wood/random-api-go
1
0
Fork 0
mirror of https://github.com/woodchen-ink/random-api-go.git synced 2025-07-18 13:52:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

更新Dockerfile以优化前后端构建流程,添加必要的配置文件复制,调整用户权限,增强安全性。同时更新.gitignore以排除新生成的文件和目录。

Browse Source
This commit is contained in:
wood chen 2025-06-14 17:54:44 +08:00
parent de92403f68
commit 641f00de96
3 changed files with 78 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.dockerignore
View File

@ -1,6 +1,7 @@
# Git # Git
.git .git
.gitignore .gitignore
.gitattributes
# IDE # IDE
.vscode .vscode
@ -8,10 +9,12 @@
*.swp *.swp
*.swo *.swo
*~ *~
.cursor/
# OS # OS
.DS_Store .DS_Store
Thumbs.db Thumbs.db
desktop.ini
# Logs # Logs
*.log *.log
@ -19,9 +22,10 @@ logs/
data/logs/ data/logs/
data/server.log data/server.log
# Database # Database and runtime data
data/data.db data/data.db
data/stats.json data/stats.json
data/
# Build artifacts # Build artifacts
random-api-go.exe random-api-go.exe
@ -29,8 +33,16 @@ random-api-go
random-api-test random-api-test
*.exe *.exe
# Node.js build artifacts (will be rebuilt in Docker)
web/node_modules/
web/.next/
web/out/
web/.turbo/
# Go # Go
vendor/ vendor/
*.test
*.prof
# Docker # Docker
docker-compose*.yml docker-compose*.yml
@ -40,8 +52,17 @@ test-build.sh
*.md *.md
DOCKER_DEPLOYMENT.md DOCKER_DEPLOYMENT.md
# Environment and config
.env*
!.env.example
# GitHub
.github/
# Misc # Misc
.env *.tmp
.env.local *.temp
.env.example .cache/
# README
README.md README.md

22
.github/workflows/docker.yml vendored
View File

@ -33,12 +33,18 @@ jobs:
uses: actions/setup-go@v4 uses: actions/setup-go@v4
with: with:
go-version: '1.23' go-version: '1.23'
cache: true
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@v3 uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
with:
driver-opts: |
network=host
buildkitd-flags: |
--allow-insecure-entitlement network.host
- name: Login to Docker Hub - name: Login to Docker Hub
uses: docker/login-action@v3 uses: docker/login-action@v3
@ -46,16 +52,30 @@ jobs:
username: woodchen username: woodchen
password: ${{ secrets.ACCESS_TOKEN }} password: ${{ secrets.ACCESS_TOKEN }}
- name: Extract metadata
id: meta
uses: docker/metadata-action@v5
with:
images: woodchen/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,prefix={{branch}}-
type=raw,value=latest,enable={{is_default_branch}}
- name: Build and push multi-arch image - name: Build and push multi-arch image
uses: docker/build-push-action@v5 uses: docker/build-push-action@v5
with: with:
context: . context: .
file: Dockerfile file: Dockerfile
push: true push: true
tags: woodchen/${{ env.IMAGE_NAME }}:latest tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64 platforms: linux/amd64,linux/arm64
cache-from: type=gha cache-from: type=gha
cache-to: type=gha,mode=max cache-to: type=gha,mode=max
build-args: |
BUILDKIT_INLINE_CACHE=1
- name: Execute deployment commands - name: Execute deployment commands
uses: appleboy/ssh-action@master uses: appleboy/ssh-action@master

44
Dockerfile
View File

@ -3,14 +3,26 @@ FROM node:20-alpine AS frontend-builder
WORKDIR /app/web WORKDIR /app/web
# 复制前端依赖文件 # 复制前端依赖文件(优先缓存依赖层)
COPY web/package*.json ./ COPY web/package*.json ./
# 安装前端依赖(包括开发依赖,构建需要) # 安装前端依赖(包括开发依赖,构建需要)
RUN npm ci RUN npm ci --prefer-offline --no-audit --progress=false
# 复制前端源代码 # 复制前端配置文件
COPY web/ ./ COPY web/next.config.ts ./
COPY web/tsconfig.json ./
COPY web/postcss.config.mjs ./
COPY web/components.json ./
COPY web/eslint.config.mjs ./
COPY web/next-env.d.ts ./
# 复制前端源代码目录
COPY web/app ./app
COPY web/components ./components
COPY web/lib ./lib
COPY web/types ./types
COPY web/public ./public
# 构建前端静态文件 # 构建前端静态文件
RUN npm run build RUN npm run build
@ -21,27 +33,31 @@ FROM golang:1.23-alpine AS backend-builder
WORKDIR /app WORKDIR /app
# 安装必要的工具 # 安装必要的工具
RUN apk add --no-cache git RUN apk add --no-cache git ca-certificates tzdata
# 复制 go.mod 和 go.sum 文件 # 复制 go.mod 和 go.sum 文件(优先缓存依赖层)
COPY go.mod go.sum ./ COPY go.mod go.sum ./
# 下载依赖 # 下载依赖
RUN go mod download RUN go mod download && go mod verify
# 复制后端源代码 # 复制后端源代码
COPY . . COPY . .
# 构建后端应用 # 构建后端应用
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o random-api . RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH go build \
-ldflags='-w -s -extldflags "-static"' \
-a -installsuffix cgo \
-o random-api .
# 运行阶段 # 运行阶段
FROM alpine:latest FROM alpine:latest
# 安装必要的工具 # 安装必要的工具
RUN apk --no-cache add ca-certificates tzdata tini RUN apk --no-cache add ca-certificates tzdata tini && \
adduser -D -s /bin/sh appuser
WORKDIR /root/ WORKDIR /app
# 从后端构建阶段复制二进制文件 # 从后端构建阶段复制二进制文件
COPY --from=backend-builder /app/random-api . COPY --from=backend-builder /app/random-api .
@ -49,8 +65,12 @@ COPY --from=backend-builder /app/random-api .
# 从前端构建阶段复制静态文件 # 从前端构建阶段复制静态文件
COPY --from=frontend-builder /app/web/out ./web/out COPY --from=frontend-builder /app/web/out ./web/out
# 创建必要的目录 # 创建必要的目录并设置权限
RUN mkdir -p /root/data/logs RUN mkdir -p /app/data/logs && \
chown -R appuser:appuser /app
# 切换到非root用户
USER appuser
# 暴露端口 # 暴露端口
EXPOSE 5003 EXPOSE 5003