dndmachine/Dockerfile at master · SebastiaanPasterkamp/dndmachine · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
FROM --platform=${BUILDPLATFORM} cromrots/opa:0.53 as opa

COPY internal/policy/rego rego

RUN [ \
    "/opa", "build", \
    "--target", "wasm", \
    "--output", "/data/bundle.tar.gz", \
    "--ignore", "\\*_test.rego", \
    "--entrypoint", "authz/auth/allow", \
    "--entrypoint", "authz/character/allow", \
    "--entrypoint", "authz/pages/allow", \
    "--entrypoint", "authz/user/allow", \
    "rego" \
]

FROM --platform=${BUILDPLATFORM} node:17.9-stretch as frontend

WORKDIR /app

COPY ui/package.json ui/package-lock.json ./

RUN npm install

COPY ui .

RUN npm run build

COPY --from=opa /data/bundle.tar.gz .

RUN tar \
    --to-stdout \
    -xzf ./bundle.tar.gz \
    /policy.wasm \
    > build/policy.wasm

FROM --platform=${BUILDPLATFORM} golang:1.21 as backend

WORKDIR /build

ARG TARGETOS
ARG TARGETARCH

ENV CGO_ENABLED=0
ENV GO111MODULE=on
ENV GOFLAGS=-mod=vendor
ENV GOOS=${TARGETOS}
ENV GOARCH=${TARGETARCH}

ARG GIT_TAG
ARG GIT_COMMIT
ARG GIT_BRANCH

COPY go.mod go.sum ./
COPY vendor vendor
COPY cmd cmd
COPY internal internal

RUN BUILD_TIME=$(date -Iseconds) \
    go build \
    -o /app/dndmachine \
    -ldflags "\
        -s -w \
        -X 'github.com/SebastiaanPasterkamp/dndmachine/internal/build.Version=${GIT_TAG}' \
        -X 'github.com/SebastiaanPasterkamp/dndmachine/internal/build.Commit=${GIT_COMMIT}' \
        -X 'github.com/SebastiaanPasterkamp/dndmachine/internal/build.Branch=${GIT_BRANCH}' \
        -X 'github.com/SebastiaanPasterkamp/dndmachine/internal/build.Timestamp=${BUILD_TIME}' \
    " \
    cmd/dndmachine/main.go

FROM --platform=${BUILDPLATFORM} golang:1.21 AS security

ENV USER=dndmachine
ENV UID=1000
ENV GID=1000

RUN addgroup \
        --gid "$GID" \
        --system \
        $USER \
    && adduser \
        --system \
        --disabled-login \
        --gid "$UID" \
        --uid "$UID" \
        "$USER"

FROM scratch

EXPOSE 8080

WORKDIR /app

ENV DNDMACHINE_PUBLIC_PATH=/app/public

COPY --from=security /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=security /etc/passwd /etc/passwd

COPY LICENSE /app/
COPY schema/ /app/schema/

COPY --from=frontend /app/build/ /app/public/
COPY --from=backend /app/dndmachine /app/

ARG GIT_TAG
ARG GIT_COMMIT
ARG GIT_BRANCH

LABEL maintainer="dungeons.dragons.machine@gmail.com"
LABEL version=${GIT_TAG}
LABEL build.branch=${GIT_BRANCH}
LABEL build.sha=${GIT_COMMIT}

ENTRYPOINT [ "/app/dndmachine" ]

CMD ["serve"]