Initial commit

Dockerfile

@@ -0,0 +1,37 @@
+# -- Build the Go checker binary ------------------------------------------
+FROM golang:1.25-alpine AS builder
+
+ARG CHECKER_VERSION=custom-build
+
+WORKDIR /src
+COPY go.mod go.sum* ./
+RUN go mod download
+COPY . .
+RUN CGO_ENABLED=0 go build -tags standalone -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-dnsviz .
+
+# -- Runtime image: dnsviz (Python) + checker binary ----------------------
+#
+# DNSViz is a Python tool. We base on alpine:3.20 and install dnsviz from
+# its pip distribution along with the C deps it needs (libcrypto, m2crypto,
+# pygraphviz is *not* installed: we only need probe/grok which output JSON).
+FROM alpine:3.20
+
+RUN apk add --no-cache \
+        python3 \
+        py3-pip \
+        py3-cryptography \
+        py3-dnspython \
+        py3-pygraphviz \
+        graphviz \
+        ca-certificates \
+        dnssec-root \
+        && pip3 install --no-cache-dir --break-system-packages dnsviz \
+        && adduser -D -u 65534 -H -s /sbin/nologin checker || true
+
+COPY --from=builder /checker-dnsviz /usr/local/bin/checker-dnsviz
+
+USER 65534:65534
+EXPOSE 8080
+HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
+  CMD ["/usr/local/bin/checker-dnsviz", "-healthcheck"]
+ENTRYPOINT ["/usr/local/bin/checker-dnsviz"]