Go Docker Skill
Containerize Go applications with production-ready Docker images.
Overview
Best practices for Docker images including multi-stage builds, minimal base images, and security hardening.
Parameters
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
| base_image | string | no | "distroless" | Base: "distroless", "alpine", "scratch" |
| platforms | list | no | ["linux/amd64"] | Target platforms |
Core Topics
Production Dockerfile
dockerfile
# Build stage
FROM golang:1.22-alpine AS builder
WORKDIR /app
# Cache dependencies
COPY go.mod go.sum ./
RUN go mod download && go mod verify
# Build
COPY . .
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
go build -ldflags="-s -w -X main.version=${VERSION}" \
-trimpath -o /app/server ./cmd/api
# Final stage - distroless for security
FROM gcr.io/distroless/static:nonroot
COPY --from=builder /app/server /server
COPY --from=builder /app/configs /configs
USER nonroot:nonroot
EXPOSE 8080 9090
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s \
CMD ["/server", "health"]
ENTRYPOINT ["/server"]
Alpine Variant (when shell needed)
dockerfile
FROM golang:1.22-alpine AS builder
RUN apk add --no-cache ca-certificates tzdata
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 go build -ldflags="-s -w" -o /app/server ./cmd/api
FROM alpine:3.19
RUN apk --no-cache add ca-certificates tzdata && \
adduser -D -u 1000 appuser
COPY --from=builder /app/server /server
USER appuser
EXPOSE 8080
ENTRYPOINT ["/server"]
Docker Compose
yaml
version: '3.8'
services:
api:
build:
context: .
dockerfile: Dockerfile
args:
VERSION: ${VERSION:-dev}
ports:
- "8080:8080"
environment:
- DB_HOST=postgres
- REDIS_HOST=redis
depends_on:
postgres:
condition: service_healthy
healthcheck:
test: ["CMD", "wget", "-q", "--spider", "http://localhost:8080/healthz"]
interval: 10s
timeout: 5s
retries: 3
postgres:
image: postgres:16-alpine
environment:
POSTGRES_DB: app
POSTGRES_USER: app
POSTGRES_PASSWORD: secret
volumes:
- postgres_data:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U app"]
interval: 5s
timeout: 5s
retries: 5
volumes:
postgres_data:
Multi-Platform Build
bash
# Setup buildx docker buildx create --name multiplatform --use # Build for multiple platforms docker buildx build \ --platform linux/amd64,linux/arm64 \ --tag myapp:latest \ --push .
Security Scanning
bash
# Scan with Trivy trivy image myapp:latest # Scan with Docker Scout docker scout cves myapp:latest
Troubleshooting
Failure Modes
| Symptom | Cause | Fix |
|---|---|---|
| Binary not found | Wrong GOOS/GOARCH | Match target platform |
| Permission denied | Root user required | Check file permissions |
| Large image size | No multi-stage | Use distroless/scratch |
Debug Commands
bash
docker build --progress=plain . docker run --rm -it myapp:latest sh docker history myapp:latest
Usage
code
Skill("go-docker")