debian-forge-composer/Containerfile.production

# Debian Forge Composer Production Container
# Go-based build for the Debian Forge Composer service

FROM golang:1.23-bullseye AS builder

# Install system dependencies for building
RUN apt-get update && apt-get install -y \
    libgpgme-dev \
    libbtrfs-dev \
    pkg-config \
    build-essential \
    git \
    ca-certificates \
    libkrb5-dev \
    libgssapi-krb5-2 \
    && rm -rf /var/lib/apt/lists/*

# Set working directory
WORKDIR /app

# Copy go mod files
COPY go.mod go.sum ./

# Download dependencies
RUN go mod download

# Copy source code
COPY . .

# Build the binaries
RUN go build -o bin/osbuild-composer ./cmd/osbuild-composer && \
    go build -o bin/osbuild-worker ./cmd/osbuild-worker

# Production stage
FROM debian:bullseye-slim

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user for security
RUN useradd -r -s /bin/false -u 1000 composer

# Set working directory
WORKDIR /app

# Copy binaries from builder stage
COPY --from=builder /app/bin/ /app/bin/

# Create necessary directories
RUN mkdir -p /var/lib/composer /var/log/composer /etc/osbuild-composer && \
    chown -R composer:composer /var/lib/composer /var/log/composer /etc/osbuild-composer /app

# Switch to non-root user
USER composer

# Expose the default composer port
EXPOSE 8080

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8080/health || exit 1

# Default command
CMD ["/app/bin/osbuild-composer", "--config", "/etc/osbuild-composer/osbuild-composer.toml"]

# Labels for container management
LABEL org.opencontainers.image.title="Debian Forge Composer"
LABEL org.opencontainers.image.description="Debian Forge Composer - OSBuild API server"
LABEL org.opencontainers.image.vendor="Debian Forge Team"
LABEL org.opencontainers.image.source="https://git.raines.xyz/particle-os/debian-forge-composer"