feat(docker): create slim and distrib Docker image

.github/workflows/docker.yml

@@ -33,10 +33,20 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN  }}      
       
-      - name: Build and push Docker image
+      - name: Build and push Docker image (slim)
         uses: docker/build-push-action@v2
         with:
           context: .
+          target: slim
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+      
+      - name: Build and push Docker image (distrib)
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          target: distrib
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}-distrib
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -1,7 +1,7 @@
 #########################################
 # Build stage
 #########################################
-FROM golang:1.17 AS builder
+FROM golang:1.18 AS builder
 
 # Repository location
 ARG REPOSITORY=github.com/ncarlier
@@ -21,7 +21,7 @@ RUN make
 #########################################
 # Distribution stage
 #########################################
-FROM docker:dind
+FROM alpine:latest AS slim
 
 # Repository location
 ARG REPOSITORY=github.com/ncarlier
@@ -29,30 +29,76 @@ ARG REPOSITORY=github.com/ncarlier
 # Artifact name
 ARG ARTIFACT=webhookd
 
-# Docker Compose version
+# User
-ARG COMPOSE_VERSION=1.25.4
+ARG USER=webhookd
+ARG UID=1000
 
-# Fix lib dep
+# Create non-root user
-#RUN mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "$(pwd)" \
+    --no-create-home \
+    --uid "$UID" \
+    "$USER"
 
 # Install deps
-RUN apk add --no-cache git openssh-client jq bash curl
+RUN apk add --no-cache bash gcompat
+
+# Install binary
+COPY --from=builder /go/src/$REPOSITORY/$ARTIFACT/release/$ARTIFACT /usr/local/bin/$ARTIFACT
+
+VOLUME [ "/scripts" ]
+
+EXPOSE 8080
+
+USER $USER
+
+CMD [ "webhookd" ]
+
+#########################################
+# Distribution stage with some tooling
+#########################################
+FROM alpinelinux/docker-cli:latest AS distrib
+
+# Repository location
+ARG REPOSITORY=github.com/ncarlier
+
+# Artifact name
+ARG ARTIFACT=webhookd
+
+# User
+ARG USER=webhookd
+ARG UID=1000
+
+# Create non-root user
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "$(pwd)" \
+    --no-create-home \
+    --uid "$UID" \
+    "$USER"
+
+# Install deps
+RUN apk add --no-cache bash gcompat git openssh-client curl jq
 
 # Install docker-compose
-RUN curl -L "https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/run.sh" \
+RUN curl -L --fail https://raw.githubusercontent.com/linuxserver/docker-docker-compose/master/run.sh \
      -o /usr/local/bin/docker-compose && \
      chmod +x /usr/local/bin/docker-compose
 
-# Create folder structure
+# Install binary and entrypoint
-RUN mkdir -p /var/opt/webhookd/scripts /var/opt/webhookd/work
-
-# Install binary and default scripts
 COPY --from=builder /go/src/$REPOSITORY/$ARTIFACT/release/$ARTIFACT /usr/local/bin/$ARTIFACT
-COPY --from=builder /go/src/$REPOSITORY/$ARTIFACT/scripts /var/opt/webhookd/scripts
 COPY docker-entrypoint.sh /
 
 # Define entrypoint
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-# Define command
+VOLUME [ "/scripts" ]
-CMD webhookd
+
+EXPOSE 8080
+
+USER $USER
+
+CMD [ "webhookd" ]

Makefile

@@ -65,7 +65,7 @@ install: release/$(EXECUTABLE)
 ## Create Docker image
 image:
 	echo "Building Docker image ..."
-	docker build --rm -t ncarlier/$(APPNAME) .
+	docker build --rm --target slim -t ncarlier/$(APPNAME) .
 .PHONY: image
 
 ## Generate changelog