feat: multi-stage build for container image

Adapt the Makefile and Dockerfile for a multi-stage build of the
container image. It is now not anymore required to have go locally
installed to build the container image.

Inside the multi-stage build, the newly create make install command will
be executed. The compbiled files will than be copied to a new base image
with less dependencies.

Further improvement would be to use instead of debian:10 scratch,
because the application does not have any C dependencies
(CGO_ENABLED=0).

Additionally it is not possible to build the container image with
alternative container runtimes like podman instead of docker.

make build/container-image CONTAINER_RUNTIME=podman

The used base image names are now defined as fully qualified image names
(with registry host), to support local container registry mirror
configurations.

Dockerfile

@@ -1,10 +1,19 @@
-FROM debian:buster-slim
+FROM docker.io/library/golang:1.20.5-buster AS build
 
-# Create main app folder to run from
+WORKDIR /workspace
-WORKDIR /app
+ADD . /workspace
 
-# Copy compiled binary to release image
+RUN apt update --yes && \
-# (must build the binary before running docker build)
+    apt install --yes build-essential && \
-COPY fail2ban_exporter /app/fail2ban_exporter
+    make install \
+      PREFIX=/usr \
+      DESTDIR=/app \
+      EXECUTABLE=fail2ban_exporter
 
-ENTRYPOINT ["/app/fail2ban_exporter"]
+FROM docker.io/library/debian:10-slim
+
+COPY --from=build /app /
+
+EXPOSE 9191
+
+ENTRYPOINT [ "/usr/bin/fail2ban_exporter" ]

Makefile

@@ -2,6 +2,8 @@ DESTDIR?=
 PREFIX?=/usr/local
 EXECUTABLE?=fail2ban_exporter
 
+CONTAINER_RUNTIME?=$(shell which docker)
+
 # List make commands
 .PHONY: ls
 ls:
@@ -54,21 +56,25 @@ build:
 	-o ${EXECUTABLE} \
 	exporter.go
 
-# Build project docker container
+# build container-image
-.PHONY: build/docker
+.PHONY: build/container-image
-build/docker: build
+build/container-image:
-	docker build -t ${EXECUTABLE} .
+	${CONTAINER_RUNTIME} build \
+		--tag ${EXECUTABLE} \
+		.
 
 .PHONY: install
 install: build
-	install -D --mode 0644 systemd/systemd.service ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
+	mkdir --parents ${DESTDIR}/usr/lib/systemd/system
+	sed -e "s/EXECUTABLE/${EXECUTABLE}/gm" systemd/systemd.service > ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
+	chmod 0644 ${DESTDIR}/usr/lib/systemd/system/${EXECUTABLE}.service
 
-	install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/bin/${EXECUTABLE} ${EXECUTABLE}
+	install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/bin ${EXECUTABLE}
 
 # NOTE: Set restrict file permissions by default to protect optional basic auth credentials
-	install -D --mode 0600 --target-directory ${DESTDIR}/etc/conf.d ${EXECUTABLE}
+	install -D --mode 0600 env ${DESTDIR}/etc/conf.d/${EXECUTABLE}
 
-	install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/share/licenses/LICENSE LICENSE
+	install -D --mode 0755 --target-directory ${DESTDIR}${PREFIX}/share/licenses/${EXECUTABLE} LICENSE
 
 .PHONY: uninstall
 uninstall:

systemd/systemd.service

@@ -4,8 +4,8 @@ Requires=network-online.target
 After=network-online.target
 
 [Service]
-EnvironmentFile=/etc/conf.d/prometheus-fail2ban-exporter
+EnvironmentFile=/etc/conf.d/EXECUTABLE
-ExecStart=/usr/bin/prometheus-fail2ban-exporter
+ExecStart=/usr/bin/EXECUTABLE
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=on-failure
 RestartSec=5s