FROM node:lts-bookworm@sha256:f6b9c31ace05502dd98ef777aaa20464362435dcc5e312b0e213121dcf7d8b95 AS ui WORKDIR /build COPY .git ./.git COPY Makefile ./Makefile # download yarn dependencies COPY ui/yarn.lock ./ui/yarn.lock COPY ui/package.json ./ui/package.json RUN make yarn # build ui COPY ./ui/ ./ui/ RUN make build-ui FROM golang:1.24-bookworm@sha256:d7d795d0a9f51b00d9c9bfd17388c2c626004a50c6ed7c581e095122507fe1ab AS build WORKDIR /go/src/github.com/pomerium/pomerium RUN apt-get update \ && apt-get -y --no-install-recommends install zip # cache dependency downloads COPY go.mod go.sum ./ RUN go mod download COPY . . COPY --from=ui /build/ui/dist ./ui/dist # build RUN make build-go NAME=pomerium RUN touch /config.yaml FROM gcr.io/distroless/base-debian12:debug@sha256:3a59a8d10471fc8487fd2ca93746b0195ed4c3236c14fe8412cf7b2ec4b8c1f3 ENV AUTOCERT_DIR=/data/autocert WORKDIR /pomerium COPY --from=build /go/src/github.com/pomerium/pomerium/bin/* /bin/ COPY --from=build /config.yaml /pomerium/config.yaml ENTRYPOINT [ "/bin/pomerium" ] CMD ["-config","/pomerium/config.yaml"]