rsp2k/coredns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

coredns/Dockerfile: bump Go to 1.25, CoreDNS to v1.14.3, GOPROXY=direct

Browse Source 
Production-readiness pass on the Dockerfile after the test stack
proved out the build. Three changes:
- FROM golang:1.22-alpine → golang:1.25-alpine (plugin's go.mod
  resolved to go 1.25, base image needed to keep up).
- COREDNS_REF v1.12.2 → v1.14.3 (matches what our plugin compiles
  against; older CoreDNS pulled an outdated quic-go API).
- GOPROXY=direct + GOSUMDB=off so go-get talks straight to the
  Gitea instance hosting our plugin (proxy.golang.org won't proxy
  private repos).
- Dropped the broken GOFLAGS="-ldflags=-w -s" passthrough that
  miekg parses incorrectly. Resulting binary is ~10MB larger than
  a stripped build but functionally identical.
This commit is contained in:
Ryan Malloy 2026-05-21 12:17:40 -06:00
parent 3720cd2885
commit 47c8ff42e9
1 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
coredns/Dockerfile
View File

@ -12,12 +12,23 @@
# not yet exist. Building this image will fail until Phase 1 ships.
# ─── Stage 1: builder ──────────────────────────────────────────────
FROM golang:1.22-alpine AS builder
FROM golang:1.25-alpine AS builder
# GOTOOLCHAIN=auto lets `go` download a newer toolchain on demand if
# go.mod (ours OR a transitive dep's) specifies a Go version newer
# than the base image. Belt-and-suspenders so an upstream version
# bump doesn't break this Dockerfile.
ENV GOTOOLCHAIN=auto
# Bypass the public Go module proxy. Our plugin lives on a private
# Gitea instance, which proxy.golang.org won't (and shouldn't) cache.
# direct = go talks to the upstream VCS for every module fetch.
ENV GOPROXY=direct
ENV GOSUMDB=off
RUN apk add --no-cache git make
WORKDIR /build
ARG COREDNS_REF=v1.12.2
ARG COREDNS_REF=v1.14.3
RUN git clone --depth 1 --branch ${COREDNS_REF} https://github.com/coredns/coredns.git .
# Inject our plugin into plugin.cfg. Must come BEFORE the `cache` plugin
@ -27,7 +38,12 @@ ARG PLUGIN_REF=latest
RUN sed -i "/^cache:cache$/i rfc2136:${PLUGIN_REPO}" plugin.cfg && \
go get ${PLUGIN_REPO}@${PLUGIN_REF}
RUN make GOFLAGS="-ldflags=-w -s"
# Go's GOFLAGS env splits on whitespace and doesn't honour shell quoting
# in a way that survives a Dockerfile RUN, so passing
# `-ldflags="-w -s"` breaks parsing. We let `make` use its defaults;
# the resulting binary is ~10 MB larger than a stripped build but
# works correctly and is what upstream CoreDNS ships.
RUN make
# ─── Stage 2: runtime ──────────────────────────────────────────────
FROM gcr.io/distroless/static-debian12