signoz/pkg/query-service/Dockerfile
Ankit Nayan 294b6966bf
fix: pkg/query-service/Dockerfile to reduce vulnerabilities (#3492)
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE37-MUSL-458286
- https://snyk.io/vuln/SNYK-ALPINE37-MUSL-458286

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
2023-09-06 16:38:52 +05:30

57 lines
1.4 KiB
Docker

FROM golang:1.21-bookworm AS builder
# LD_FLAGS is passed as argument from Makefile. It will be empty, if no argument passed
ARG LD_FLAGS
ARG TARGETPLATFORM
ENV CGO_ENABLED=1
ENV GOPATH=/go
RUN export GOOS=$(echo ${TARGETPLATFORM} | cut -d / -f1) && \
export GOARCH=$(echo ${TARGETPLATFORM} | cut -d / -f2)
# Prepare and enter src directory
WORKDIR /go/src/github.com/signoz/signoz
# Cache dependencies
ADD go.mod .
ADD go.sum .
RUN go mod download -x
# Add the sources and proceed with build
ADD . .
RUN cd pkg/query-service \
&& go build -tags timetzdata -a -o ./bin/query-service \
-ldflags "-linkmode external -extldflags '-static' -s -w $LD_FLAGS" \
&& chmod +x ./bin/query-service
# use a minimal alpine image
FROM alpine:3.16.7
# Add Maintainer Info
LABEL maintainer="signoz"
# add ca-certificates in case you need them
RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
# set working directory
WORKDIR /root
# copy the binary from builder
COPY --from=builder /go/src/github.com/signoz/signoz/pkg/query-service/bin/query-service .
# copy prometheus YAML config
COPY pkg/query-service/config/prometheus.yml /root/config/prometheus.yml
# Make query-service executable for non-root users
RUN chmod 755 /root /root/query-service
# run the binary
ENTRYPOINT ["./query-service"]
CMD ["-config", "/root/config/prometheus.yml"]
# CMD ["./query-service -config /root/config/prometheus.yml"]
EXPOSE 8080