build: trim the size of the Docker container

Prior to this change, the size of the image was about 300MB:
```
; docker images|grep fcuny/golang|grep days
fcuny/golang.fcuny.net             d07add42f21a69e2c057eae8492bbd599dc50082   9fd284c5d8ee   2 days ago       313MB
fcuny/golang.fcuny.net             ca3dd083f8d6642821781ce03829713524322bbe   8104afadfd1f   2 days ago       313MB
```

With this change, we're reducing the image to less than 10MB:
```
fcuny/golang.fcuny.net             19b3dccc1ff31534df3636d4d7d6a28c0ae1e189   c9ae35574f8e   24 seconds ago       9.09MB
```

Since there's storage and bandwidth involved in this process, there's no
point in not going for a smaller image.

1 files changed, 20 insertions, 3 deletions

diff --git a/tools/govanity/Dockerfile b/tools/govanity/Dockerfile
index caca19a..db471c8 100644
--- a/tools/govanity/Dockerfile
+++ b/tools/govanity/Dockerfile
@@ -1,13 +1,30 @@
-FROM golang:1.16-alpine
+FROM golang:1.16 AS builder
 
 WORKDIR /src
 
+ENV USER=app
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/src" \
+    --shell "/sbin/nologin" \
+    --uid "10001" \
+    "${USER}"
+
 ADD go.mod /src
 ADD go.sum /src
 RUN go mod download
 
 ADD . /src
 
-RUN go build -o app .
+RUN CGO_ENABLED=0 GOOS=linux go build -trimpath -a -installsuffix cgo -ldflags '-extldflags "-static"' -o app .
+
+FROM scratch
+COPY --from=builder /src/app /govanity
+COPY --from=builder /src/vanity.yaml /vanity.yaml
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
+
+USER app:app
 
-ENTRYPOINT ["/src/app"]
+ENTRYPOINT ["/govanity"]