Best Practices for Go Docker Images in Production

Use a multi-stage Dockerfile with a non-root user to minimize image size and attack surface.

# Stage 1: Build
FROM golang:1.22-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-w -s" -o main .

# Stage 2: Runtime
FROM alpine:3.19
RUN apk add --no-cache ca-certificates
RUN adduser -D -g '' appuser
WORKDIR /app
COPY --from=builder /app/main .
USER appuser
CMD ["./main"]

Best Practices for Go Docker Images in Production involve building your Go application in a large container with all necessary tools, then copying only the final executable into a tiny, secure container. It's like baking a cake in a full kitchen but serving it on a small, clean plate to save space and reduce the risk of contamination.