forked from iotaledger/hornet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.goreleaser
36 lines (31 loc) · 1.65 KB
/
Dockerfile.goreleaser
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# ---[ alpine image with glibc (needed for the CGO build) ]---
FROM frolvlad/alpine-glibc:alpine-3.10_glibc-2.30
WORKDIR /app
ARG ARCH=amd64
ENV TARGET_ARCH=${ARCH:+-$ARCH} \
TINI_VERSION=v0.18.0
# Tini is excellent: https://github.com/krallin/tini#why-tini
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static${TARGET_ARCH} /tini
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini-static${TARGET_ARCH}.asc /tini.asc
COPY ["hornet", "/app/"]
RUN apk --no-cache add ca-certificates gnupg\
&& addgroup --gid 39999 hornet\
&& adduser -h /app -s /bin/sh -G hornet -u 39999 -D hornet\
&& chmod +x /tini /app/hornet\
&& chown hornet:hornet -R /app\
&& for server in $(shuf -e ha.pool.sks-keyservers.net \
hkp://p80.pool.sks-keyservers.net:80 \
keyserver.ubuntu.com \
hkp://keyserver.ubuntu.com:80 \
keyserver.pgp.com \
pgp.mit.edu); do \
timeout -s 15 5 gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \
done; \
gpg --batch --verify /tini.asc /tini
# Not exposing ports, as it might be more efficient to run this on host network because of performance gain.
# | Host mode networking can be useful to optimize performance, and in situations where a container needs
# | to handle a large range of ports, as it does not require network address translation (NAT), and no
# | “userland-proxy” is created for each port.
# Source: https://docs.docker.com/network/host/
USER hornet:hornet
ENTRYPOINT ["/tini", "--", "/app/hornet"]