forked from eval-hub/eval-hub
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathContainerfile
More file actions
93 lines (71 loc) · 3.03 KB
/
Containerfile
File metadata and controls
93 lines (71 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Multi-stage build for the evaluation hub Go service
# Build stage
FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi9/go-toolset:1.25 AS builder
ARG TARGETARCH
USER 0
# Set working directory
WORKDIR /build
# Copy go mod files first for better caching
COPY go.mod go.sum ./
RUN go mod download
# Copy source code
COPY . .
# Build arguments for versioning, please ensure to modify also in the Runtime stage below
ARG BUILD_NUMBER=0.3.0
ARG BUILD_DATE
ARG BUILD_PACKAGE=main
# Build eval-hub binary
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build \
-ldflags="-w -s -X '${BUILD_PACKAGE}.Build=${BUILD_NUMBER}' -X '${BUILD_PACKAGE}.BuildDate=${BUILD_DATE}'" \
-a -installsuffix cgo \
-o eval-hub \
./cmd/eval_hub
# Build eval-runtime-sidecar binary (same image can run either via container command override)
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build \
-ldflags="-w -s -X '${BUILD_PACKAGE}.Build=${BUILD_NUMBER}' -X '${BUILD_PACKAGE}.BuildDate=${BUILD_DATE}'" \
-a -installsuffix cgo \
-o eval-runtime-sidecar \
./cmd/eval_runtime_sidecar
# Build the eval runtime init binary (S3 test-data download)
RUN CGO_ENABLED=0 GOOS=linux GOARCH=${TARGETARCH} go build \
-ldflags="-w -s -X '${BUILD_PACKAGE}.Build=${BUILD_NUMBER}' -X '${BUILD_PACKAGE}.BuildDate=${BUILD_DATE}'" \
-a -installsuffix cgo \
-o eval-runtime-init \
./cmd/eval_runtime_init
# Runtime stage
FROM --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:latest
# Create user and app directory
RUN groupadd -g 1000 evalhub && \
useradd -u 1000 -g evalhub -s /bin/bash -m evalhub && \
mkdir -p /app/config && \
chown -R evalhub:evalhub /app
# Copy both binaries from builder
COPY --from=builder --chown=evalhub:evalhub /build/eval-hub /app/eval-hub
COPY --from=builder --chown=evalhub:evalhub /build/eval-runtime-sidecar /app/eval-runtime-sidecar
COPY --from=builder --chown=evalhub:evalhub /build/eval-runtime-init /app/eval-runtime-init
# The config file should not really be part of the image.
COPY --chown=evalhub:evalhub config/config.yaml /app/config/config.yaml
COPY --chown=evalhub:evalhub config/providers /app/config/providers
COPY --chown=evalhub:evalhub config/collections /app/config/collections
# Set working directory
WORKDIR /app
# Switch to non-root user (numeric UID so Kubernetes runAsNonRoot can verify)
USER 1000
# Expose service port
EXPOSE 8080
# Environment variables
ENV PORT=8080 \
TZ=UTC
# Redeclare build ARGs for labels (ARGs don't cross stage boundaries)
ARG BUILD_NUMBER=0.3.0
ARG BUILD_DATE
# Labels for metadata
LABEL org.opencontainers.image.title="eval-hub" \
org.opencontainers.image.description="Evaluation Hub REST API service" \
org.opencontainers.image.version="${BUILD_NUMBER}" \
org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.authors="eval-hub" \
org.opencontainers.image.vendor="eval-hub"
# Health check removed - wget not available without package installation
# Run the binary
CMD ["/app/eval-hub"]