-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
executable file
·89 lines (69 loc) · 2.6 KB
/
Dockerfile
File metadata and controls
executable file
·89 lines (69 loc) · 2.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
# Multi-stage build for optimized production image
FROM docker.io/golang:1.25-alpine AS builder
# Build arguments for version injection
ARG BUILD_VERSION=dev
ARG BUILD_VERSION_CODE=0
ARG BUILD_COMMIT=unknown
ARG BUILD_DATE=unknown
# Install build dependencies
RUN apk add --no-cache git ca-certificates tzdata curl make gcc musl-dev
# Set working directory
WORKDIR /app
# Copy all source code first (needed for local replace directives)
COPY . .
# Download dependencies with GOTOOLCHAIN=auto to handle newer Go versions
ENV GOTOOLCHAIN=auto
RUN go mod download
# Note: Tests are run in CI before Docker build, skip here for faster builds
# Build the application with optimizations and version info
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \
-ldflags="-w -s -extldflags \"-static\" \
-X dev.helix.agent/internal/version.Version=${BUILD_VERSION} \
-X dev.helix.agent/internal/version.VersionCode=${BUILD_VERSION_CODE} \
-X dev.helix.agent/internal/version.GitCommit=${BUILD_COMMIT} \
-X dev.helix.agent/internal/version.BuildDate=${BUILD_DATE} \
-X dev.helix.agent/internal/version.Builder=docker" \
-a -installsuffix cgo \
-o helixagent \
./cmd/helixagent
# Production stage
FROM docker.io/alpine:latest
# Install runtime dependencies
RUN apk --no-cache add \
ca-certificates \
tzdata \
curl \
jq \
dumb-init \
&& rm -rf /var/cache/apk/*
# Create non-root user with proper UID/GID
RUN addgroup -g 1001 -S helixagent && \
adduser -u 1001 -S helixagent -G helixagent -h /app -s /bin/sh
# Set working directory
WORKDIR /app
# Copy binary from builder stage
COPY --from=builder /app/helixagent .
COPY --from=builder /app/*.md ./
# Create necessary directories with proper permissions
RUN mkdir -p /app/plugins /app/logs /app/config /app/data && \
chown -R helixagent:helixagent /app && \
chmod 755 /app
# Switch to non-root user
USER helixagent
# Re-declare ARG after FROM to use in labels
ARG BUILD_VERSION=dev
# Add labels for metadata
LABEL org.opencontainers.image.title="HelixAgent" \
org.opencontainers.image.description="AI-powered ensemble LLM service" \
org.opencontainers.image.version="${BUILD_VERSION}" \
org.opencontainers.image.vendor="HelixAgent" \
org.opencontainers.image.licenses="MIT"
# Expose port
EXPOSE 7061
# Health check with better reliability
HEALTHCHECK --interval=30s --timeout=10s --start-period=10s --retries=3 \
CMD curl -f -s http://localhost:7061/health > /dev/null || exit 1
# Use dumb-init for proper signal handling
ENTRYPOINT ["/usr/bin/dumb-init", "--"]
# Run the application
CMD ["./helixagent"]