[#31] Debug build is now rootless

docker/Dockerfile.builder

@@ -1,17 +1,35 @@
+# vim: filetype=dockerfile
 # Our entire toolchain runs in alpine
 FROM alpine:latest AS builder
 
-ENV PATH "$PATH:/root/.cargo/bin"
+ENV PATH "$PATH:/app/.cargo/bin"
 # Needed for proper compiling of openssl-dev
 ENV RUSTFLAGS "-C target-feature=-crt-static"
 
-WORKDIR /usr/src/app
+# Add the build user
+# Install dependencies
+RUN addgroup -S builder && \
+    adduser -S builder -G builder -h /app && \
+    apk update && \
+    apk add --no-cache \
+        curl \
+        gcc \
+        libgcc \
+        musl-dev \
+        openssl-dev \
+        postgresql-dev
 
-# Install build dependencies, rustup & rust's nightly build & toolchain
-RUN apk update && apk add --no-cache openssl-dev curl postgresql-dev libgcc musl-dev gcc && \
-    { curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly; } && \
-    rustup target add x86_64-unknown-linux-musl --toolchain nightly
+# Switch to the non-root user
+USER builder
+
+WORKDIR /app
+
+# Install rustup in the new user's home
+# Create mountpoints for volumes with correct permissions
+RUN { curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly; } && \
+    rustup target add x86_64-unknown-linux-musl --toolchain nightly && \
+    mkdir -p .cargo/registry target
 
 # Copy source code over to builder
-COPY Cargo.toml Cargo.lock ./
-COPY src/ ./src/
+COPY --chown=builder:builder Cargo.toml Cargo.lock ./
+COPY --chown=builder:builder src/ ./src/

docker/Dockerfile.dev

@@ -1,8 +1,9 @@
+# vim: filetype=dockerfile
 FROM chewingbever/fej-builder:latest
 
 ENV RUST_BACKTRACE 1
 
-COPY ./docker/entrypoint_dev.sh /entrypoint.sh
+COPY --chown=builder:builder ./docker/entrypoint_dev.sh /entrypoint.sh
 
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["run", "--bin", "server"]

docker/Dockerfile.rel

@@ -1,3 +1,4 @@
+# vim: filetype=dockerfile
 FROM chewingbever/fej-builder:latest AS builder
 
 # And then finally, build the project

fejctl

@@ -9,18 +9,27 @@ function create_images() {
     # First, we build the builder
     DOCKER_BUILDKIT=1 docker build \
         -f docker/Dockerfile.builder \
-        -t "$image-builder:latest" .
+        -t "$image-builder:latest" . || {
+            >&2 echo "Failed to build builder.";
+            exit 1;
+        }
 
     if [[ "$1" = "rel" ]]; then
         DOCKER_BUILDKIT=1 docker build \
             -t "$image:latest" \
-            -f docker/Dockerfile.rel .
+            -f docker/Dockerfile.rel . || {
+                >&2 echo "Failed to build release image.";
+                exit 1;
+            }
 
     else
         # Then, we create the debug image
         DOCKER_BUILDKIT=1 docker build \
             -t "$image:dev" \
-            -f docker/Dockerfile.dev .
+            -f docker/Dockerfile.dev . || {
+                >&2 echo "Failed to build debug image.";
+                exit 1;
+            }
     fi
 }
 
@@ -28,9 +37,9 @@ function create_images() {
 #
 # $@: the arguments to pass to the image (passed as arguments to cargo)
 function run_image() {
-    docker volume create fej_build-cache
-    docker volume create fej_registry-cache
-    docker volume create fej_db-data
+    docker volume create fej_build-cache > /dev/null
+    docker volume create fej_registry-cache > /dev/null
+    docker volume create fej_db-data > /dev/null
 
     # Run the database image
     docker run --rm \
@@ -54,9 +63,9 @@ function run_image() {
         --name fej \
         --env-file .env.container \
         --network fej \
-        -v 'fej_build-cache:/usr/src/app/target' \
-        -v 'fej_registry-cache:/root/.cargo/registry' \
-        -v "$PWD/Rocket.toml:/usr/src/app/Rocket.toml:ro" \
+        -v 'fej_build-cache:/app/target' \
+        -v 'fej_registry-cache:/app/.cargo/registry' \
+        -v "$PWD/Rocket.toml:/app/Rocket.toml:ro" \
         "$image:dev" "$@"
 }
 
@@ -109,6 +118,8 @@ function publish() {
         exit 2
     fi
 
+    create_images rel
+
     patch_version=`grep -Po '(?<=version = ").*(?=")' Cargo.toml | head -n1`
     major_version=`echo "$patch_version" | sed -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)/\1/'`
     minor_version=`echo "$patch_version" | sed -E 's/([0-9]+).([0-9]+).([0-9]+)/\1.\2/'`