willdot.net / at-container-registry
forked from evan.jarrett.net/at-container-registry
A container registry that uses the AT Protocol for manifest storage and S3 for blob storage.
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

minify appview container

Evan Jarrett e7daf3c9 6080e9f0

+53 -22
+53 -22
Dockerfile.appview
··· 1 - # Build stage 2 - FROM golang:1.24-alpine AS builder 1 + # ========================================== 2 + # Stage 1: Build stage with Debian (glibc) 3 + # ========================================== 4 + FROM golang:1.25.2-trixie AS builder 3 5 4 - # Install build dependencies (gcc and musl-dev needed for SQLite CGO) 5 - RUN apk add --no-cache git make gcc musl-dev sqlite-dev 6 + # Install SQLite development libraries (for CGO compilation) 7 + RUN apt-get update && \ 8 + apt-get install -y --no-install-recommends sqlite3 libsqlite3-dev && \ 9 + rm -rf /var/lib/apt/lists/* 6 10 7 11 # Set working directory 8 12 WORKDIR /build 9 13 10 - # Copy go mod files 14 + # Copy go mod files and download dependencies (cached layer) 11 15 COPY go.mod go.sum ./ 12 - 13 - # Download dependencies 14 16 RUN go mod download 15 17 16 18 # Copy source code 17 19 COPY . . 18 20 19 - # Build the binary with CGO enabled for SQLite support 20 - RUN CGO_ENABLED=1 GOOS=linux go build -a -o atcr-appview ./cmd/appview 21 + # Build optimized binary: 22 + # - CGO_ENABLED=1: Required for SQLite (mattn/go-sqlite3) 23 + # - -ldflags="-s -w": Strip debug symbols (~30% size reduction) 24 + # - -tags sqlite_omit_load_extension: Remove SQLite extension loading (~100KB savings) 25 + # - -trimpath: Remove build paths (reproducible builds) 26 + # SQLite is statically embedded in the binary (no runtime .so needed) 27 + RUN CGO_ENABLED=1 go build \ 28 + -ldflags="-s -w" \ 29 + -tags sqlite_omit_load_extension \ 30 + -trimpath \ 31 + -o atcr-appview ./cmd/appview 32 + 33 + # Collect minimal runtime dependencies based on ldd output 34 + RUN mkdir -p /runtime-deps/lib/x86_64-linux-gnu /runtime-deps/lib64 && \ 35 + # Core glibc library (only one the binary links to) 36 + cp -L /lib/x86_64-linux-gnu/libc.so.6 /runtime-deps/lib/x86_64-linux-gnu/ && \ 37 + # Dynamic linker 38 + cp -L /lib64/ld-linux-x86-64.so.2 /runtime-deps/lib64/ && \ 39 + # NSS modules for DNS resolution (loaded via dlopen at runtime, not shown in ldd) 40 + cp -L /lib/x86_64-linux-gnu/libnss_dns.so.2 /runtime-deps/lib/x86_64-linux-gnu/ && \ 41 + cp -L /lib/x86_64-linux-gnu/libnss_files.so.2 /runtime-deps/lib/x86_64-linux-gnu/ && \ 42 + # NSS modules depend on libresolv 43 + cp -L /lib/x86_64-linux-gnu/libresolv.so.2 /runtime-deps/lib/x86_64-linux-gnu/ && \ 44 + # Create NSS config (tells glibc to check /etc/hosts then DNS) 45 + echo "hosts: files dns" > /tmp/nsswitch.conf 46 + 47 + # ========================================== 48 + # Stage 2: Minimal FROM scratch runtime 49 + # ========================================== 50 + FROM scratch 21 51 22 - # Runtime stage 23 - FROM alpine:latest 52 + # Copy minimal glibc runtime dependencies 53 + COPY --from=builder /runtime-deps / 24 54 25 - # Install CA certificates for HTTPS, SQLite runtime libraries, and sqlite CLI for debugging 26 - RUN apk --no-cache add ca-certificates sqlite-libs sqlite 55 + # Copy NSS configuration for DNS resolution 56 + COPY --from=builder /tmp/nsswitch.conf /etc/nsswitch.conf 27 57 28 - # Set working directory 29 - WORKDIR /app 58 + # Copy CA certificates for HTTPS (PDS, Jetstream, relay connections) 59 + COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ 30 60 31 - # Copy binary from builder 32 - COPY --from=builder /build/atcr-appview . 61 + # Copy timezone data for timestamp formatting 62 + COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo 33 63 34 - # Create directories for storage 35 - RUN mkdir -p /var/lib/atcr/blobs /var/lib/atcr/auth 64 + # Copy optimized binary (SQLite embedded) 65 + COPY --from=builder /build/atcr-appview /atcr-appview 36 66 37 - # Expose ports 38 - EXPOSE 5000 5001 67 + # Expose port (main HTTP server) 68 + EXPOSE 5000 39 69 40 70 # OCI image annotations 41 71 LABEL org.opencontainers.image.title="ATCR AppView" \ ··· 48 78 io.atcr.icon="https://imgs.blue/evan.jarrett.net/1TpTNrRelfloN2emuWZDrWmPT0o93bAjEnozjD6UPgoVV9m4" 49 79 50 80 # Run the AppView (no config file - uses environment variables) 51 - ENTRYPOINT ["/app/atcr-appview"] 81 + # Creates /var/lib/atcr directories on first run via Go code 82 + ENTRYPOINT ["/atcr-appview"] 52 83 CMD ["serve"]