evan.jarrett.net / at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage. atcr.io
docker container atproto go
81
fork

Configure Feed

Select the types of activity you want to include in your feed.

minify appview container

Evan Jarrett e7daf3c9 6080e9f0

+53 -22
+53 -22
Dockerfile.appview
··· 1 - # Build stage 2 - FROM golang:1.24-alpine AS builder 1 + # ========================================== 2 + # Stage 1: Build stage with Debian (glibc) 3 + # ========================================== 4 + FROM golang:1.25.2-trixie AS builder 3 5 4 - # Install build dependencies (gcc and musl-dev needed for SQLite CGO) 5 - RUN apk add --no-cache git make gcc musl-dev sqlite-dev 6 + # Install SQLite development libraries (for CGO compilation) 7 + RUN apt-get update && \ 8 + apt-get install -y --no-install-recommends sqlite3 libsqlite3-dev && \ 9 + rm -rf /var/lib/apt/lists/* 6 10 7 11 # Set working directory 8 12 WORKDIR /build 9 13 10 - # Copy go mod files 14 + # Copy go mod files and download dependencies (cached layer) 11 15 COPY go.mod go.sum ./ 12 - 13 - # Download dependencies 14 16 RUN go mod download 15 17 16 18 # Copy source code 17 19 COPY . . 18 20 19 - # Build the binary with CGO enabled for SQLite support 20 - RUN CGO_ENABLED=1 GOOS=linux go build -a -o atcr-appview ./cmd/appview 21 + # Build optimized binary: 22 + # - CGO_ENABLED=1: Required for SQLite (mattn/go-sqlite3) 23 + # - -ldflags="-s -w": Strip debug symbols (~30% size reduction) 24 + # - -tags sqlite_omit_load_extension: Remove SQLite extension loading (~100KB savings) 25 + # - -trimpath: Remove build paths (reproducible builds) 26 + # SQLite is statically embedded in the binary (no runtime .so needed) 27 + RUN CGO_ENABLED=1 go build \ 28 + -ldflags="-s -w" \ 29 + -tags sqlite_omit_load_extension \ 30 + -trimpath \ 31 + -o atcr-appview ./cmd/appview 32 + 33 + # Collect minimal runtime dependencies based on ldd output 34 + RUN mkdir -p /runtime-deps/lib/x86_64-linux-gnu /runtime-deps/lib64 && \ 35 + # Core glibc library (only one the binary links to) 36 + cp -L /lib/x86_64-linux-gnu/libc.so.6 /runtime-deps/lib/x86_64-linux-gnu/ && \ 37 + # Dynamic linker 38 + cp -L /lib64/ld-linux-x86-64.so.2 /runtime-deps/lib64/ && \ 39 + # NSS modules for DNS resolution (loaded via dlopen at runtime, not shown in ldd) 40 + cp -L /lib/x86_64-linux-gnu/libnss_dns.so.2 /runtime-deps/lib/x86_64-linux-gnu/ && \ 41 + cp -L /lib/x86_64-linux-gnu/libnss_files.so.2 /runtime-deps/lib/x86_64-linux-gnu/ && \ 42 + # NSS modules depend on libresolv 43 + cp -L /lib/x86_64-linux-gnu/libresolv.so.2 /runtime-deps/lib/x86_64-linux-gnu/ && \ 44 + # Create NSS config (tells glibc to check /etc/hosts then DNS) 45 + echo "hosts: files dns" > /tmp/nsswitch.conf 46 + 47 + # ========================================== 48 + # Stage 2: Minimal FROM scratch runtime 49 + # ========================================== 50 + FROM scratch 21 51 22 - # Runtime stage 23 - FROM alpine:latest 52 + # Copy minimal glibc runtime dependencies 53 + COPY --from=builder /runtime-deps / 24 54 25 - # Install CA certificates for HTTPS, SQLite runtime libraries, and sqlite CLI for debugging 26 - RUN apk --no-cache add ca-certificates sqlite-libs sqlite 55 + # Copy NSS configuration for DNS resolution 56 + COPY --from=builder /tmp/nsswitch.conf /etc/nsswitch.conf 27 57 28 - # Set working directory 29 - WORKDIR /app 58 + # Copy CA certificates for HTTPS (PDS, Jetstream, relay connections) 59 + COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ 30 60 31 - # Copy binary from builder 32 - COPY --from=builder /build/atcr-appview . 61 + # Copy timezone data for timestamp formatting 62 + COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo 33 63 34 - # Create directories for storage 35 - RUN mkdir -p /var/lib/atcr/blobs /var/lib/atcr/auth 64 + # Copy optimized binary (SQLite embedded) 65 + COPY --from=builder /build/atcr-appview /atcr-appview 36 66 37 - # Expose ports 38 - EXPOSE 5000 5001 67 + # Expose port (main HTTP server) 68 + EXPOSE 5000 39 69 40 70 # OCI image annotations 41 71 LABEL org.opencontainers.image.title="ATCR AppView" \ ··· 48 78 io.atcr.icon="https://imgs.blue/evan.jarrett.net/1TpTNrRelfloN2emuWZDrWmPT0o93bAjEnozjD6UPgoVV9m4" 49 79 50 80 # Run the AppView (no config file - uses environment variables) 51 - ENTRYPOINT ["/app/atcr-appview"] 81 + # Creates /var/lib/atcr directories on first run via Go code 82 + ENTRYPOINT ["/atcr-appview"] 52 83 CMD ["serve"]