Add healthcheck endpoints and scripts

06-building-container-images/api-golang/Dockerfile.7

@@ -0,0 +1,58 @@
+# Pin specific version for stability
+# Use separate stage for building image
+# Use debian for easier build utilities
+FROM golang:1.19-bullseye AS build
+
+# Add non root user
+RUN useradd -u 1001 nonroot
+
+WORKDIR /app 
+
+# Copy only files required to install dependencies (better layer caching)
+COPY go.mod go.sum ./
+
+# Use cache mount to speed up install of existing dependencies
+RUN --mount=type=cache,target=/go/pkg/mod \
+  --mount=type=cache,target=/root/.cache/go-build \
+  go mod download
+
+COPY . .
+
+# Compile healthcheck
+RUN go build \
+  -ldflags="-linkmode external -extldflags -static" \
+  -tags netgo \
+  -o healthcheck \
+  ./healthcheck/healthcheck.go
+
+# Compile application during build rather than at runtime
+# Add flags to statically link binary
+RUN go build \
+  -ldflags="-linkmode external -extldflags -static" \
+  -tags netgo \
+  -o api-golang
+
+# Use separate stage for deployable image
+FROM scratch
+
+# Set gin mode
+ENV GIN_MODE=release
+
+WORKDIR /
+
+# Copy the passwd file
+COPY --from=build /etc/passwd /etc/passwd
+
+# Copy the healthcheck binary from the build stage
+COPY --from=build /app/healthcheck/healthcheck healthcheck
+
+# Copy the app binary from the build stage
+COPY --from=build /app/api-golang api-golang
+
+# Use nonroot user
+USER nonroot
+
+# Indicate expected port
+EXPOSE 8080
+
+CMD ["/api-golang"]

06-building-container-images/api-golang/Makefile

@@ -11,7 +11,7 @@ build-N:
 
 .PHONY: build-all
 build-all:
-	for number in 0 1 2 3 4 5 6 ; do \
+	for number in 0 1 2 3 4 5 6 7; do \
 			N=$$number $(MAKE) build-N; \
 	done
 
@@ -21,6 +21,6 @@ push-N:
 
 .PHONY: push-all
 push-all:
-	for number in 0 1 2 3 4 5 6 ; do \
+	for number in 0 1 2 3 4 5 6 7; do \
 			N=$$number $(MAKE) push-N; \
 	done

06-building-container-images/api-node/Dockerfile.8

@@ -0,0 +1,39 @@
+# Pin specific version for stability
+# Use alpine for reduced image size
+FROM node:19.4-alpine
+
+# Set NODE_ENV
+ENV NODE_ENV production
+
+# Specify working directory other than /
+WORKDIR /usr/src/app
+
+# Copy only files required to install
+# dependencies (better layer caching)
+COPY package*.json ./
+
+# Install only production dependencies
+# Use cache mount to speed up install of existing dependencies
+RUN --mount=type=cache,target=/usr/src/app/.npm \
+  npm set cache /usr/src/app/.npm && \
+  npm ci --only=production
+
+# Use non-root user
+# Use --chown on COPY commands to set file permissions
+USER node
+
+# Copy the healthcheck script
+COPY --chown=node:node ./healthcheck/ .
+
+# Copy remaining source code AFTER installing dependencies. 
+# Again, copy only the necessary files
+COPY --chown=node:node ./src/ .
+
+# Indicate expected port
+EXPOSE 3000
+
+CMD [ "node", "index.js" ]
+
+# TODO: Use multi-stage with distroless image or chainguard image? 
+# https://github.com/GoogleContainerTools/distroless/blob/main/examples/nodejs/Dockerfile
+# https://edu.chainguard.dev/chainguard/chainguard-images/reference/node/overview/

06-building-container-images/api-node/Makefile

@@ -11,7 +11,7 @@ build-N:
 
 .PHONY: build-all
 build-all:
-	for number in 0 1 2 3 4 5 6 7 ; do \
+	for number in 0 1 2 3 4 5 6 7 8; do \
 			N=$$number $(MAKE) build-N; \
 	done
 
@@ -21,6 +21,6 @@ push-N:
 
 .PHONY: push-all
 push-all:
-	for number in 0 1 2 3 4 5 6 7; do \
+	for number in 0 1 2 3 4 5 6 7 8; do \
 			N=$$number $(MAKE) push-N; \
 	done