- separate out
go mod downloadto utilise build cache.
- explicit in source repo for
golangbuilder image (other container runtimes may not default to
- switch to UID 1000 to help reduce privileges of the running binary in the container to reduce potential container escape attack surface.
-w -sin the
go buildstep to strip out debugging symbols to reduce binary size.
- default to main as VERSION.
- shallow git clone with
--depth=1since we don't need a full git history to perform a build.
- golang 1.17 rather than 1.15, some improvements in runtime performance and binary size.