-
Notifications
You must be signed in to change notification settings - Fork 2
/
Dockerfile
89 lines (73 loc) · 2.6 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# See rocksdb/README.md for instructions to update rocksdb version
FROM ghcr.io/strangelove-ventures/rocksdb:v7.10.2 AS rocksdb
FROM --platform=$BUILDPLATFORM golang:1.23-alpine AS builder
RUN apk add --update --no-cache\
gcc\
libc-dev\
git\
make\
bash\
g++\
linux-headers\
perl\
snappy-dev\
zlib-dev\
bzip2-dev\
lz4-dev\
zstd-dev
ARG TARGETARCH
ARG BUILDARCH
RUN if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \
wget -c https://musl.cc/aarch64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr; \
elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then \
wget -c https://musl.cc/x86_64-linux-musl-cross.tgz -O - | tar -xzvv --strip-components 1 -C /usr; \
fi
RUN set -eux;\
if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then \
echo aarch64 > /etc/apk/arch;\
elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then \
echo x86_64 > /etc/apk/arch;\
fi;\
apk add --update --no-cache\
snappy-static\
zlib-static\
bzip2-static\
lz4-static\
zstd-static\
--allow-untrusted
# Install RocksDB headers and static library
COPY --from=rocksdb /rocksdb /rocksdb
WORKDIR /workspace
# Copy the Go Modules manifests
COPY go.mod go.mod
COPY go.sum go.sum
# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN go mod download
# Copy the go source
COPY *.go .
COPY internal/ internal/
ARG VERSION
RUN set -eux;\
if [ "${TARGETARCH}" = "arm64" ] && [ "${BUILDARCH}" != "arm64" ]; then\
export CC=aarch64-linux-musl-gcc CXX=aarch64-linux-musl-g++;\
elif [ "${TARGETARCH}" = "amd64" ] && [ "${BUILDARCH}" != "amd64" ]; then\
export CC=x86_64-linux-musl-gcc CXX=x86_64-linux-musl-g++;\
fi;\
export GOOS=linux \
GOARCH=$TARGETARCH \
CGO_ENABLED=1 \
LDFLAGS='-linkmode external -extldflags "-static"' \
CGO_CFLAGS="-I/rocksdb/include" \
CGO_LDFLAGS="-L/rocksdb -L/usr/lib -L/lib -lrocksdb -lstdc++ -lm -lz -lbz2 -lsnappy -llz4 -lzstd";\
go build -tags 'rocksdb pebbledb' -ldflags "$LDFLAGS" -a -o snapshot .
# Use alpine to source the latest CA certificates
FROM alpine:3 as alpine-3
# Build final image from scratch
FROM scratch
# Install trusted CA certificates
COPY --from=alpine-3 /etc/ssl/cert.pem /etc/ssl/cert.pem
WORKDIR /
USER 1025:1025
COPY --from=builder --chown=1025:1025 /workspace/snapshot .
ENTRYPOINT ["/snapshot"]