cli/Dockerfile at main · luxfi/cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Lux CLI - Multi-stage Docker Build
# Stage 1: Install Go 1.25.5 from source
FROM debian:bookworm-slim AS go-builder

RUN apt-get update && apt-get install -y --no-install-recommends \
    wget ca-certificates \
    && rm -rf /var/lib/apt/lists/*

ARG GO_VERSION=1.26
ARG TARGETARCH

RUN wget -q "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" \
    && tar -C /usr/local -xzf "go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" \
    && rm "go${GO_VERSION}.linux-${TARGETARCH}.tar.gz"

# Stage 2: Build the CLI
FROM debian:bookworm-slim AS builder

# Install ca-certificates for HTTPS access during go mod download
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates && rm -rf /var/lib/apt/lists/*

COPY --from=go-builder /usr/local/go /usr/local/go
ENV PATH="/usr/local/go/bin:${PATH}"

WORKDIR /build

# Copy go mod files
COPY go.mod go.sum ./
RUN go mod download

# Copy source
COPY . .

# Build CLI binary
RUN CGO_ENABLED=0 GOOS=linux go build -o lux -ldflags="-s -w" main.go

# Runtime stage - use distroless for minimal size and security
# The static variant includes ca-certificates
FROM gcr.io/distroless/static-debian12:nonroot

# Copy CLI binary from builder
COPY --from=builder /build/lux /usr/local/bin/lux

# Run as nonroot user (uid: 65532)
USER nonroot:nonroot

# Default command
ENTRYPOINT ["lux"]
CMD ["--help"]