From a2637447c6052bcb65daf994080a303d752b1fa7 Mon Sep 17 00:00:00 2001
From: "nicola baldi (@naighes)" <nic.baldi@gmail.com>
Date: Wed, 29 Apr 2020 10:37:10 +0200
Subject: [PATCH 1/2] adding health-check.

---
 selenium_grid_exporter.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/selenium_grid_exporter.go b/selenium_grid_exporter.go
index aa40f4e..13c4d15 100644
--- a/selenium_grid_exporter.go
+++ b/selenium_grid_exporter.go
@@ -155,6 +155,7 @@ func main() {
 	prometheus.Unregister(prometheus.NewProcessCollector(prometheus.ProcessCollectorOpts{}))
 
 	http.Handle(*metricsPath, promhttp.Handler())
+	http.HandleFunc("/health", func(w http.ResponseWriter, r *http.Request) {})
 	http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
 		http.Redirect(w, r, *metricsPath, http.StatusMovedPermanently)
 	})

From a210459130ede5c696c50657e541416475aa231a Mon Sep 17 00:00:00 2001
From: "nicola baldi (@naighes)" <nic.baldi@gmail.com>
Date: Wed, 29 Apr 2020 15:21:10 +0200
Subject: [PATCH 2/2] docker image running as non-root user.

---
 Dockerfile | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 4a1c9e2..3336c02 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,32 @@
-FROM golang:1.9.0 AS builder
-WORKDIR /go/src/github.com/wakeful/selenium_grid_exporter
+FROM golang:1.14.2-alpine3.11 AS builder
+RUN apk update && apk add --no-cache git ca-certificates tzdata && update-ca-certificates
+
+ENV USER=appuser
+ENV UID=10001
+
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
+
+WORKDIR $GOPATH/src/github.com/wakeful/selenium_grid_exporter
 COPY . .
-RUN go get -d
-RUN CGO_ENABLED=0 GOOS=linux go build -a -tags netgo -ldflags '-w'
 
-FROM busybox:1.27
-LABEL maintainer "AJ <aj@48k.io>"
-COPY --from=builder /go/src/github.com/wakeful/selenium_grid_exporter/selenium_grid_exporter .
+RUN go mod download && \
+  go mod verify && \
+  CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -tags netgo -ldflags="-w -s" -o /go/bin/selenium_grid_exporter
 
+FROM scratch
+COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+COPY --from=builder /go/bin/selenium_grid_exporter /go/bin/selenium_grid_exporter
+USER appuser:appuser
 EXPOSE 8080
-ENTRYPOINT ["/selenium_grid_exporter"]
+ENTRYPOINT ["/go/bin/selenium_grid_exporter"]
+