Dockerfile

Dockerfile

@@ -1,57 +1,51 @@
-FROM golang:1.25.3
-RUN go env -w GO111MODULE=on
-RUN go env -w GOPROXY=https://goproxy.cn,direct
-ENV WORKDIR /usr/local/bin/app
-WORKDIR $WORKDIR
+# 阶段1: 构建
+FROM golang:1.25-alpine AS builder
 
-ENV TIME_ZONE=Asia/Seoul
-RUN useradd -ms /bin/bash golang
+RUN apk add --no-cache git ca-certificates tzdata
 
+ENV TZ=Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 
-RUN ln -sf /usr/share/zoneinfo/$TIME_ZONE /etc/localtime \
-    && chmod 0755 /usr/bin/wall \
-    && chmod 0755 /usr/bin/passwd \
-    && chmod 0755 /usr/bin/newgrp \
-    && chmod 0755 /usr/bin/chfn \
-    && chmod 0755 /usr/bin/chage \
-    && chmod 0755 /usr/bin/gpasswd \
-    && chmod 0755 /usr/bin/chsh \
-    && chmod 0755 /usr/bin/expiry \
-    && chmod 0755 /bin/umount \
-    && chmod 0755 /bin/mount \
-    && chmod 0755 /bin/su \
-    && chmod 0755 /sbin/unix_chkpwd \
-    && chmod 110 /usr/bin/chfn \
-    && chmod 110 /usr/bin/passwd \
-    && chmod 110 /usr/bin/newgrp \
-    && chmod 110 /usr/bin/chsh \
-    && chmod 110 /usr/bin/wall \
-    && chmod 110 /usr/bin/gpasswd \
-    && chmod 110 /usr/bin/expiry \
-    && chmod 110 /usr/bin/chage \
-    && chmod 110 /bin/mount \
-    && chmod 110 /bin/umount \
-    && chmod 110 /bin/su \
-    && chmod 110 /sbin/unix_chkpwd \
-    && chmod 110 /usr/lib/openssh/ssh-keysign \
-    && chmod 110 /usr/bin/ssh-agent
+ENV GO111MODULE=on
+ENV GOPROXY=https://goproxy.cn,direct
+ENV CGO_ENABLED=0
+ENV GOTOOLCHAIN=auto
+ENV GOPRIVATE=gitea.com/red-future/common
 
-COPY go.mod go.sum ./
-# RUN chown -R golang:golang $WORKDIR
-RUN go mod download && go mod verify
-COPY ../../cid $WORKDIR
-RUN chown -R golang:golang $WORKDIR
-# Remove SetUID, SetGID
-RUN chmod 0755 /usr/local/bin/app/api \
-    && chmod 0755 /usr/local/bin/app/common \
-    && chmod 0755 /usr/local/bin/app/middleware \
-    && chmod 0755 /usr/local/bin/app/model \
-    && rm -rf .git \
-    && rm -rf .gitignore \
-    && rm -rf .gitlab-ci.yml \
-    && rm -rf Dockerfile.bak \
-    && rm -rf config-local.yml
-USER golang
-RUN go build -v -o /usr/local/bin/app ./...
-EXPOSE 3002
-CMD ./cid
+# 配置git使用私有Gitea仓库
+RUN git config --global url."http://x-token-auth:9b31146aa8c10a7cb4f2e49dcee0934a223be1076289810e1ad98b968066c2bc@116.204.74.41:3000/red-future/common.git".insteadOf "https://gitea.com/red-future/common.git" && \
+    git config --global credential.helper store
+
+WORKDIR /build
+
+# 复制父目录的 common 模块(因为 go.mod 中使用了本地 replace)
+COPY ../common /build/common
+COPY . .
+
+RUN go mod download && go mod tidy
+
+RUN go build -ldflags="-s -w" -o main ./main.go
+
+# 阶段2: 运行
+FROM alpine:3.19
+
+RUN apk add --no-cache ca-certificates tzdata
+
+ENV TZ=Asia/Shanghai
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+WORKDIR /app
+
+COPY --from=builder /build/main .
+COPY --from=builder /build/config.yml ./
+
+RUN mkdir -p /app/resource/log/run \
+             /app/resource/log/server \
+    && adduser -D -u 1000 appuser \
+    && chown -R appuser:appuser /app
+
+USER appuser
+
+EXPOSE 8000
+
+CMD ["./main"]

go.mod

@@ -3,7 +3,7 @@ module cid
 go 1.25.5
 
 require (
-	gitea.com/red-future/common v0.0.4
+	gitea.com/red-future/common v0.0.6
 	github.com/gogf/gf/contrib/drivers/mysql/v2 v2.9.5
 	github.com/gogf/gf/contrib/nosql/redis/v2 v2.9.5
 	github.com/gogf/gf/v2 v2.9.5

go.sum

@@ -1,6 +1,6 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-gitea.com/red-future/common v0.0.4 h1:2QgKc+B2iNfPRncKpmIqIzVwaMGJ3y3dt5v+35YD8SU=
-gitea.com/red-future/common v0.0.4/go.mod h1:UI9N5UUjilbMPF7+/lypZSnqDVHigt14300oSRrAyZg=
+gitea.com/red-future/common v0.0.6 h1:2Otksfcy5V5JCBcqd2eRKh4WwZ/iAiIhJZMr6uM1x+Q=
+gitea.com/red-future/common v0.0.6/go.mod h1:UI9N5UUjilbMPF7+/lypZSnqDVHigt14300oSRrAyZg=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=