mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2025-03-21 21:47:11 +02:00
3fc194ee72
"go mod download" does not depend on the VERSION env var, so moving the ARG directive after the RUN will allow better use of the Docker build cache - subsequent builds on the same machine need only re-run the "go mod download" if go.mod or go.sum has changed, rather than re-running it any time the VERSION value passed from the Makefile has changed Co-authored-by: Joel Speed <Joel.speed@hotmail.co.uk>
33 lines
1.1 KiB
Docker
33 lines
1.1 KiB
Docker
FROM golang:1.16-buster AS builder
|
|
|
|
# Copy sources
|
|
WORKDIR $GOPATH/src/github.com/oauth2-proxy/oauth2-proxy
|
|
|
|
# Fetch dependencies
|
|
COPY go.mod go.sum ./
|
|
RUN GO111MODULE=on go mod download
|
|
|
|
# Now pull in our code
|
|
COPY . .
|
|
|
|
ARG VERSION
|
|
|
|
# Build binary and make sure there is at least an empty key file.
|
|
# This is useful for GCP App Engine custom runtime builds, because
|
|
# you cannot use multiline variables in their app.yaml, so you have to
|
|
# build the key into the container and then tell it where it is
|
|
# by setting OAUTH2_PROXY_JWT_KEY_FILE=/etc/ssl/private/jwt_signing_key.pem
|
|
# in app.yaml instead.
|
|
RUN VERSION=${VERSION} make build && touch jwt_signing_key.pem
|
|
|
|
# Copy binary to alpine
|
|
FROM alpine:3.13
|
|
COPY nsswitch.conf /etc/nsswitch.conf
|
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
|
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/oauth2-proxy /bin/oauth2-proxy
|
|
COPY --from=builder /go/src/github.com/oauth2-proxy/oauth2-proxy/jwt_signing_key.pem /etc/ssl/private/jwt_signing_key.pem
|
|
|
|
USER 2000:2000
|
|
|
|
ENTRYPOINT ["/bin/oauth2-proxy"]
|