Hardening a Go Application
Building from Source
Iron Bank supports building Go applications from source.
ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=ironbank/google/distroless/static
ARG BASE_TAG=nonroot
FROM registry1.dso.mil/ironbank/google/golang:<version> as build
COPY src.tar.gz /
RUN mkdir -p /go/src/github.com/fluxcd/source-controller && \
tar -zxf /source-controller.tar.gz -C /go/src/github.com/fluxcd/source-controller --strip-components=1 && \
cd /go/src/github.com/fluxcd/source-controller && \
CGO_ENABLED=1 go build -o source-controller main.go
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
COPY --from=build /go/src/github.com/fluxcd/source-controller/source-controller /usr/local/bin/
USER 65532:65532
HEALTHCHECK NONE
ENTRYPOINT ["source-controller"]
Example Projects
- source-controller: https://repo1.dso.mil/dsop/fluxcd/source-controller