A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
minify the knot container
+17
-21
+17
-21
Dockerfile.hold
+17
-21
Dockerfile.hold
···
1
-
# Build stage
2
-
FROM golang:1.24-alpine AS builder
1
+
FROM golang:1.25.2-trixie AS builder
3
2
4
-
WORKDIR /app
3
+
WORKDIR /build
5
4
6
-
# Copy go mod files
7
5
COPY go.mod go.sum ./
8
6
RUN go mod download
9
7
10
-
# Copy source code
11
8
COPY . .
12
9
13
-
# Build the hold service
14
-
RUN CGO_ENABLED=0 GOOS=linux go build -o atcr-hold ./cmd/hold
15
-
16
-
# Runtime stage
17
-
FROM alpine:latest
18
-
19
-
RUN apk --no-cache add ca-certificates
20
-
21
-
WORKDIR /root/
10
+
RUN CGO_ENABLED=0 go build \
11
+
-ldflags="-s -w" \
12
+
-trimpath \
13
+
-o atcr-hold ./cmd/hold
22
14
23
-
# Copy binary from builder
24
-
COPY --from=builder /app/atcr-hold .
15
+
# ==========================================
16
+
# Stage 2: Minimal FROM scratch runtime
17
+
# ==========================================
18
+
FROM scratch
25
19
26
-
# Create directories for storage
27
-
RUN mkdir -p /var/lib/atcr/hold
20
+
# Copy CA certificates for HTTPS (PDS connections)
21
+
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
22
+
# Copy timezone data for timestamp formatting
23
+
COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
24
+
# Copy optimized binary
25
+
COPY --from=builder /build/atcr-hold /atcr-hold
28
26
29
27
# Expose default port
30
28
EXPOSE 8080
···
39
37
org.opencontainers.image.version="0.1.0" \
40
38
io.atcr.icon="https://imgs.blue/evan.jarrett.net/1TpTOdtS60GdJWBYEqtK22y688jajbQ9a5kbYRFtwuqrkBAE"
41
39
42
-
# Run the hold service
43
-
ENTRYPOINT ["./atcr-hold"]
44
-
CMD ["/etc/atcr/hold.yml"]
40
+
ENTRYPOINT ["/atcr-hold"]