Files
gadfly/Dockerfile
T
Steve Dudenhoeffer 6123604595
Build & push image / build-and-push (push) Successful in 58s
ci: auto build & push image on main (:latest) + v* tags
Mirror mort-ci.yml's build-and-push: BuildKit secrets (REGISTRY_USER/
REGISTRY_PASSWORD) for private majordomo access instead of build-args, and the
LAN --add-host so the builder can reach the registry. push main -> :latest +
:sha-<short>; tag v* -> :<tag> + :latest; other branches -> :branch-<safe>;
PRs build-only (no push). Optional DISCORD_WEBHOOK_URL notifications.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-25 18:45:48 -04:00

33 lines
1.2 KiB
Docker

# syntax=docker/dockerfile:1
#
# Multi-stage so the private-module credentials (used to fetch the majordomo
# dependency) live ONLY in the build stage via BuildKit secrets and never land
# in the final image. Mirrors mort's Dockerfile secret idiom.
FROM golang:1.26 AS build
ARG GIT_HOST=gitea.stevedudenhoeffer.com
ENV CGO_ENABLED=0 \
GOFLAGS=-mod=mod \
GOSUMDB=off \
GOTOOLCHAIN=auto
ENV GOPRIVATE=${GIT_HOST}/* GONOSUMDB=${GIT_HOST}/*
WORKDIR /src
COPY go.mod go.sum ./
RUN --mount=type=secret,id=REGISTRY_USER \
--mount=type=secret,id=REGISTRY_PASSWORD \
--mount=type=cache,target=/go/pkg/mod \
git config --global url."https://$(cat /run/secrets/REGISTRY_USER):$(cat /run/secrets/REGISTRY_PASSWORD)@${GIT_HOST}/".insteadOf "https://${GIT_HOST}/" \
&& go mod download
COPY . .
RUN --mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/go-build \
go build -trimpath -ldflags="-s -w" -o /out/gadfly ./cmd/gadfly
FROM alpine:3.20
RUN apk add --no-cache bash git curl jq ca-certificates
COPY --from=build /out/gadfly /usr/local/bin/gadfly
COPY scripts /app/scripts
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh /app/scripts/run.sh /usr/local/bin/gadfly
ENTRYPOINT ["/entrypoint.sh"]