FROM golang:1.23 AS builder ENV GO111MODULE=on \ CGO_ENABLED=0 \ GOOS=linux \ GOARCH=amd64 WORKDIR /src COPY . . RUN go build \ -ldflags "-s -w -extldflags '-static'" \ -o /bin/app \ . RUN echo "nobody:x:65534:65534:Nobody:/:" > /etc_passwd FROM alpine:3.20 as compressor RUN apk add --no-cache upx binutils COPY --from=builder --chown=65534:0 /bin/app /app RUN strip /app && upx -q -9 /app FROM scratch COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /etc_passwd /etc/passwd COPY --from=compressor --chown=65534:0 /app /app USER nobody ENTRYPOINT ["/app"]