pegasus/Dockerfile

# syntax=docker/dockerfile:1.7

############################
# Frontend build (Vite/React)
############################
# Run toolchains on the build machine, not target arch
FROM --platform=$BUILDPLATFORM node:20-alpine AS fe
WORKDIR /src/frontend
COPY frontend/package*.json ./
RUN --mount=type=cache,target=/root/.npm npm ci
COPY frontend/ .
RUN npm run build
# expose artifacts in a neutral location
RUN mkdir -p /out && cp -r dist/* /out/

############################
# Backend build (Go)
############################
FROM --platform=$BUILDPLATFORM golang:1.22-alpine AS be
RUN apk add --no-cache ca-certificates upx git
ARG TARGETOS
ARG TARGETARCH
ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \
    GOPROXY=https://proxy.golang.org,direct \
    GOPRIVATE=scm.bstein.dev

WORKDIR /src/backend

# 1) Cache modules
COPY backend/go.mod backend/go.sum ./
RUN --mount=type=cache,target=/go/pkg/mod go mod download

# 2) Source
COPY backend/ .

# 3) FE assets where the embed expects them (//go:embed web/dist/**)
COPY --from=fe /out ./web/dist

# 4) Tidy (in case new deps appeared)
RUN --mount=type=cache,target=/go/pkg/mod go mod tidy

# 5) Build the binary; fail if build fails; allow UPX to fail only.
RUN --mount=type=cache,target=/go/pkg/mod \
    set -eux; \
    mkdir -p /out; \
    go build -trimpath -ldflags="-s -w" -o /out/pegasus ./main.go; \
    test -f /out/pegasus; \
    upx -q --lzma /out/pegasus || true

############################
# Final, minimal image
############################
FROM gcr.io/distroless/static:nonroot AS final
COPY --from=be /out/pegasus /pegasus
USER nonroot:nonroot
ENTRYPOINT ["/pegasus"]
pegasus fix 2025-09-15 12:09:02 -05:00			`# syntax=docker/dockerfile:1.7`

			`############################`
			`# Frontend build (Vite/React)`
			`############################`
large ui change 2025-09-16 07:37:10 -05:00			`# Run toolchains on the build machine, not target arch`
			`FROM --platform=$BUILDPLATFORM node:20-alpine AS fe`
first pass on pegasus 2025-09-08 00:48:47 -05:00			`WORKDIR /src/frontend`
pegasus fix 2025-09-15 12:09:02 -05:00			`COPY frontend/package*.json ./`
large ui change 2025-09-16 07:37:10 -05:00			`RUN --mount=type=cache,target=/root/.npm npm ci`
pegasus fix 2025-09-15 12:09:02 -05:00			`COPY frontend/ .`
			`RUN npm run build`
			`# expose artifacts in a neutral location`
			`RUN mkdir -p /out && cp -r dist/* /out/`
first pass on pegasus 2025-09-08 00:48:47 -05:00
pegasus fix 2025-09-15 12:09:02 -05:00			`############################`
			`# Backend build (Go)`
			`############################`
large ui change 2025-09-16 07:37:10 -05:00			`FROM --platform=$BUILDPLATFORM golang:1.22-alpine AS be`
pegasus fix 2025-09-15 12:09:02 -05:00			`RUN apk add --no-cache ca-certificates upx git`
large ui change 2025-09-16 07:37:10 -05:00			`ARG TARGETOS`
			`ARG TARGETARCH`
			`ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} \`
pegasus fix 2025-09-15 12:09:02 -05:00			`GOPROXY=https://proxy.golang.org,direct \`
			`GOPRIVATE=scm.bstein.dev`

first pass on pegasus 2025-09-08 00:48:47 -05:00			`WORKDIR /src/backend`
pegasus fix 2025-09-15 12:09:02 -05:00
large ui change 2025-09-16 07:37:10 -05:00			`# 1) Cache modules`
pegasus fix 2025-09-15 12:09:02 -05:00			`COPY backend/go.mod backend/go.sum ./`
			`RUN --mount=type=cache,target=/go/pkg/mod go mod download`

large ui change 2025-09-16 07:37:10 -05:00			`# 2) Source`
pegasus fix 2025-09-15 12:09:02 -05:00			`COPY backend/ .`

large ui change 2025-09-16 07:37:10 -05:00			`# 3) FE assets where the embed expects them (//go:embed web/dist/**)`
pegasus fix 2025-09-15 12:09:02 -05:00			`COPY --from=fe /out ./web/dist`

large ui change 2025-09-16 07:37:10 -05:00			`# 4) Tidy (in case new deps appeared)`
pegasus fix 2025-09-15 12:09:02 -05:00			`RUN --mount=type=cache,target=/go/pkg/mod go mod tidy`

large ui change 2025-09-16 07:37:10 -05:00			`# 5) Build the binary; fail if build fails; allow UPX to fail only.`
pegasus fix 2025-09-15 12:09:02 -05:00			`RUN --mount=type=cache,target=/go/pkg/mod \`
large ui change 2025-09-16 07:37:10 -05:00			`set -eux; \`
			`mkdir -p /out; \`
			`go build -trimpath -ldflags="-s -w" -o /out/pegasus ./main.go; \`
			`test -f /out/pegasus; \`
			`upx -q --lzma /out/pegasus \|\| true`
pegasus fix 2025-09-15 12:09:02 -05:00
			`############################`
			`# Final, minimal image`
			`############################`
			`FROM gcr.io/distroless/static:nonroot AS final`
large ui change 2025-09-16 07:37:10 -05:00			`COPY --from=be /out/pegasus /pegasus`
first pass on pegasus 2025-09-08 00:48:47 -05:00			`USER nonroot:nonroot`
			`ENTRYPOINT ["/pegasus"]`