Build with Modules, Ship from Scratch

If you use dep, check out my previous post instead.

Goals:

The application executable is compiled inside a container, in order to boost reproducibility

The resulting image must be as small as possible

as possible The application must run in a container as secure as possible: an unprivileged user in a minimal environment

as possible: an unprivileged user in a minimal environment The application must be able to make HTTPS calls

It is a multistage Dockerfile: the first throwaway stage is used for building, while the final image will only contain the compiled binary executable.

The dependencies are fetched at build time using the go.mod and go.sum files; an alternative Dockerfile for vendored dependencies is available at the bottom of this post.