hailey.at
1# Build stage
2FROM golang:1.25.4-alpine AS builder
3
4WORKDIR /build
5
6# Install build dependencies
7RUN apk add --no-cache git ca-certificates
8
9# Copy go mod files
10COPY go.mod go.sum ./
11RUN go mod download
12
13# Copy source code
14COPY . .
15
16# Build the binary
17RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -ldflags '-extldflags "-static"' -o /build/bin/atkafka ./cmd/atkafka
18
19# Runtime stage
20FROM alpine:latest
21
22# Install ca-certificates for HTTPS connections
23RUN apk --no-cache add ca-certificates
24
25WORKDIR /app
26
27# Create non-root user
28RUN addgroup -g 1000 atkafka && \
29 adduser -D -u 1000 -G atkafka atkafka
30
31# Copy binary from builder
32COPY --from=builder /build/bin/atkafka /app/atkafka
33
34# Change ownership
35RUN chown -R atkafka:atkafka /app
36
37# Switch to non-root user
38USER atkafka
39
40# Expose metrics port (default from bluesky-social/go-util)
41EXPOSE 2112
42
43ENTRYPOINT ["/app/atkafka"]