[#31] Release is now rootless (rip caching)
parent
0b2b986205
commit
adbe6d1fb7
|
@ -9,3 +9,6 @@
|
|||
|
||||
# Entrypoint for devop container
|
||||
!docker/entrypoint_dev.sh
|
||||
|
||||
# Config file
|
||||
!Rocket.toml
|
||||
|
|
|
@ -6,22 +6,42 @@ FROM chewingbever/fej-builder:latest AS builder
|
|||
# https://users.rust-lang.org/t/sigsegv-with-program-linked-against-openssl-in-an-alpine-container/52172
|
||||
# TODO add what these flags do & why they work
|
||||
# NOTE: cargo install auto-appends bin to the path
|
||||
RUN --mount=type=cache,target=/usr/src/app/target \
|
||||
--mount=type=cache,target=/root/.cargo/registry \
|
||||
cargo install \
|
||||
--path . \
|
||||
--root /usr/local \
|
||||
--target x86_64-unknown-linux-musl
|
||||
|
||||
# RUN --mount=type=cache,mode=0777,target=/app/target \
|
||||
# --mount=type=cache,mode=0777,target=/app/.cargo/registry \
|
||||
|
||||
# Buildkit cache mounts really don't like it when you're not root,
|
||||
# so I guess we're building release without a cache for now
|
||||
RUN cargo install \
|
||||
--path . \
|
||||
--root /app/output \
|
||||
--target x86_64-unknown-linux-musl
|
||||
|
||||
|
||||
# Now, we create the actual image
|
||||
FROM alpine:latest
|
||||
|
||||
# Install some dynamic libraries needed for everything to work
|
||||
RUN apk update && apk add --no-cache openssl libgcc curl
|
||||
# Create -non-root user
|
||||
RUN apk update && \
|
||||
apk add --no-cache \
|
||||
curl \
|
||||
libgcc \
|
||||
libpq \
|
||||
openssl && \
|
||||
addgroup -S fej && \
|
||||
adduser -S fej -G fej -h /app
|
||||
|
||||
# Switch to non-root user
|
||||
USER fej:fej
|
||||
|
||||
# Copy binary over to final image
|
||||
COPY --from=builder /usr/local/bin/server /usr/local/bin/server
|
||||
COPY --from=builder --chown=fej:fej /app/output/bin /app/bin
|
||||
|
||||
# Embed config file inside container
|
||||
# The workdir is changed so that the config file is read properly
|
||||
WORKDIR /app
|
||||
COPY --chown=fej:fej Rocket.toml /app/Rocket.toml
|
||||
|
||||
HEALTHCHECK \
|
||||
--interval=10s \
|
||||
|
@ -30,4 +50,4 @@ HEALTHCHECK \
|
|||
--retries=3 \
|
||||
CMD curl -q localhost:8000
|
||||
|
||||
CMD ["/usr/local/bin/server"]
|
||||
CMD ["/app/bin/server"]
|
||||
|
|
Loading…
Reference in New Issue