A community based topic aggregation platform built on atproto
bretton.dev
1# Coves AppView - Multi-stage Dockerfile
2# Builds a minimal production image for the Go server
3
4# Stage 1: Build
5FROM golang:1.23-alpine AS builder
6
7# Install build dependencies
8RUN apk add --no-cache git ca-certificates tzdata
9
10# Set working directory
11WORKDIR /build
12
13# Copy go mod files first (better caching)
14COPY go.mod go.sum ./
15RUN go mod download
16
17# Copy source code
18COPY . .
19
20# Build the binary
21# CGO_ENABLED=0 for static binary (no libc dependency)
22# -ldflags="-s -w" strips debug info for smaller binary
23RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
24 -ldflags="-s -w" \
25 -o /build/coves-server \
26 ./cmd/server
27
28# Stage 2: Runtime
29FROM alpine:3.19
30
31# Install runtime dependencies
32RUN apk add --no-cache ca-certificates tzdata
33
34# Create non-root user for security
35RUN addgroup -g 1000 coves && \
36 adduser -u 1000 -G coves -s /bin/sh -D coves
37
38# Set working directory
39WORKDIR /app
40
41# Copy binary from builder
42COPY --from=builder /build/coves-server /app/coves-server
43
44# Copy migrations (needed for goose)
45COPY --from=builder /build/internal/db/migrations /app/migrations
46
47# Set ownership
48RUN chown -R coves:coves /app
49
50# Switch to non-root user
51USER coves
52
53# Expose port
54EXPOSE 8080
55
56# Health check
57HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
58 CMD wget --spider -q http://localhost:8080/xrpc/_health || exit 1
59
60# Run the server
61ENTRYPOINT ["/app/coves-server"]