Docker le # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build FROM alpine COPY !"from=builder /services/blog/bin/server \ /services/blog/bin/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] ⶡ硾םط؞تعي٭تס تؠٛوعنٜؒؕ Docker docker build ךْؕ٭ةلٜغ
Docker le - FROM # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build FROM alpine COPY !"from=builder /services/blog/bin/server \ /services/blog/bin/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] Docker le FROM AS
Docker le - RUN # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build FROM alpine COPY !"from=builder /services/blog/bin/server \ /services/blog/bin/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] !"mount
Docker le - COPY # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build FROM alpine COPY !"from=builder /services/blog/bin/server \ /services/blog/bin/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] !"from
Docker le - USER # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build FROM alpine COPY !"from=builder /services/blog/bin/server \ /services/blog/bin/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] root
Docker le - ENTRYPOINT # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build FROM alpine COPY !"from=builder /services/blog/bin/server \ /services/blog/bin/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] CMD
Multi-stage builds # syntax = docker/dockerfile:experimental # Ϗϧυ͢ΔΠϝʔδ FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build # ՌΛ࣋ͭΠϝʔδ FROM alpine COPY !"from=builder /services/blog/bin/server \ /services/blog/bin/server RUN adduser -D -u 1000 app USER 1000 ENTRYPOINT ["/services/blog/bin/server"] docker build !"target stage
ٕٝؕ؞ٔشبٖ # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog <͕͜͜มߋ͞Εͨ߹↓ͷ෦Λ࠶࣮ߦ> COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build ˝ 㚺催ֵֿזג车♓ס ⽜♐ֿ⫋㲔车 ˝ 㚺催ַ鼧⮆ע儕㶾 מ
؞ٔشبٖס✳亠ֿ樟ם❆ # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY . . RUN go mod download RUN !"mount=type=cache,target=/root/.cache/go-build \ make build
؞ٔشبٖס✳亠ֿ樟ם❆ # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY go.mod go.sum ./ RUN go mod download COPY . . RUN !"mount=type=cache,target=/root/.cache/go-build \ make build # syntax = docker/dockerfile:experimental FROM golang:1.18-alpine AS builder RUN apk !"update add make WORKDIR /services/blog COPY . . RUN go mod download RUN !"mount=type=cache,target=/root/.cache/go-build \ make build
Trivy https://github.com/aquasecurity/trivy Docker git $ trivy image !"severity HIGH hatena/apply-for-internship-2020:latest 2020-08-05T08:44:37.496+0900 WARN You should avoid using the :latest tag as it is cached. You need to specify '!"clear-cache' option when :latest image is changed 2020-08-05T08:44:40.616+0900 INFO Detecting Debian vulnerabilities!!# hatena/apply-for-internship-2020:latest (debian 10.4) ===================================================== Total: 1 (HIGH: 1) +-----------+------------------+----------+-------------------+------------------+--------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-----------+------------------+----------+-------------------+------------------+--------------------------------+ | perl-base | CVE-2020-10878 | HIGH | 5.28.1-6 | 5.28.1-6+deb10u1 | perl: corruption of | | | | | | | intermediate language state | | | | | | | of compiled regular expression | | | | | | | due to!!# | +-----------+------------------+----------+-------------------+------------------+--------------------------------+