851dd4f265
- Backend (Go): Use scratch image (~5MB), add build cache for modules - Backoffice (NestJS): Add pnpm cache, alpine image, fix Prisma client copy - BFF (Python): Add multi-stage with virtualenv, pip cache, optimized env vars - All: Add non-root users for security
41 lines
1 KiB
Docker
41 lines
1 KiB
Docker
# syntax=docker/dockerfile:1
|
|
|
|
# ===== STAGE 1: Build =====
|
|
FROM golang:1.24-alpine AS builder
|
|
|
|
# Instala certificados SSL para HTTPS
|
|
RUN apk add --no-cache ca-certificates tzdata
|
|
|
|
WORKDIR /build
|
|
|
|
# Cache de dependências - só rebuild se go.mod/go.sum mudar
|
|
COPY go.mod go.sum ./
|
|
RUN --mount=type=cache,target=/go/pkg/mod \
|
|
go mod download && go mod verify
|
|
|
|
# Copia código fonte
|
|
COPY . .
|
|
|
|
# Build otimizado com cache
|
|
RUN --mount=type=cache,target=/go/pkg/mod \
|
|
--mount=type=cache,target=/root/.cache/go-build \
|
|
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
|
|
go build -trimpath -ldflags="-s -w -extldflags '-static'" \
|
|
-o /app/server ./cmd/api
|
|
|
|
# ===== STAGE 2: Runtime (scratch - imagem mínima ~5MB) =====
|
|
FROM scratch
|
|
|
|
# Certificados SSL e timezone
|
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
|
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
|
|
|
|
# Binary
|
|
COPY --from=builder /app/server /server
|
|
|
|
# Usuário não-root (UID 65534 = nobody)
|
|
USER 65534:65534
|
|
|
|
EXPOSE 8080
|
|
|
|
ENTRYPOINT ["/server"]
|