https://github.com/ironpeakservices/iron-scratch
Secure base image for running Go (or any other static) applications.
https://github.com/ironpeakservices/iron-scratch
docker go
Last synced: 10 months ago
JSON representation
Secure base image for running Go (or any other static) applications.
- Host: GitHub
- URL: https://github.com/ironpeakservices/iron-scratch
- Owner: ironpeakservices
- License: apache-2.0
- Created: 2019-04-05T08:09:22.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2025-08-23T09:15:56.000Z (10 months ago)
- Last Synced: 2025-08-24T03:34:37.256Z (10 months ago)
- Topics: docker, go
- Language: Dockerfile
- Homepage: https://github.com/ironPeakServices/iron-scratch
- Size: 165 KB
- Stars: 27
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ironpeakservices/iron-scratch
Secure base image for running statically compiled applications.
The default entrypoint is `/app`.
`docker pull ghcr.io/ironpeakservices/iron-scratch/iron-scratch:1.0.0`
## How is this different?
This is based on the empty scratch image, but contains additional things:
- CA Certificates for verifying certificates ([location info](https://golang.org/src/crypto/x509/root_linux.go))
- Timezone files
- An unprivileged user
## Example
```dockerfile
FROM golang:alpine AS builder
ENV GOOS=linux GOARCH=amd64 CGO_ENABLED=0
RUN go build std
COPY main.go /
RUN go build -trimpath -ldflags '-w -s -extldflags "-static"' -o /app /main.go
FROM ghcr.io/ironpeakservices/iron-scratch/iron-scratch:1.0.0
COPY --from=builder /app /app
ENTRYPOINT ["/app"]
```
## Update policy
Updates to the official alpine docker image are automatically created as a pull request and trigger linting & a docker build.
When those checks complete without errors, a merge into master will trigger a deploy with the same version to packages.