soroushdes/flatrender
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci(build): pull Docker Hub base images via Nexus mirror + kargadan GOPROXY
CI/CD / CI · Web (tsc) (push) Successful in 1m8s
Details
CI/CD / Deploy · full stack (push) Failing after 7s
Details

Browse Source 
Docker Hub blocks Iran (403) on the BUILD base images too (golang/alpine/busybox/
node) once they fall out of cache. Prefix every Docker Hub FROM/COPY --from with
mirror.soroushasadi.com/ (MCR dotnet images are reachable, left as-is). Go builders
also set GOPROXY=mirror.kargadan.ir/repository/go-group/ + GOSUMDB=off so any module/
toolchain fetch avoids the geo-blocked proxy.golang.org.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-12 16:24:38 +03:30
parent 18cdf507f0
commit ee2a6b9b60
8 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+3 -3
View File
@@ -1,5 +1,5 @@
# ── Stage 1: install dependencies ────────────────────────────────────────────
FROM node:20-alpine AS deps
FROM mirror.soroushasadi.com/node:20-alpine AS deps
RUN apk add --no-cache libc6-compat
WORKDIR /app
@@ -18,7 +18,7 @@ RUN for i in 1 2 3 4 5; do \
echo "npm ci failed after 5 attempts" && exit 1
# ── Stage 2: build ───────────────────────────────────────────────────────────
FROM node:20-alpine AS builder
FROM mirror.soroushasadi.com/node:20-alpine AS builder
WORKDIR /app
COPY --from=deps /app/node_modules ./node_modules
@@ -51,7 +51,7 @@ ENV NODE_ENV=production
RUN npm run build
# ── Stage 3: production runner ────────────────────────────────────────────────
FROM node:20-alpine AS runner
FROM mirror.soroushasadi.com/node:20-alpine AS runner
WORKDIR /app
ENV NODE_ENV=production
services/content/Dockerfile
+1 -1
View File
@@ -4,7 +4,7 @@ EXPOSE 8080
# The .NET base image ships neither wget nor curl, which the container healthcheck needs.
# Copy a single static busybox binary named `wget` (busybox dispatches on argv[0]).
# This stays fully offline — no apt/network — matching the vendored Go builds.
COPY --from=busybox:1.36 /bin/busybox /usr/bin/wget
COPY --from=mirror.soroushasadi.com/busybox:1.36 /bin/busybox /usr/bin/wget
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
WORKDIR /src
services/file/Dockerfile
+3 -2
View File
@@ -1,10 +1,11 @@
FROM golang:1.25-alpine AS build
FROM mirror.soroushasadi.com/golang:1.25-alpine AS build
ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
WORKDIR /src
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -o /file-svc ./cmd/server
FROM alpine:3.20
FROM mirror.soroushasadi.com/alpine:3.20
RUN apk add --no-cache ca-certificates tzdata
COPY --from=build /file-svc /file-svc
EXPOSE 8080
services/gateway/Dockerfile
+4 -2
View File
@@ -1,10 +1,12 @@
FROM golang:1.25-alpine AS builder
FROM mirror.soroushasadi.com/golang:1.25-alpine AS builder
# Go module/toolchain fetches via the kargadan Nexus (proxy.golang.org geo-blocked).
ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
WORKDIR /app
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags="-s -w" -o gateway ./cmd/server
FROM alpine:3.20
FROM mirror.soroushasadi.com/alpine:3.20
RUN apk add --no-cache ca-certificates tzdata
WORKDIR /app
COPY --from=builder /app/gateway .
services/identity/Dockerfile
+1 -1
View File
@@ -4,7 +4,7 @@ EXPOSE 8080
# The .NET base image ships neither wget nor curl, which the container healthcheck needs.
# Copy a single static busybox binary named `wget` (busybox dispatches on argv[0]).
# This stays fully offline — no apt/network — matching the vendored Go builds.
COPY --from=busybox:1.36 /bin/busybox /usr/bin/wget
COPY --from=mirror.soroushasadi.com/busybox:1.36 /bin/busybox /usr/bin/wget
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
WORKDIR /src
services/notification/Dockerfile
+3 -2
View File
@@ -1,10 +1,11 @@
FROM golang:1.25-alpine AS builder
FROM mirror.soroushasadi.com/golang:1.25-alpine AS builder
ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
WORKDIR /app
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags="-s -w" -o notification-svc ./cmd/server
FROM alpine:3.20
FROM mirror.soroushasadi.com/alpine:3.20
RUN apk add --no-cache ca-certificates tzdata
WORKDIR /app
COPY --from=builder /app/notification-svc .
services/render/Dockerfile
+3 -2
View File
@@ -1,10 +1,11 @@
FROM golang:1.25-alpine AS builder
FROM mirror.soroushasadi.com/golang:1.25-alpine AS builder
ENV GOPROXY=https://mirror.kargadan.ir/repository/go-group/ GOSUMDB=off
WORKDIR /app
# Dependencies are vendored — build fully offline (proxy.golang.org is geo-blocked from some regions)
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -ldflags="-s -w" -o render-svc ./cmd/server
FROM alpine:3.20
FROM mirror.soroushasadi.com/alpine:3.20
RUN apk add --no-cache ca-certificates tzdata
WORKDIR /app
COPY --from=builder /app/render-svc .
services/studio/Dockerfile
+1 -1
View File
@@ -4,7 +4,7 @@ EXPOSE 8080
# The .NET base image ships neither wget nor curl, which the container healthcheck needs.
# Copy a single static busybox binary named `wget` (busybox dispatches on argv[0]).
# This stays fully offline — no apt/network — matching the vendored Go builds.
COPY --from=busybox:1.36 /bin/busybox /usr/bin/wget
COPY --from=mirror.soroushasadi.com/busybox:1.36 /bin/busybox /usr/bin/wget
FROM mcr.microsoft.com/dotnet/sdk:10.0 AS build
WORKDIR /src