Update Dockerfiles to use distroless base images (#79)

* Update Dockerfiles to use distroless base images

* Improve image tags calculation

.github/workflows/build.yml

@@ -26,24 +26,15 @@ jobs:
             image: ghcr.io/mtze/hades/hades-clone-container
 
     steps:
-      - name: Compute Tag
-        uses: actions/github-script@v7
-        id: compute-tag
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
         with:
-          result-encoding: string
-          script: |
-            if (context.eventName === "pull_request") {
-              return "pr-" + context.issue.number;
-            }
-            if (context.eventName === "push") {
-              if (context.ref.startsWith("refs/tags/")) {
-                return context.ref.slice(10);
-              }
-              if (context.ref === "refs/heads/develop") {
-                return "develop";
-              }
-            }
-            return "latest";
+          images: ${{ matrix.image }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=ref,event=pr
 
       - name: Checkout
         uses: actions/checkout@v4
@@ -72,4 +63,4 @@ jobs:
           file: ${{ matrix.dockerfile }}
           platforms: linux/amd64,linux/arm64
           push: true
-          tags: ${{ matrix.image }}:${{ steps.compute-tag.outputs.result }}
+          tags: ${{ steps.meta.outputs.tags }}

HadesAPI/Dockerfile

@@ -15,21 +15,16 @@ COPY ./shared ./shared
 
 # Build the Go application
 WORKDIR /app/HadesAPI
-RUN go build -o hadesCI-api .
+RUN CGO_ENABLED=0 go build -o hadesCI-api .
 
 # Start a new stage for the minimal runtime container
-FROM alpine:latest
-
-RUN apk update && apk add --no-cache ca-certificates libc6-compat
+FROM gcr.io/distroless/static-debian12
 
 # Set the working directory inside the minimal runtime container
 WORKDIR /app
 
 # Copy the built binary from the builder container into the minimal runtime container
 COPY --from=builder /app/HadesAPI/hadesCI-api . 
 
-# Ensure the binary is executable
-RUN chmod +x /app/hadesCI-api
-
 # Run your Go application
 CMD ["/app/hadesCI-api"]

HadesCloneContainer/Dockerfile

@@ -12,19 +12,16 @@ RUN go mod download
 COPY ./HadesCloneContainer ./
 
 # Build the Go application
-RUN go build -o hades-clone .
+RUN CGO_ENABLED=0 go build -o hades-clone .
 
 # Start a new stage for the minimal runtime container
-FROM alpine:latest
+FROM gcr.io/distroless/static-debian12
 
 # Set the working directory inside the minimal runtime container
 WORKDIR /app
 
 # Copy the built binary from the builder container into the minimal runtime container
 COPY --from=builder /app/hades-clone . 
 
-# Ensure the binary is executable
-RUN chmod +x /app/hades-clone
-
 # Run your Go application and then sleep indefinitely
 ENTRYPOINT ["/app/hades-clone"]

HadesScheduler/Dockerfile

@@ -15,21 +15,16 @@ COPY ./shared ./shared
 
 # Build the Go application
 WORKDIR /app/HadesScheduler
-RUN go build -o hadesCI-scheduler .
+RUN CGO_ENABLED=0 go build -o hadesCI-scheduler .
 
 # Start a new stage for the minimal runtime container
-FROM alpine:latest
-
-RUN apk update && apk add --no-cache ca-certificates libc6-compat
+FROM gcr.io/distroless/static-debian12
 
 # Set the working directory inside the minimal runtime container
 WORKDIR /app
 
 # Copy the built binary from the builder container into the minimal runtime container
 COPY --from=builder /app/HadesScheduler/hadesCI-scheduler . 
 
-# Ensure the binary is executable
-RUN chmod +x /app/hadesCI-scheduler
-
 # Run your Go application
 CMD ["/app/hadesCI-scheduler"]