From bb31d712e1dae96d1897b8396e5bbe9fb81cf6f2 Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Wed, 8 Jan 2020 20:18:11 -0500 Subject: [PATCH] Refactor image builds This change introduces multi-stage image builds where it uses the upstream Golang image to build the project and then places it in an empty, scratch container to run it inside. This increases the security of the container significantly due to the fact that you don't have an operating system alongside it that you need to keep up to date. It also drives the size of the image down. This does introduce a small behaviour change in that you must manually setup your arguments and you no longer automatically have the configuration file auto-detected, but it's probably better for users to explicitly configure things rather than have it implicitly happen. --- Dockerfile | 18 ++++++++---------- Dockerfile.arm64 | 14 +++++++------- Dockerfile.armhf | 18 ++++++++---------- Makefile | 2 +- scripts/build-armhf.sh | 15 --------------- scripts/build.sh | 15 --------------- scripts/start.sh | 12 ------------ 7 files changed, 24 insertions(+), 70 deletions(-) delete mode 100755 scripts/build-armhf.sh delete mode 100755 scripts/build.sh delete mode 100755 scripts/start.sh diff --git a/Dockerfile b/Dockerfile index 3afb9dea..84a61fc2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,8 @@ -FROM debian:9.9-slim - -EXPOSE 9436 - -COPY scripts/start.sh /app/ -COPY dist/mikrotik-exporter_linux_amd64 /app/mikrotik-exporter - -RUN chmod 755 /app/* - -ENTRYPOINT ["/app/start.sh"] \ No newline at end of file +FROM golang:1.13 AS builder +WORKDIR /go/src/app +COPY . . +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build + +FROM scratch +COPY --from=builder /go/src/app/mikrotik-exporter /mikrotik-exporter +ENTRYPOINT ["/mikrotik-exporter"] \ No newline at end of file diff --git a/Dockerfile.arm64 b/Dockerfile.arm64 index ce959d01..b5e9f72c 100644 --- a/Dockerfile.arm64 +++ b/Dockerfile.arm64 @@ -1,8 +1,8 @@ -FROM arm64v8/busybox:1.31.0 +FROM golang:1.13 AS builder +WORKDIR /go/src/app +COPY . . +RUN CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -EXPOSE 9090 - -COPY scripts/start.sh /app/ -COPY dist/mikrotik-exporter_linux_arm64 /app/mikrotik-exporter - -ENTRYPOINT ["/app/start.sh"] +FROM scratch +COPY --from=builder /go/src/app/mikrotik-exporter /mikrotik-exporter +ENTRYPOINT ["/mikrotik-exporter"] \ No newline at end of file diff --git a/Dockerfile.armhf b/Dockerfile.armhf index 242c5cab..efb5272b 100644 --- a/Dockerfile.armhf +++ b/Dockerfile.armhf @@ -1,10 +1,8 @@ -FROM arm32v7/busybox:1.27.2 - -EXPOSE 9090 - -COPY scripts/start.sh /app/ -COPY dist/mikrotik-exporter_linux_arm /app/mikrotik-exporter - -RUN chmod 755 /app/* - -ENTRYPOINT ["/app/start.sh"] \ No newline at end of file +FROM golang:1.13 AS builder +WORKDIR /go/src/app +COPY . . +RUN CGO_ENABLED=0 GOOS=linux GOARCH=arm go build + +FROM scratch +COPY --from=builder /go/src/app/mikrotik-exporter /mikrotik-exporter +ENTRYPOINT ["/mikrotik-exporter"] \ No newline at end of file diff --git a/Makefile b/Makefile index 669e304e..58c4417b 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ deploy: utils CGO_ENABLED=0 gox -os="linux freebsd netbsd" -arch="amd64 arm arm64 386" -parallel=4 -ldflags "$(LDFLAGS)" -output "dist/mikrotik-exporter_{{.OS}}_{{.Arch}}" @ghr -t $(GITHUB_TOKEN) -u $(CIRCLE_PROJECT_USERNAME) -r $(CIRCLE_PROJECT_REPONAME) -replace $(VERSION) dist/ -dockerhub: deploy +dockerhub: @docker login -u $(DOCKER_USER) -p $(DOCKER_PASS) docker build -t $(CIRCLE_PROJECT_USERNAME)/$(CIRCLE_PROJECT_REPONAME):$(VERSION) . docker push $(CIRCLE_PROJECT_USERNAME)/$(CIRCLE_PROJECT_REPONAME):$(VERSION) diff --git a/scripts/build-armhf.sh b/scripts/build-armhf.sh deleted file mode 100755 index 0177dcdc..00000000 --- a/scripts/build-armhf.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -e -set -x - -DIR=`pwd` -NAME=`basename ${DIR}` -SHA=`git rev-parse --short HEAD` -VERSION=${VERSION:-$SHA} - -GOOS=linux GOARCH=arm go build . - -docker build -t nshttpd/${NAME}:${VERSION}-armhf -f Dockerfile.armhf . -docker push nshttpd/${NAME}:${VERSION}-armhf - -rm mikrotik-exporter \ No newline at end of file diff --git a/scripts/build.sh b/scripts/build.sh deleted file mode 100755 index 4b459981..00000000 --- a/scripts/build.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -set -e -set -x - -DIR=`pwd` -NAME=`basename ${DIR}` -SHA=`git rev-parse --short HEAD` -VERSION=${VERSION:-$SHA} - -GOOS=linux GOARCH=amd64 go build . - -docker build -t nshttpd/${NAME}:${VERSION} . -docker push nshttpd/${NAME}:${VERSION} - -rm mikrotik-exporter \ No newline at end of file diff --git a/scripts/start.sh b/scripts/start.sh deleted file mode 100755 index 0e025bda..00000000 --- a/scripts/start.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -if [ ! -x /app/mikrotik-exporter ]; then - chmod 755 /app/mikrotik-exporter -fi - -if [ -z "$CONFIG_FILE" ] -then - /app/mikrotik-exporter -device $DEVICE -address $ADDRESS -user $USER -password $PASSWORD -else - /app/mikrotik-exporter -config-file $CONFIG_FILE -fi