diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..6833fbe --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +cache +compose.yaml +*.json +LICENSE +*.md +services diff --git a/.gitignore b/.gitignore index b52ba21..63ca398 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ **/cache +**/compose.yaml **/config.json **/skunkyart **/skunkyart-* diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..fdc1919 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,23 @@ +ARG GO_VERSION=1.18 + +FROM --platform=$BUILDPLATFORM golang:${GO_VERSION} AS build +ARG TARGETOS +ARG TARGETARCH + +WORKDIR /build +COPY . . +RUN CGO_ENABLED=0 GOARCH=${TARGETARCH} GOOS=${TARGETOS} go build -ldflags "-s -w -extldflags '-static'" && \ + echo "skunkyart:x:10000:10000:SkunkyArt user:/:/sbin/nologin" > /etc/minimal-passwd && \ + echo "skunkyart:x:10000:" > /etc/minimal-group + +FROM scratch + +COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=build /build/static /static +COPY --from=build /build/skunkyart /skunkyart +COPY --from=build /etc/minimal-passwd /etc/passwd +COPY --from=build /etc/minimal-group /etc/group + +USER skunkyart + +ENTRYPOINT ["/skunkyart"] diff --git a/compose.example.yaml b/compose.example.yaml new file mode 100644 index 0000000..5eead70 --- /dev/null +++ b/compose.example.yaml @@ -0,0 +1,12 @@ +services: + skunkyart: + container_name: skunkyart + restart: unless-stopped + build: . + ports: + - "127.0.0.1:3003:3003" + security_opt: + - no-new-privileges:true + volumes: + - ./config.json:/config.json:ro + - ./cache:/cache # Ensure cache folder has a 10000:10000 ownership.