bretton.dev
A community based topic aggregation platform built on atproto
1# Coves AppView - Multi-stage Dockerfile
2# Builds a minimal production image for the Go server
3
4# Stage 1: Build
5FROM golang:1.25-alpine AS builder
6
7# Install build dependencies
8RUN apk add --no-cache git ca-certificates tzdata
9
10# Set working directory
11WORKDIR /build
12
13# Copy go mod files first (better caching)
14COPY go.mod go.sum ./
15RUN go mod download
16
17# Copy source code
18COPY . .
19
20# Build the binary
21# CGO_ENABLED=0 for static binary (no libc dependency)
22# -ldflags="-s -w" strips debug info for smaller binary
23RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
24 -ldflags="-s -w" \
25 -o /build/coves-server \
26 ./cmd/server
27
28# Stage 2: Runtime
29FROM alpine:3.19
30
31# Install runtime dependencies
32RUN apk add --no-cache ca-certificates tzdata
33
34# Create non-root user for security
35RUN addgroup -g 1000 coves && \
36 adduser -u 1000 -G coves -s /bin/sh -D coves
37
38# Set working directory
39WORKDIR /app
40
41# Copy binary from builder
42COPY --from=builder /build/coves-server /app/coves-server
43
44# Copy migrations (needed for goose)
45# Must maintain path structure as app looks for internal/db/migrations
46COPY --from=builder /build/internal/db/migrations /app/internal/db/migrations
47
48# Copy static assets (images, etc. for the web interface)
49COPY --from=builder /build/static /app/static
50
51# Set ownership
52RUN chown -R coves:coves /app
53
54# Switch to non-root user
55USER coves
56
57# Expose port
58EXPOSE 8080
59
60# Health check
61HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
62 CMD wget --spider -q http://localhost:8080/xrpc/_health || exit 1
63
64# Run the server
65ENTRYPOINT ["/app/coves-server"]