# Build stage: compile mkcert from source
FROM golang:1.18-buster AS builder
WORKDIR /src
# Cache module downloads
COPY go.mod go.sum ./
RUN go mod download
# Copy the rest of the source code
COPY . .
# Build the binary (static-ish Go binary)
RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-s -w" -o mkcert
# Final runtime image
FROM debian:bookworm-slim
# Install CA certificates and essential runtime packages
RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates tzdata \
&& rm -rf /var/lib/apt/lists/*
ENV PATH="/usr/local/bin:${PATH}"
# Copy the compiled binary from builder
COPY --from=builder /src/mkcert /usr/local/bin/mkcert
# Run as the default command. Users can pass arguments to docker run to customize behavior.
ENTRYPOINT ["mkcert"]
CMD ["-help"]
# Exclude VCS and dependencies .git .dockerignore node_modules vendor # Ignore build/test artifacts *.log *.tmp *.out *.exe *.test *.prof # Ignore documentation and miscellaneous files *.md README.md CHANGELOG.md # Ignore go build/cache (you may keep if you prefer caching builds) */package-lock.json # Ignore local env files *.env # Ignore temporary files *~
Concerns: Potential cross-arch build issues: GOARCH=amd64 targets only x86_64; ensure builds on non-amd64 environments use buildx with proper platform settings. Smoke [PASS]: command -v mkcert Smoke [PASS]: mkcert -help Smoke [PASS]: mkcert -CAROOT