Skip to content

Commit a386efd

Browse files
41tair41tair
authored
build serverless mode image with no-root permission (#463)
1 parent b06732f commit a386efd

File tree

5 files changed

+40
-121
lines changed

5 files changed

+40
-121
lines changed

docker/serverless.dockerfile

Lines changed: 40 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -2,33 +2,60 @@ FROM golang:1.23-alpine AS builder
22

33
ARG VERSION=unknown
44

5-
# copy project
6-
COPY . /app
5+
# Install ca-certificates and timezone data for final stage
6+
RUN apk add --no-cache ca-certificates tzdata
77

8-
# set working directory
8+
# Set working directory
99
WORKDIR /app
1010

11-
# using goproxy if you have network issues
12-
# ENV GOPROXY=https://goproxy.cn,direct
11+
# Copy go mod files first for better caching
12+
COPY go.mod go.sum ./
13+
RUN go mod download
1314

14-
# build
15-
RUN CGO_ENABLED=0 go build \
15+
# Copy project files
16+
COPY . .
17+
18+
# Build with optimizations and security flags
19+
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
1620
-ldflags "\
21+
-s -w \
1722
-X 'github.com/langgenius/dify-plugin-daemon/internal/manifest.VersionX=${VERSION}' \
1823
-X 'github.com/langgenius/dify-plugin-daemon/internal/manifest.BuildTimeX=$(date -u +%Y-%m-%dT%H:%M:%S%z)'" \
1924
-o /app/main cmd/server/main.go
2025

21-
FROM alpine:latest
26+
# Use Alpine for better permission handling with mounted volumes
27+
FROM alpine:3.20
28+
29+
# Install ca-certificates for SSL/TLS
30+
RUN apk add --no-cache ca-certificates tzdata
2231

32+
# Create non-root user with specific UID/GID for consistency
33+
RUN addgroup -g 1000 appgroup && \
34+
adduser -D -u 1000 -G appgroup appuser
35+
36+
# Set working directory
2337
WORKDIR /app
2438

25-
# check build args
26-
ARG PLATFORM=serverless
39+
# Create storage directory with proper permissions
40+
RUN mkdir -p /app/api/storage && \
41+
chown -R appuser:appgroup /app && \
42+
chmod -R 755 /app
2743

44+
# Build args and environment
45+
ARG PLATFORM=serverless
2846
ENV PLATFORM=$PLATFORM
2947
ENV GIN_MODE=release
48+
ENV TZ=UTC
49+
50+
# Copy binary with proper ownership
51+
COPY --from=builder --chown=appuser:appgroup /app/main /app/main
52+
53+
# Run as non-root user
54+
USER appuser
3055

31-
COPY --from=builder /app/main /app/main
56+
# Health check
57+
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
58+
CMD ["./main", "health"] || exit 1
3259

33-
# run the server
34-
CMD ["./main"]
60+
# Run the server
61+
ENTRYPOINT ["/app/main"]

internal/core/plugin_manager/serverless_runtime/dockerfile/build.go

Lines changed: 0 additions & 30 deletions
This file was deleted.

internal/core/plugin_manager/serverless_runtime/dockerfile/build_test.go

Lines changed: 0 additions & 46 deletions
This file was deleted.

internal/core/plugin_manager/serverless_runtime/dockerfile/python.go

Lines changed: 0 additions & 24 deletions
This file was deleted.

internal/core/plugin_manager/serverless_runtime/dockerfile/python312.dockerfile

Lines changed: 0 additions & 8 deletions
This file was deleted.

0 commit comments

Comments
 (0)