From 438bedc99cec3935acbacfc309a06569343deca8 Mon Sep 17 00:00:00 2001
From: Knut Ahlers <knut@ahlers.me>
Date: Sat, 26 Feb 2022 14:59:02 +0100
Subject: [PATCH] [ci] Add hardening to go binary build

Signed-off-by: Knut Ahlers <knut@ahlers.me>
---
 Dockerfile | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 631c940..543e582 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,8 +17,11 @@ RUN set -ex \
       npm \
  && make frontend \
  && go install \
-      -ldflags "-X main.version=$(git describe --tags --always || echo dev)" \
-      -mod=readonly
+      -trimpath \
+      -buildmode=pie \
+      -mod=readonly \
+      -modcacherw \
+      -ldflags "-X main.version=$(git describe --tags --always || echo dev)"
 
 
 FROM alpine:latest