1# Multi-stage Dockerfile for chromad Go application using Hermit-managed tools
 2
 3# Build stage
 4FROM ubuntu:26.04 AS builder
 5
 6# Install system dependencies
 7RUN apt-get update && apt-get install -y \
 8	curl \
 9	git \
10	ca-certificates \
11	&& rm -rf /var/lib/apt/lists/*
12
13# Set working directory
14WORKDIR /app
15
16# Copy the entire project (including bin directory with Hermit tools)
17COPY . .
18
19# Make Hermit tools executable and add to PATH
20ENV PATH="/app/bin:${PATH}"
21
22# Set Go environment variables for static compilation
23ENV CGO_ENABLED=0
24ENV GOOS=linux
25ENV GOARCH=amd64
26
27# Build the application using just
28RUN just chromad
29
30# Runtime stage
31FROM alpine:3.23 AS runtime
32
33# Install ca-certificates for HTTPS requests
34RUN apk --no-cache add ca-certificates curl
35
36# Create a non-root user
37RUN addgroup -g 1001 chromad && \
38	adduser -D -s /bin/sh -u 1001 -G chromad chromad
39
40# Set working directory
41WORKDIR /app
42
43# Copy the binary from build stage
44COPY --from=builder /app/build/chromad /app/chromad
45
46# Change ownership to non-root user
47RUN chown chromad:chromad /app/chromad
48
49# Switch to non-root user
50USER chromad
51
52# Expose port (default is 8080, but can be overridden via PORT env var)
53EXPOSE 8080
54
55# Set default environment variables
56ENV PORT=8080
57ENV CHROMA_CSRF_KEY="testtest"
58
59# Health check
60HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
61	CMD curl -fsSL http://127.0.0.1:8080/ > /dev/null
62
63# Run the application
64CMD ["sh", "-c", "./chromad --csrf-key=$CHROMA_CSRF_KEY --bind=0.0.0.0:$PORT"]