version=${VERSION}" \
30+ -a -installsuffix cgo \
31+ -o godns \
32+ ./cmd/godns
2233
23- # Final stage: Copy the Go binary into a distroless image
24- FROM gcr.io/distroless/base
25- COPY --from=builder /godns/godns /godns
26- ENTRYPOINT ["/godns" ]
34+ # Final stage: Minimal runtime image
35+ FROM --platform=$TARGETOS/$TARGETARCH gcr.io/distroless/static-debian12:nonroot
36+ COPY --from=go-builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
37+ COPY --from=go-builder /usr/share/zoneinfo /usr/share/zoneinfo
38+ COPY --from=go-builder /app/godns /usr/local/bin/godns
39+ USER nonroot:nonroot
40+ ENTRYPOINT ["/usr/local/bin/godns" ]
0 commit comments