Add distroless Docker image variant

.github/workflows/docker.yml

@@ -15,8 +15,8 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Generate Docker tag
-        id: docker_tag
+      - name: Generate Alpine Docker tag
+        id: docker_alpine_tag
         run: |
           DOCKER_IMAGE=miniflux/miniflux
           DOCKER_VERSION=dev
@@ -29,6 +29,20 @@ jobs:
           fi
           echo ::set-output name=tags::${TAGS}
 
+      - name: Generate Distroless Docker tag
+        id: docker_distroless_tag
+        run: |
+          DOCKER_IMAGE=miniflux/miniflux
+          DOCKER_VERSION=dev-distroless
+          if [ "${{ github.event_name }}" = "schedule" ]; then
+          DOCKER_VERSION=nightly-distroless
+          TAGS="${DOCKER_IMAGE}:${DOCKER_VERSION},ghcr.io/${DOCKER_IMAGE}:${DOCKER_VERSION}"
+          elif [[ $GITHUB_REF == refs/tags/* ]]; then
+          DOCKER_VERSION=${GITHUB_REF#refs/tags/}-distroless
+          TAGS="${DOCKER_IMAGE}:${DOCKER_VERSION},ghcr.io/${DOCKER_IMAGE}:${DOCKER_VERSION},${DOCKER_IMAGE}:latest-distroless,ghcr.io/${DOCKER_IMAGE}:latest-distroless"
+          fi
+          echo ::set-output name=tags::${TAGS}
+
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
 
@@ -48,11 +62,20 @@ jobs:
           username: ${{ github.repository_owner }}
           password: ${{ secrets.CR_PAT }}
 
-      - name: Build and push
+      - name: Build and Push Alpine images
         uses: docker/build-push-action@v2
         with:
           context: .
-          file: ./packaging/docker/Dockerfile
+          file: ./packaging/docker/alpine/Dockerfile
           platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64
           push: true
-          tags: ${{ steps.docker_tag.outputs.tags }}
+          tags: ${{ steps.docker_alpine_tag.outputs.tags }}
+
+      - name: Build and Push Distroless images
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          file: ./packaging/docker/distroless/Dockerfile
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.docker_distroless_tag.outputs.tags }}

Makefile

@@ -36,6 +36,7 @@ export PGPASSWORD := postgres
 	integration-test \
 	clean-integration-test \
 	docker-image \
+	docker-image-distroless \
 	docker-images \
 	rpm \
 	debian \
@@ -130,12 +131,15 @@ clean-integration-test:
 	@ psql -U postgres -c 'drop database if exists miniflux_test;'
 
 docker-image:
-	docker build -t $(DOCKER_IMAGE):$(VERSION) -f packaging/docker/Dockerfile .
+	docker build -t $(DOCKER_IMAGE):$(VERSION) -f packaging/docker/alpine/Dockerfile .
+
+docker-image-distroless:
+	docker build -t $(DOCKER_IMAGE):$(VERSION) -f packaging/docker/distroless/Dockerfile .
 
 docker-images:
 	docker buildx build \
 		--platform linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v6 \
-		--file packaging/docker/Dockerfile \
+		--file packaging/docker/alpine/Dockerfile \
 		--tag $(DOCKER_IMAGE):$(VERSION) \
 		--push .
 

packaging/docker/alpine/Dockerfile

@@ -2,7 +2,6 @@ FROM golang:alpine AS build
 RUN apk add --no-cache --update git
 ADD . /go/src/app
 WORKDIR /go/src/app
-RUN go generate
 RUN go build \
     -o miniflux \
     -ldflags="-s -w -X 'miniflux.app/version.Version=`git describe --tags --abbrev=0`' -X 'miniflux.app/version.Commit=`git rev-parse --short HEAD`' -X 'miniflux.app/version.BuildDate=`date +%FT%T%z`'" \

packaging/docker/distroless/Dockerfile

@@ -0,0 +1,23 @@
+FROM golang:latest AS build
+ADD . /go/src/app
+WORKDIR /go/src/app
+RUN go build \
+    -o miniflux \
+    -ldflags="-s -w -X 'miniflux.app/version.Version=`git describe --tags --abbrev=0`' -X 'miniflux.app/version.Commit=`git rev-parse --short HEAD`' -X 'miniflux.app/version.BuildDate=`date +%FT%T%z`'" \
+    main.go
+
+FROM gcr.io/distroless/base
+
+LABEL org.opencontainers.image.title=Miniflux
+LABEL org.opencontainers.image.description="Miniflux is a minimalist and opinionated feed reader"
+LABEL org.opencontainers.image.vendor="Frédéric Guillot"
+LABEL org.opencontainers.image.licenses=Apache-2.0
+LABEL org.opencontainers.image.url=https://miniflux.app
+LABEL org.opencontainers.image.source=https://github.com/miniflux/v2
+LABEL org.opencontainers.image.documentation=https://miniflux.app/docs/
+
+EXPOSE 8080
+ENV LISTEN_ADDR 0.0.0.0:8080
+COPY --from=build /go/src/app/miniflux /usr/bin/miniflux
+USER nonroot:nonroot
+CMD ["/usr/bin/miniflux"]