-
Notifications
You must be signed in to change notification settings - Fork 1
/
Dockerfile
45 lines (42 loc) · 1.48 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#Vulnerabilties
#FROM golang:onbuild
#FROM golang
#FROM golang:alpine
#RUN mkdir -p /hello
#WORKDIR /hello
#ADD . /hello
#RUN go build ./hello.go
#CMD ["./hello"]
# Passes corporate policy for running as non-root. Contains vulnerabilites and is much too large
FROM golang:alpine
RUN addgroup -S lusers && adduser -h /home/luser1 -S -G lusers luser1
#FROM golang
#RUN groupadd -r lusers && useradd -m -r -g lusers luser1 #from golang
USER luser1
RUN mkdir -p /home/luser1/hello
RUN chown -R luser1:lusers /home/luser1/hello
# CMD ["cd /home/luser1/hello"]
WORKDIR /home/luser1/hello
ADD . /home/luser1/hello
RUN go build /home/luser1/hello/hello.go
CMD ["/home/luser1/hello/hello"]
# multi-stage docker build via the Dockerfile reduces image size and vulnerabilities,
#FROM golang:alpine AS build-env
#RUN groupadd -r lusers && useradd -m -r -g lusers luser1
#RUN addgroup -S lusers && adduser -h /home/luser1 -S -G lusers luser1
#USER luser1
#RUN mkdir -p /home/luser1/hello
#RUN chown -R luser1:lusers /home/luser1/hello
#WORKDIR /home/luser1/hello
#ADD . /home/luser1/hello
#RUN go build /home/luser1/hello/hello.go
#final stage
#FROM alpine
#RUN addgroup -S lusers && adduser -h /home/luser1 -S -G lusers luser1
#USER luser1
#RUN mkdir -p /home/luser1/hello
#RUN chown -R luser1:lusers /home/luser1/hello
#WORKDIR /home/luser1/hello
#COPY --from=build-env /home/luser1/hello /home/luser1/hello
# RUN cd /home/luser1/hello
#CMD /home/luser1/hello/hello