Chewing_Bever/fej
Archived
1
0
Fork 0
Code Issues 28 Pull requests 10 Projects 3 Releases 4 Wiki Activity

[#31] Debug build is now rootless

Browse source
This commit is contained in:
Jef Roosens 2021-04-17 13:46:38 +02:00
parent 758a332138
commit 0b2b986205
Signed by: Jef Roosens
GPG key ID: B580B976584B5F30
4 changed files with 49 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

34
docker/Dockerfile.builder
View file

@ -1,17 +1,35 @@
# vim: filetype=dockerfile
# Our entire toolchain runs in alpine
FROM alpine:latest AS builder
ENV PATH "$PATH:/root/.cargo/bin"
ENV PATH "$PATH:/app/.cargo/bin"
# Needed for proper compiling of openssl-dev
ENV RUSTFLAGS "-C target-feature=-crt-static"
WORKDIR /usr/src/app
# Add the build user
# Install dependencies
RUN addgroup -S builder && \
adduser -S builder -G builder -h /app && \
apk update && \
apk add --no-cache \
curl \
gcc \
libgcc \
musl-dev \
openssl-dev \
postgresql-dev
# Install build dependencies, rustup & rust's nightly build & toolchain
RUN apk update && apk add --no-cache openssl-dev curl postgresql-dev libgcc musl-dev gcc && \
{ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly; } && \
rustup target add x86_64-unknown-linux-musl --toolchain nightly
# Switch to the non-root user
USER builder
WORKDIR /app
# Install rustup in the new user's home
# Create mountpoints for volumes with correct permissions
RUN { curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly; } && \
rustup target add x86_64-unknown-linux-musl --toolchain nightly && \
mkdir -p .cargo/registry target
# Copy source code over to builder
COPY Cargo.toml Cargo.lock ./
COPY src/ ./src/
COPY --chown=builder:builder Cargo.toml Cargo.lock ./
COPY --chown=builder:builder src/ ./src/

3
docker/Dockerfile.dev
View file

@ -1,8 +1,9 @@
# vim: filetype=dockerfile
FROM chewingbever/fej-builder:latest
ENV RUST_BACKTRACE 1
COPY ./docker/entrypoint_dev.sh /entrypoint.sh
COPY --chown=builder:builder ./docker/entrypoint_dev.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
CMD ["run", "--bin", "server"]

1
docker/Dockerfile.rel
View file

@ -1,3 +1,4 @@
# vim: filetype=dockerfile
FROM chewingbever/fej-builder:latest AS builder
# And then finally, build the project