Skip to content

Hardening a Go Application

Building from Source

Iron Bank supports building Go applications from source.

ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=ironbank/google/distroless/static
ARG BASE_TAG=nonroot

FROM registry1.dso.mil/ironbank/google/golang:<version> as build

COPY src.tar.gz /

RUN mkdir -p /go/src/github.com/fluxcd/source-controller && \
    tar -zxf /source-controller.tar.gz -C /go/src/github.com/fluxcd/source-controller --strip-components=1 && \
    cd /go/src/github.com/fluxcd/source-controller && \
    CGO_ENABLED=1 go build -o source-controller main.go

FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}

COPY --from=build /go/src/github.com/fluxcd/source-controller/source-controller /usr/local/bin/

USER 65532:65532

HEALTHCHECK NONE

ENTRYPOINT ["source-controller"]

Example Projects

  • source-controller: https://repo1.dso.mil/dsop/fluxcd/source-controller