-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
25 lines (17 loc) · 831 Bytes
/
Dockerfile
File metadata and controls
25 lines (17 loc) · 831 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# syntax=docker/dockerfile:1
FROM --platform=linux/amd64 golang:1.25 AS builder
WORKDIR /src
COPY . .
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags="-s -w" -o /out/enricher ./cmd/enricher
FROM debian:bookworm-slim
# Compute Modules can capture stdout logs by wrapping the entrypoint with `/bin/sh` and `tee`.
# Distroless images do not ship with a shell, so we use a minimal Debian base and install CA certs
# for outbound HTTPS (Gemini) at runtime.
RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /out/enricher /enricher
# Foundry requires the image user to be numeric and non-root.
# Many Foundry-mounted secret/token files are readable by uid 5000.
USER 5000:5000
ENTRYPOINT ["/enricher", "foundry"]