mAi
9466759aeb
- Multi-stage Dockerfile: golang:1.25-alpine builder → distroless static runtime as nonroot. Image weighs ~15 MB. Embeds templates, static assets and migrations into the single binary. - deploy/dokploy.yaml documents the Dokploy app for projax.msbls.de: Tailscale-only, healthz path, single replica, secret PROJAX_DB_URL. Translates to the Dokploy UI; not auto-applied. - README rewritten as runbook: env vars, route table, test command, deploy notes, trust model (Tailscale + no auth in v1, defer to Supabase auth if it ever outgrows the fence), schema summary. - .dockerignore strips .git, .m, .claude, docs, tests from build ctx. - .gitignore covers ad-hoc binary and dist artefacts. Verified locally: docker build succeeds, container responds to /healthz and / against msupabase via --network host.
16 lines
382 B
Docker
16 lines
382 B
Docker
# syntax=docker/dockerfile:1.6
|
|
|
|
FROM golang:1.25-alpine AS build
|
|
WORKDIR /src
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
COPY . .
|
|
RUN CGO_ENABLED=0 go build -trimpath -ldflags="-s -w" -o /out/projax ./cmd/projax
|
|
|
|
FROM gcr.io/distroless/static-debian12:nonroot
|
|
COPY --from=build /out/projax /projax
|
|
ENV PROJAX_LISTEN_ADDR=:8080
|
|
EXPOSE 8080
|
|
USER nonroot:nonroot
|
|
ENTRYPOINT ["/projax"]
|