build: multi-stage Dockerfile (node build -> go embed -> distroless)

Three-stage image: node:22-alpine builds the Vite SPA, golang:1.26.4-alpine
compiles the server with the built SPA copied into the //go:embed path
before build, distroless/static-debian12:nonroot runs the static binary
as non-root on :8080. .dockerignore keeps node_modules/dist/docs/git out
of the build context while preserving the internal/web/dist/index.html
placeholder needed for a valid embed target pre-COPY.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01BwxdSt4reTm7Dj1oxRvpP3
This commit is contained in:
2026-07-04 16:15:55 +07:00
parent 7256adf637
commit 7d875ea19a
2 changed files with 35 additions and 0 deletions
+26
View File
@@ -0,0 +1,26 @@
# syntax=docker/dockerfile:1
# --- web build ---
FROM node:22-alpine AS web
WORKDIR /src/web
COPY web/package.json web/package-lock.json ./
RUN npm ci
COPY web/ ./
RUN npm run build
# --- go build ---
FROM golang:1.26.4-alpine AS build
WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download
COPY . .
# SPA собрана на web-стадии — кладём в embed-путь ДО go build
COPY --from=web /src/web/dist ./internal/web/dist
RUN CGO_ENABLED=0 GOOS=linux go build -trimpath -ldflags="-s -w" -o /out/app ./cmd/server
# --- runtime ---
FROM gcr.io/distroless/static-debian12:nonroot
COPY --from=build /out/app /app
EXPOSE 8080
USER nonroot:nonroot
ENTRYPOINT ["/app"]