2021-04-17 13:46:38 +02:00
|
|
|
# vim: filetype=dockerfile
|
2021-04-12 17:39:52 +02:00
|
|
|
FROM chewingbever/fej-builder:latest AS builder
|
|
|
|
|
2021-04-24 09:33:42 +02:00
|
|
|
COPY --chown=builder:builder Cargo.toml Cargo.lock ./
|
|
|
|
COPY --chown=builder:builder src/ ./src/
|
|
|
|
COPY --chown=builder:builder migrations/ ./migrations/
|
|
|
|
|
2021-04-12 17:39:52 +02:00
|
|
|
# And then finally, build the project
|
|
|
|
# Thank the lords that this article exists
|
|
|
|
# https://users.rust-lang.org/t/sigsegv-with-program-linked-against-openssl-in-an-alpine-container/52172
|
|
|
|
# TODO add what these flags do & why they work
|
|
|
|
# NOTE: cargo install auto-appends bin to the path
|
2021-04-17 14:09:31 +02:00
|
|
|
|
|
|
|
# RUN --mount=type=cache,mode=0777,target=/app/target \
|
|
|
|
# --mount=type=cache,mode=0777,target=/app/.cargo/registry \
|
|
|
|
|
|
|
|
# Buildkit cache mounts really don't like it when you're not root,
|
|
|
|
# so I guess we're building release without a cache for now
|
|
|
|
RUN cargo install \
|
|
|
|
--path . \
|
|
|
|
--root /app/output \
|
|
|
|
--target x86_64-unknown-linux-musl
|
2021-04-12 17:39:52 +02:00
|
|
|
|
|
|
|
|
|
|
|
# Now, we create the actual image
|
2021-04-24 10:03:09 +02:00
|
|
|
FROM alpine:3.13.5
|
2021-04-17 20:52:29 +02:00
|
|
|
COPY ./docker/crontab /var/spool/cron/crontabs/fej
|
2021-04-12 17:39:52 +02:00
|
|
|
|
|
|
|
# Install some dynamic libraries needed for everything to work
|
2021-04-17 14:09:31 +02:00
|
|
|
# Create -non-root user
|
2021-04-17 20:52:29 +02:00
|
|
|
# Change permissions for crontab file
|
2021-04-17 14:09:31 +02:00
|
|
|
RUN apk update && \
|
|
|
|
apk add --no-cache \
|
|
|
|
curl \
|
|
|
|
libgcc \
|
|
|
|
libpq \
|
|
|
|
openssl && \
|
|
|
|
addgroup -S fej && \
|
|
|
|
adduser -S fej -G fej -h /app
|
|
|
|
|
|
|
|
# Switch to non-root user
|
|
|
|
USER fej:fej
|
2021-04-12 17:39:52 +02:00
|
|
|
|
|
|
|
# Copy binary over to final image
|
2021-04-17 14:09:31 +02:00
|
|
|
COPY --from=builder --chown=fej:fej /app/output/bin /app/bin
|
|
|
|
|
|
|
|
# Embed config file inside container
|
|
|
|
# The workdir is changed so that the config file is read properly
|
|
|
|
WORKDIR /app
|
|
|
|
COPY --chown=fej:fej Rocket.toml /app/Rocket.toml
|
2021-04-12 17:39:52 +02:00
|
|
|
|
2021-04-12 22:55:52 +02:00
|
|
|
HEALTHCHECK \
|
|
|
|
--interval=10s \
|
|
|
|
--timeout=5s \
|
|
|
|
--start-period=1s \
|
|
|
|
--retries=3 \
|
|
|
|
CMD curl -q localhost:8000
|
|
|
|
|
2021-04-17 20:52:29 +02:00
|
|
|
ENTRYPOINT ["/app/bin/server"]
|