Update Dockerfile to a multi-stage build

- Hugo container is based on SCRATCH to further reduce the footprint
  and the vulnerability surface
- Update Alpine image to 3.7 in the build container
- Update Go Lang to 1.10 in the build container
- Add .dockerignore file per the Docker best practices

Closes #4154, #4155, #4157

diff --git a/.dockerignore b/.dockerignore
new file mode 100644 (file)
index 0000000..3342288
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,8 @@
+*.md
+*.log
+*.txt
+.git
+.github
+.circleci
+docs
+examples

diff --git a/Dockerfile b/Dockerfile
index 14834dcc2896690978fd527d6d32639126830509..1086f4f97958771a3e4ba2a8019388319908f156 100644 (file)
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,23 +1,27 @@
-FROM golang:1.9.0-alpine3.6 AS build
+# GitHub:       https://github.com/gohugoio
+# Twitter:      https://twitter.com/gohugoio
+# Website:      https://gohugo.io/
 
-RUN apk add --no-cache --virtual git musl-dev
-RUN go get github.com/golang/dep/cmd/dep
+FROM golang:1.10.0-alpine3.7 AS build
+
+ENV CGO_ENABLED=0
+ENV GOOS=linux
 
 WORKDIR /go/src/github.com/gohugoio/hugo
-ADD . /go/src/github.com/gohugoio/hugo/
-RUN dep ensure
-RUN go install -ldflags '-s -w'
+RUN apk add --no-cache \
+    git \
+    musl-dev && \
+  go get github.com/golang/dep/cmd/dep
+COPY . /go/src/github.com/gohugoio/hugo/
+RUN dep ensure -vendor-only && \
+  go install -ldflags '-s -w'
+
+# ---
 
-FROM alpine:3.6
-RUN \
-  adduser -h /site -s /sbin/nologin -u 1000 -D hugo && \
-  apk add --no-cache \
-    dumb-init
-COPY --from=build /go/bin/hugo /bin/hugo
-USER    hugo
+FROM scratch
+COPY --from=build /go/bin/hugo /hugo
 WORKDIR /site
 VOLUME  /site
 EXPOSE  1313
-
-ENTRYPOINT ["/usr/bin/dumb-init", "--", "hugo"]
+ENTRYPOINT [ "/hugo" ]
 CMD [ "--help" ]