WIP: smaller docker image

Dockerfile

@@ -6,6 +6,12 @@
 ######-
 FROM golang:1.16 as builder
 
+ARG BUILD_IDENTIFIER
+ENV ENV_BUILD_IDENTIFIER=$BUILD_IDENTIFIER
+
+ARG BUILD_VERSION
+ENV ENV_BUILD_VERSION=$BUILD_VERSION
+
 RUN mkdir /build
 
 # Copy the source from the current directory to the Working Directory inside the container
@@ -17,28 +23,32 @@ WORKDIR /build
 # Workaround for failing travis-ci builds
 RUN rm -rf ~/go; rm -rf go.sum
 
+# Download dependencies
+RUN curl -L https://git.prolicht.digital/pub/healthcheck/-/releases/v1.0.1/downloads/binaries/hc -o /build/hc; \
+    chmod +rx /build/hc; \
+    echo "Building version: $ENV_BUILD_IDENTIFIER-$ENV_BUILD_VERSION"
+
 # Build the Go app
-RUN go clean -modcache; go mod tidy; make build
+RUN go clean -modcache; go mod tidy; make build-docker
 
 ######-
 # Here starts the main image
 ######-
-FROM debian:buster
+FROM scratch
 
 # Setup timezone
 ENV TZ=Europe/Vienna
 
-# GOSS for container health checks
+# Import linux stuff from builder.
-ENV GOSS_VERSION v0.3.16
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-RUN apt-get update && apt-get upgrade -y && \
+COPY --from=builder /etc/passwd /etc/passwd
-        apt-get install --no-install-recommends -y moreutils ca-certificates curl && \
+COPY --from=builder /etc/group /etc/group
-        rm -rf /var/cache/apt /var/lib/apt/lists/*; \
-        curl -L https://github.com/aelsabbahy/goss/releases/download/$GOSS_VERSION/goss-linux-amd64 -o /usr/local/bin/goss && \
-        chmod +rx /usr/local/bin/goss && \
-        goss --version
 
-COPY --from=builder /build/dist/wg-portal-amd64 /app/wgportal
+# Import healthcheck binary
-COPY --from=builder /build/scripts /app/
+COPY --from=builder /build/hc /app/hc
+
+# Copy binaries
+COPY --from=builder /build/dist/wgportal /app/wgportal
 
 # Set the Current Working Directory inside the container
 WORKDIR /app
@@ -46,5 +56,4 @@ WORKDIR /app
 # Command to run the executable
 CMD [ "/app/wgportal" ]
 
-HEALTHCHECK --interval=1m --timeout=10s \
+HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 CMD [ "/app/hc", "http://localhost:11223/health" ]
-    CMD /app/docker-healthcheck.sh

Makefile

@@ -18,6 +18,9 @@ build-cross-plat: dep build $(addsuffix -arm,$(addprefix $(BUILDDIR)/,$(BINARIES
 	cp scripts/wg-portal.service $(BUILDDIR)
 	cp scripts/wg-portal.env $(BUILDDIR)
 
+build-docker: dep
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $(GOCMD) build -o $(BUILDDIR)/wgportal -ldflags "-w -s -extldflags \"-static\" -X github.com/h44z/wg-portal/internal/server.Version=${ENV_BUILD_IDENTIFIER}-${ENV_BUILD_VERSION}" cmd/wg-portal/main.go
+
 dep:
 	$(GOCMD) mod download
 

cmd/wg-portal/main.go

@@ -8,6 +8,7 @@ import (
 	"syscall"
 	"time"
 
+	"git.prolicht.digital/pub/healthcheck"
 	"github.com/h44z/wg-portal/internal/server"
 	"github.com/sirupsen/logrus"
 )
@@ -26,6 +27,9 @@ func main() {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
+	// start health check service on port 11223
+	healthcheck.New(healthcheck.WithContext(ctx)).Start()
+
 	service := server.Server{}
 	if err := service.Setup(ctx); err != nil {
 		logrus.Fatalf("setup failed: %v", err)

docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3.6'
 services:
   wg-portal:
-    image: h44z/wg-portal:latest
+    image: h44z/wg-portal:1.0.6
     container_name: wg-portal
     restart: unless-stopped
     cap_add:

go.mod

@@ -3,12 +3,13 @@ module github.com/h44z/wg-portal
 go 1.16
 
 require (
+	git.prolicht.digital/pub/healthcheck v1.0.1
 	github.com/gin-contrib/sessions v0.0.3
 	github.com/gin-gonic/gin v1.6.3
 	github.com/go-ldap/ldap/v3 v3.2.4
 	github.com/go-playground/validator/v10 v10.4.1
 	github.com/gorilla/sessions v1.2.1 // indirect
-	github.com/jordan-wright/email v4.0.1-0.20200917010138-e1c00e156980+incompatible
+	github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/milosgajdos/tenus v0.0.3
 	github.com/pkg/errors v0.9.1

hooks/build

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# File needs to be called /hooks/build relative to the Dockerfile.
+# Some environment variables are injected into the build hook, see: https://docs.docker.com/docker-hub/builds/advanced/.
+
+GIT_SHORT_HASH=$(echo $SOURCE_COMMIT | cut -c1-7)
+echo "Build hook running for git hash $GIT_SHORT_HASH"
+docker build --build-arg BUILD_IDENTIFIER=$DOCKER_TAG \
+             --build-arg BUILD_VERSION=$GIT_SHORT_HASH \
+             -t $IMAGE_NAME .

internal/server/server.go

@@ -104,7 +104,7 @@ func (s *Server) Setup(ctx context.Context) error {
 	if err != nil {
 		return errors.WithMessage(err, "database setup failed")
 	}
-	err = common.MigrateDatabase(s.db, Version)
+	err = common.MigrateDatabase(s.db, DatabaseVersion)
 	if err != nil {
 		return errors.WithMessage(err, "database migration failed")
 	}

internal/server/version.go

@@ -1,3 +1,4 @@
 package server
 
 var Version = "1.0.6"
+var DatabaseVersion = "1.0.6"

scripts/docker-healthcheck.sh

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-set -e
-
-goss -g /app/goss/wgportal/goss.yaml validate --format json_oneline
-
-exit 0

scripts/goss/wgportal/goss-wait.yaml

@@ -1,3 +0,0 @@
-process:
-  wgportal:
-    running: true

scripts/goss/wgportal/goss.yaml

@@ -1,3 +0,0 @@
-process:
-  wgportal:
-    running: true