metis/Dockerfile

# syntax=docker/dockerfile:1.7

ARG TARGETPLATFORM
ARG TARGETOS
ARG TARGETARCH

FROM --platform=$BUILDPLATFORM golang:1.23-bookworm AS build

ARG TARGETOS
ARG TARGETARCH

WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN --mount=type=cache,target=/root/.cache/go-build \
    --mount=type=cache,target=/go/pkg/mod \
    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o /out/metis ./cmd/metis && \
    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o /out/metis-sentinel ./cmd/metis-sentinel && \
    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o /out/oras oras.land/oras/cmd/oras

FROM debian:bookworm-slim AS runtime-base

RUN apt-get update \
    && apt-get install -y --no-install-recommends ca-certificates e2fsprogs fdisk util-linux openssh-client xz-utils \
    && useradd --system --uid 65532 --home-dir /nonexistent --no-create-home --shell /usr/sbin/nologin metis \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app
COPY --from=build /out/metis /usr/local/bin/metis
COPY --from=build /out/metis-sentinel /usr/local/bin/metis-sentinel
COPY --from=build /out/oras /usr/local/bin/oras
COPY inventory.example.yaml /app/inventory.example.yaml
COPY inventory.titan-rpi4.yaml /app/inventory.titan-rpi4.yaml
COPY overlays /app/overlays

FROM runtime-base AS runtime

EXPOSE 8080

USER metis
ENTRYPOINT ["metis"]
CMD ["serve"]

FROM debian:bookworm-slim AS sentinel

RUN apt-get update \
    && apt-get install -y --no-install-recommends ca-certificates util-linux \
    && useradd --system --uid 65532 --home-dir /nonexistent --no-create-home --shell /usr/sbin/nologin metis \
    && rm -rf /var/lib/apt/lists/*

COPY --from=build /out/metis-sentinel /usr/local/bin/metis-sentinel

USER metis
ENTRYPOINT ["metis-sentinel"]
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`# syntax=docker/dockerfile:1.7`

build: publish metis images per architecture 2026-03-31 15:44:37 -03:00			`ARG TARGETPLATFORM`
			`ARG TARGETOS`
			`ARG TARGETARCH`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00
service: run remote build and flash workflows 2026-03-31 20:42:35 -03:00			`FROM --platform=$BUILDPLATFORM golang:1.23-bookworm AS build`
build: publish metis images per architecture 2026-03-31 15:44:37 -03:00
			`ARG TARGETOS`
			`ARG TARGETARCH`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00
			`WORKDIR /src`
			`COPY go.mod go.sum ./`
			`RUN go mod download`
			`COPY . .`
			`RUN --mount=type=cache,target=/root/.cache/go-build \`
			`--mount=type=cache,target=/go/pkg/mod \`
			`CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o /out/metis ./cmd/metis && \`
service: run remote build and flash workflows 2026-03-31 20:42:35 -03:00			`CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o /out/metis-sentinel ./cmd/metis-sentinel && \`
			`CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -o /out/oras oras.land/oras/cmd/oras`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00
			`FROM debian:bookworm-slim AS runtime-base`

			`RUN apt-get update \`
build: include fdisk for image injection 2026-03-31 19:09:47 -03:00			`&& apt-get install -y --no-install-recommends ca-certificates e2fsprogs fdisk util-linux openssh-client xz-utils \`
security(metis): update crypto module and image user 2026-04-22 00:00:39 -03:00			`&& useradd --system --uid 65532 --home-dir /nonexistent --no-create-home --shell /usr/sbin/nologin metis \`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`&& rm -rf /var/lib/apt/lists/*`

			`WORKDIR /app`
			`COPY --from=build /out/metis /usr/local/bin/metis`
			`COPY --from=build /out/metis-sentinel /usr/local/bin/metis-sentinel`
service: run remote build and flash workflows 2026-03-31 20:42:35 -03:00			`COPY --from=build /out/oras /usr/local/bin/oras`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`COPY inventory.example.yaml /app/inventory.example.yaml`
			`COPY inventory.titan-rpi4.yaml /app/inventory.titan-rpi4.yaml`
			`COPY overlays /app/overlays`

			`FROM runtime-base AS runtime`

			`EXPOSE 8080`

security(metis): update crypto module and image user 2026-04-22 00:00:39 -03:00			`USER metis`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`ENTRYPOINT ["metis"]`
			`CMD ["serve"]`

			`FROM debian:bookworm-slim AS sentinel`

			`RUN apt-get update \`
			`&& apt-get install -y --no-install-recommends ca-certificates util-linux \`
security(metis): update crypto module and image user 2026-04-22 00:00:39 -03:00			`&& useradd --system --uid 65532 --home-dir /nonexistent --no-create-home --shell /usr/sbin/nologin metis \`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`&& rm -rf /var/lib/apt/lists/*`

			`COPY --from=build /out/metis-sentinel /usr/local/bin/metis-sentinel`

security(metis): update crypto module and image user 2026-04-22 00:00:39 -03:00			`USER metis`
feat: add metis service and autonomous recovery path 2026-03-31 14:52:50 -03:00			`ENTRYPOINT ["metis-sentinel"]`