container-census/Dockerfile.agent

# Lightweight Agent Dockerfile
# Multi-stage build for Container Census Agent

# Stage 1: Build the Go binary
FROM golang:1.23-alpine AS builder
ENV GOTOOLCHAIN=auto

# Install build dependencies
RUN apk add --no-cache git gcc musl-dev

# Set working directory
WORKDIR /build

# Copy dependency files first (better caching)
COPY go.mod go.sum* ./

# Download dependencies (cached unless go.mod/go.sum changes)
RUN go mod download

# Copy source code
COPY . .

# Tidy if needed (rarely changes cache)
RUN go mod tidy -e

# Build the agent binary
RUN CGO_ENABLED=0 GOOS=linux go build -buildvcs=false -ldflags="-w -s" -o census-agent ./cmd/agent

# Stage 2: Create minimal runtime image
FROM alpine:latest

# Build arg for docker group GID (defaults to 999)
ARG DOCKER_GID=999

# Install ca-certificates for HTTPS
RUN apk --no-cache add ca-certificates tzdata

# Create docker group with host's GID and census user
RUN (getent group ${DOCKER_GID} && delgroup $(getent group ${DOCKER_GID} | cut -d: -f1)) || true && \
    addgroup -g ${DOCKER_GID} docker && \
    addgroup -g 1000 census && \
    adduser -D -u 1000 -G census census && \
    adduser census docker

# Set working directory
WORKDIR /app

# Copy binary from builder
COPY --from=builder /build/census-agent .

# Copy version file
COPY --from=builder /build/.version ./.version

# Create data directory for token persistence
RUN mkdir -p /app/data && chown census:census /app/data

# Switch to non-root user
USER census

# Expose agent port
EXPOSE 9876

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
  CMD wget --no-verbose --tries=1 --spider http://localhost:9876/health || exit 1

# Run the agent
ENTRYPOINT ["./census-agent"]
CMD ["--port=9876"]