|
|
@@ -1,54 +1,76 @@
|
|
|
-# 使用基于 Alpine 的 Go 镜像
|
|
|
-FROM golang:1.23-alpine AS builder
|
|
|
+# 构建阶段(使用新版官方镜像)
|
|
|
+FROM golang:1.21-alpine3.19 AS builder
|
|
|
|
|
|
# 设置工作目录
|
|
|
WORKDIR /app
|
|
|
|
|
|
-# 替换国内镜像源
|
|
|
-RUN echo "https://mirrors.aliyun.com/alpine/v3.16/main" > /etc/apk/repositories && \
|
|
|
- echo "https://mirrors.aliyun.com/alpine/v3.16/community" >> /etc/apk/repositories
|
|
|
+# 配置Alpine镜像源(使用新版)
|
|
|
+RUN echo -e "https://mirrors.aliyun.com/alpine/v3.19/main\nhttps://mirrors.aliyun.com/alpine/v3.19/community" > /etc/apk/repositories
|
|
|
|
|
|
-# 安装 SQLite 的开发依赖
|
|
|
-RUN apk add --no-cache gcc g++ musl-dev sqlite-dev
|
|
|
+# 安装构建依赖(添加upgrade确保索引最新)
|
|
|
+RUN apk add --no-cache --upgrade \
|
|
|
+ gcc \
|
|
|
+ g++ \
|
|
|
+ musl-dev \
|
|
|
+ sqlite-dev \
|
|
|
+ make
|
|
|
|
|
|
-# 设置 Go 模块代理(可选,用于国内环境)
|
|
|
-ENV GOPROXY=https://goproxy.cn,direct
|
|
|
+# 配置Go环境
|
|
|
+ENV GOPROXY=https://goproxy.cn,direct \
|
|
|
+ CGO_ENABLED=1 \
|
|
|
+ GOOS=linux \
|
|
|
+ GOARCH=amd64
|
|
|
|
|
|
-# 将 go.mod 和 go.sum 复制到容器中
|
|
|
+# 复制依赖文件先进行缓存
|
|
|
COPY go.mod go.sum ./
|
|
|
-
|
|
|
-# 下载依赖
|
|
|
RUN go mod download
|
|
|
|
|
|
-# 将项目代码复制到容器中
|
|
|
+# 复制项目代码
|
|
|
COPY . .
|
|
|
|
|
|
-# 启用 CGO,并针对 Linux 平台编译二进制文件
|
|
|
-RUN CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -o main cmd/main.go
|
|
|
+# 构建可执行文件(添加-ldflags优化)
|
|
|
+RUN go build -ldflags="-w -s" -o /app/main cmd/main.go
|
|
|
|
|
|
-# 使用轻量级的运行镜像
|
|
|
-FROM alpine:3.16
|
|
|
+# 运行时阶段
|
|
|
+FROM alpine:3.19
|
|
|
|
|
|
-# 替换国内镜像源
|
|
|
-RUN echo "https://mirrors.aliyun.com/alpine/v3.16/main" > /etc/apk/repositories && \
|
|
|
- echo "https://mirrors.aliyun.com/alpine/v3.16/community" >> /etc/apk/repositories
|
|
|
+# 配置镜像源和基础依赖
|
|
|
+RUN echo -e "https://mirrors.aliyun.com/alpine/v3.19/main\nhttps://mirrors.aliyun.com/alpine/v3.19/community" > /etc/apk/repositories \
|
|
|
+ && apk update \
|
|
|
+ && apk add --no-cache --upgrade \
|
|
|
+ sqlite-libs \
|
|
|
+ libc6-compat \
|
|
|
+ ca-certificates \
|
|
|
+ tzdata
|
|
|
|
|
|
-# 安装 SQLite 的运行时依赖
|
|
|
-RUN apk add --no-cache sqlite-libs ca-certificates
|
|
|
+# 设置容器时区
|
|
|
+ENV TZ=Asia/Shanghai
|
|
|
|
|
|
-# 设置工作目录
|
|
|
+# 创建专用用户
|
|
|
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
|
|
|
+
|
|
|
+# 设置工作目录并转移所有权
|
|
|
WORKDIR /app
|
|
|
+RUN mkdir -p /app/data/json_files
|
|
|
+COPY --from=builder --chown=appuser:appgroup /app/main .
|
|
|
+COPY --chown=appuser:appgroup config.yaml .
|
|
|
+COPY --chown=appuser:appgroup data/json_files ./data/json_files
|
|
|
+
|
|
|
+# 设置权限
|
|
|
+RUN chmod 755 /app/main \
|
|
|
+ && chmod 644 config.yaml \
|
|
|
+ && chmod -R 755 /app/data
|
|
|
|
|
|
-# 从构建阶段复制二进制文件
|
|
|
-COPY --from=builder /app/main .
|
|
|
-COPY config.yaml .
|
|
|
-COPY data/json_files ./data/json_files
|
|
|
+# 切换到非root用户
|
|
|
+USER appuser
|
|
|
|
|
|
-# 确保二进制文件可执行
|
|
|
-RUN chmod +x main
|
|
|
+# 健康检查
|
|
|
+HEALTHCHECK --interval=30s --timeout=3s \
|
|
|
+ CMD wget --spider http://localhost:8080/healthz || exit 1
|
|
|
|
|
|
-# 暴露服务端口
|
|
|
+# 暴露端口
|
|
|
EXPOSE 8080
|
|
|
|
|
|
-# 设置默认启动命令
|
|
|
-CMD ["./main", "server"]
|
|
|
+# 启动命令
|
|
|
+ENTRYPOINT ["./main"]
|
|
|
+CMD ["server"]
|
