39 lines
1.1 KiB
Docker
39 lines
1.1 KiB
Docker
# 阶段1:编译 Go 二进制
|
||
FROM golang:1.22-alpine AS builder
|
||
ENV CGO_ENABLED=0 GOOS=linux GOARCH=amd64
|
||
WORKDIR /build
|
||
COPY go.mod go.sum ./
|
||
RUN go mod download
|
||
COPY . .
|
||
RUN go build -ldflags="-s -w" -o heritage ./main.go
|
||
|
||
# 阶段2:运行镜像(使用你的私有 Alpine 镜像)
|
||
FROM harbor.ks.easyj.top/zt/alpine:0.1
|
||
# 安装必要依赖(时区、健康检查)
|
||
RUN apk add --no-cache tzdata curl
|
||
# 创建非 root 用户
|
||
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
|
||
|
||
# 环境变量(仅保留非敏感默认值,敏感值运行时传入)
|
||
ENV APP_DIR=/app \
|
||
MYSQL_MAXLIFETIME=1 \
|
||
MYSQL_MAXIDLECONNS=2 \
|
||
MYSQL_MAXOPENCONNS=50 \
|
||
MYSQL_INIT=true \
|
||
GIN_MODE=release \
|
||
REDIS_DB=1 \
|
||
LOGLEVEL=debug \
|
||
TZ=Asia/Shanghai
|
||
|
||
WORKDIR ${APP_DIR}
|
||
# 从编译阶段复制二进制文件
|
||
COPY --from=builder /build/heritage ${APP_DIR}/
|
||
RUN chmod +x heritage && chown -R appuser:appgroup ${APP_DIR}
|
||
|
||
# 暴露端口 + 健康检查
|
||
EXPOSE 8080
|
||
HEALTHCHECK --interval=30s --timeout=5s --retries=3 CMD curl -f http://localhost:8080/health || exit 1
|
||
|
||
# 切换非 root 用户运行
|
||
USER appuser
|
||
CMD ["./heritage"] |