Spaces:
Sleeping
Sleeping
Commit ·
59e094b
1
Parent(s): 9e17fe1
Deploy files from GitHub repository
Browse files- Dockerfile +20 -46
Dockerfile
CHANGED
|
@@ -1,54 +1,28 @@
|
|
| 1 |
-
#
|
| 2 |
-
|
|
|
|
|
|
|
| 3 |
|
| 4 |
-
# Tambahkan user non-root untuk keamanan (optional tapi best practice)
|
| 5 |
-
RUN useradd -m -u 1001 appuser
|
| 6 |
-
|
| 7 |
-
# Set working directory
|
| 8 |
WORKDIR /app
|
| 9 |
|
| 10 |
-
# Copy go.mod dan go.sum
|
| 11 |
COPY go.mod go.sum ./
|
| 12 |
-
|
| 13 |
-
# Download dependencies
|
| 14 |
RUN go mod download
|
| 15 |
|
| 16 |
-
# Copy seluruh kode
|
| 17 |
COPY . .
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 18 |
|
| 19 |
-
|
| 20 |
-
RUN --mount=type=secret,id=DB_HOST,mode=0444 \
|
| 21 |
-
--mount=type=secret,id=DB_USER,mode=0444 \
|
| 22 |
-
--mount=type=secret,id=DB_PASSWORD,mode=0444 \
|
| 23 |
-
--mount=type=secret,id=DB_PORT,mode=0444 \
|
| 24 |
-
--mount=type=secret,id=DB_NAME,mode=0444 \
|
| 25 |
-
--mount=type=secret,id=SUPABASE_URL,mode=0444 \
|
| 26 |
-
--mount=type=secret,id=SUPABASE_SERVICE_KEY,mode=0444 \
|
| 27 |
-
--mount=type=secret,id=SUPABASE_BUCKET_NAME,mode=0444 \
|
| 28 |
-
--mount=type=secret,id=JWT_SECRET_KEY,mode=0444 \
|
| 29 |
-
--mount=type=secret,id=SALT,mode=0444 \
|
| 30 |
-
sh -c '\
|
| 31 |
-
echo "DB_HOST=$(cat /run/secrets/DB_HOST)" >> .env && \
|
| 32 |
-
echo "DB_USER=$(cat /run/secrets/DB_USER)" >> .env && \
|
| 33 |
-
echo "DB_PASSWORD=$(cat /run/secrets/DB_PASSWORD)" >> .env && \
|
| 34 |
-
echo "DB_PORT=$(cat /run/secrets/DB_PORT)" >> .env && \
|
| 35 |
-
echo "DB_NAME=$(cat /run/secrets/DB_NAME)" >> .env && \
|
| 36 |
-
echo "SUPABASE_URL=$(cat /run/secrets/SUPABASE_URL)" >> .env && \
|
| 37 |
-
echo "SUPABASE_SERVICE_KEY=$(cat /run/secrets/SUPABASE_SERVICE_KEY)" >> .env && \
|
| 38 |
-
echo "SUPABASE_BUCKET_NAME=$(cat /run/secrets/SUPABASE_BUCKET_NAME)" >> .env && \
|
| 39 |
-
echo "JWT_SECRET_KEY=$(cat /run/secrets/JWT_SECRET_KEY)" >> .env && \
|
| 40 |
-
echo "SALT=$(cat /run/secrets/SALT)" >> .env \
|
| 41 |
-
'
|
| 42 |
-
|
| 43 |
-
# Buat direktori audio dan logs, beri izin dan kepemilikan ke appuser
|
| 44 |
-
RUN mkdir -p /app/images /app/logs /app/audio && \
|
| 45 |
-
chmod -R 777 /app/images /app/logs /app/audio && \
|
| 46 |
-
chown -R appuser:appuser /app/images /app/logs /app/audio
|
| 47 |
-
|
| 48 |
-
# Build aplikasi
|
| 49 |
-
RUN go build -o main .
|
| 50 |
-
|
| 51 |
-
USER appuser
|
| 52 |
-
|
| 53 |
-
# Jalankan aplikasi
|
| 54 |
-
CMD ["./main"]
|
|
|
|
| 1 |
+
# =====================
|
| 2 |
+
# BUILD STAGE
|
| 3 |
+
# =====================
|
| 4 |
+
FROM golang:1.25.4 AS builder
|
| 5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 6 |
WORKDIR /app
|
| 7 |
|
|
|
|
| 8 |
COPY go.mod go.sum ./
|
|
|
|
|
|
|
| 9 |
RUN go mod download
|
| 10 |
|
|
|
|
| 11 |
COPY . .
|
| 12 |
+
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o app
|
| 13 |
+
|
| 14 |
+
# =====================
|
| 15 |
+
# RUNTIME STAGE
|
| 16 |
+
# =====================
|
| 17 |
+
FROM gcr.io/distroless/base-debian12
|
| 18 |
+
|
| 19 |
+
WORKDIR /app
|
| 20 |
+
|
| 21 |
+
COPY --from=builder /app/app /app/app
|
| 22 |
+
|
| 23 |
+
# Non-root user
|
| 24 |
+
USER nonroot:nonroot
|
| 25 |
+
|
| 26 |
+
EXPOSE 8080
|
| 27 |
|
| 28 |
+
CMD ["/app/app"]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|