From 02fd91da8698669581db48df9cc56fc4eff22d14 Mon Sep 17 00:00:00 2001
From: appleboy <appleboy.tw@gmail.com>
Date: Sun, 6 Apr 2025 14:45:30 +0000
Subject: [PATCH] build: switch Docker images to Debian and optimize build
 process (#19)

- Switch base image from `golang:1.24-alpine` to `golang:1.24-bullseye` for the build stage
- Update working directory from `/build` to `/app`
- Separate the copying of go.mod and go.sum files before downloading dependencies
- Add comments for build stages and process steps
- Switch final stage base image from `ubuntu:24.04` to `debian:bullseye-slim`
- Improve installation of ca-certificates and clean up the apt lists afterward
- Create and switch to a non-root user named `gitea-mcp`
- Change the file copy command to `--chown=1000:1000 /app/gitea-mcp`
- Update `CMD` to use an absolute path `/app/gitea-mcp`

Signed-off-by: appleboy <appleboy.tw@gmail.com>

Reviewed-on: https://gitea.com/gitea/gitea-mcp/pulls/19
Co-authored-by: appleboy <appleboy.tw@gmail.com>
Co-committed-by: appleboy <appleboy.tw@gmail.com>
---
 Dockerfile | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 91f0029..fa0bf0c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,37 @@
-FROM golang:1.24-alpine AS builder
+# Build stage
+FROM golang:1.24-bullseye AS builder
 
 ARG VERSION
 
-WORKDIR /build
+# Set the working directory
+WORKDIR /app
 
-COPY . .
+# Copy go.mod and go.sum files
+COPY go.mod go.sum ./
+
+# Download dependencies
 RUN go mod download
 
+# Copy the source code
+COPY . .
+
 RUN CGO_ENABLED=0 go build -ldflags="-s -w -X main.version=${VERSION}" -o gitea-mcp
 
-FROM ubuntu:24.04
+# Final stage
+FROM debian:bullseye-slim
 
 WORKDIR /app
 
-RUN apt-get update \
-    && apt-get install ca-certificates --no-install-recommends -y
+# Install ca-certificates for HTTPS requests
+RUN apt-get update && \
+    apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /build/gitea-mcp .
+# Create a non-root user
+RUN useradd -r -u 1000 -m gitea-mcp
 
-CMD ["./gitea-mcp", "-t", "stdio"]
\ No newline at end of file
+COPY --from=builder --chown=1000:1000 /app/gitea-mcp .
+
+# Use the non-root user
+USER gitea-mcp
+
+CMD ["/app/gitea-mcp", "-t", "stdio"]
\ No newline at end of file