37 lines
1.2 KiB
Docker
37 lines
1.2 KiB
Docker
# -- Build the Go checker binary ------------------------------------------
|
|
FROM golang:1.25-alpine AS builder
|
|
|
|
ARG CHECKER_VERSION=custom-build
|
|
|
|
WORKDIR /src
|
|
COPY go.mod go.sum* ./
|
|
RUN go mod download
|
|
COPY . .
|
|
RUN CGO_ENABLED=0 go build -tags standalone -ldflags "-X main.Version=${CHECKER_VERSION}" -o /checker-dnsviz .
|
|
|
|
# -- Runtime image: dnsviz (Python) + checker binary ----------------------
|
|
#
|
|
# DNSViz is a Python tool. We base on alpine:3.20 and install dnsviz from
|
|
# its pip distribution along with the C deps it needs (libcrypto, m2crypto,
|
|
# pygraphviz is *not* installed: we only need probe/grok which output JSON).
|
|
FROM alpine:3.20
|
|
|
|
RUN apk add --no-cache \
|
|
python3 \
|
|
py3-pip \
|
|
py3-cryptography \
|
|
py3-dnspython \
|
|
py3-pygraphviz \
|
|
graphviz \
|
|
ca-certificates \
|
|
dnssec-root \
|
|
&& pip3 install --no-cache-dir --break-system-packages dnsviz \
|
|
&& adduser -D -u 65534 -H -s /sbin/nologin checker || true
|
|
|
|
COPY --from=builder /checker-dnsviz /usr/local/bin/checker-dnsviz
|
|
|
|
USER 65534:65534
|
|
EXPOSE 8080
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD ["/usr/local/bin/checker-dnsviz", "-healthcheck"]
|
|
ENTRYPOINT ["/usr/local/bin/checker-dnsviz"]
|