Untitled

FROM golang:1.11-alpine AS build
WORKDIR /src/
COPY main.go go.* /src/

RUN CGO_ENABLED=0 go build -o /bin/demo
FROM scratch
COPY --from=build /bin/demo /bin/demo ENTRYPOINT ["/bin/demo"]

# p.53 of 344
# The exact details of how this works don’t matter for now, but it uses a fairly standard build process for Go containers called multi-stage builds.
# The first stage starts from an official golang container image, which is just an operating system (in this case Alpine Linux) with the Go language environment installed.
# It runs the go build command to compile the main.go file we saw earlier.
# The result of this is an executable binary file named demo. The second stage takes a completely empty container image (called a scratch image, as in from scratch)
# and copies the demo binary into it.
# Minimal Container Images
# Why the second build stage? Well, the Go language environment, and the rest of Alpine Linux, is really only needed in order to build the program.
# To run the pro‐ gram, all it takes is the demo binary, so the Dockerfile creates a new scratch container to put it in. The resulting image is very small (about 6 MiB)—and
# that’s the image that can be deployed in production.
# Without the second stage, you would have ended up with a container image about 350 MiB in size, 98% of which is unnecessary and will never be executed.
# The smaller the container image, the faster it can be uploaded and downloaded, and the faster it will be to start up.
# Minimal containers also have a reduced attack surface for security issues. The fewer programs there are in your container, the fewer potential vulnerabilities.
# Because Go is a compiled language that can produce self-contained executables, it’s ideal for writing minimal (scratch) containers.
# By comparison, the official Ruby con‐ tainer image is 1.5 GiB; about 250 times bigger than our Go image, and that’s before you’ve added your Ruby program!