Update Dockerfile.step-ca to match best practices

- See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/
- Added a .dockerignore file to reduce the build context size
- Added a HEALTHCHECK (curl the CA)

.dockerignore

@@ -0,0 +1,7 @@
+README.md
+.gitignore
+bin
+coverage.txt
+*.test
+*.out
+.travis-releases

docker/Dockerfile.step-ca

@@ -1,24 +1,27 @@
 FROM golang:alpine AS builder
 
-RUN mkdir /src
-ADD . /src
+WORKDIR /src
+COPY . .
 
-RUN apk add --no-cache make git curl && \
-    cd /src && \
-    make V=1 bin/step-ca 
+RUN apk add --no-cache \
+   curl \
+   git \
+   make && \
+   make V=1 bin/step-ca
 
 FROM smallstep/step-cli:latest
 
 COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca
 
-ENV CONFIGPATH="/home/step/config/ca.json"
-ENV PWDPATH="/home/step/secrets/password"
-
 USER root
 RUN apk add --no-cache libcap && setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/step-ca
 USER step
 
+ENV CONFIGPATH="/home/step/config/ca.json"
+ENV PWDPATH="/home/step/secrets/password"
+
 VOLUME ["/home/step"]
 STOPSIGNAL SIGTERM
+HEALTHCHECK CMD curl --cacert /home/step/certs/root_ca.crt -sSf https://localhost/health >/dev/null || exit 1
 
 CMD exec /bin/sh -c "/usr/local/bin/step-ca --password-file $PWDPATH $CONFIGPATH"