Chewing_Bever
/
fej
1
0
Fork 0
Code Issues 28 Pull Requests 10 Projects 3 Releases 4 Wiki Activity

Merge branch '31-improve-docker' into develop

master^2
Jef Roosens 2021-04-17 14:24:02 +02:00
parent 758a332138 0bd09db295
commit d43a34a5d6
Signed by: Jef Roosens
GPG Key ID: B580B976584B5F30
5 changed files with 81 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore
View File

@ -9,3 +9,6 @@
# Entrypoint for devop container # Entrypoint for devop container
!docker/entrypoint_dev.sh !docker/entrypoint_dev.sh
# Config file
!Rocket.toml

34
docker/Dockerfile.builder
View File

@ -1,17 +1,35 @@
# vim: filetype=dockerfile
# Our entire toolchain runs in alpine # Our entire toolchain runs in alpine
FROM alpine:latest AS builder FROM alpine:latest AS builder
ENV PATH "$PATH:/root/.cargo/bin" ENV PATH "$PATH:/app/.cargo/bin"
# Needed for proper compiling of openssl-dev # Needed for proper compiling of openssl-dev
ENV RUSTFLAGS "-C target-feature=-crt-static" ENV RUSTFLAGS "-C target-feature=-crt-static"
WORKDIR /usr/src/app # Add the build user
# Install dependencies
RUN addgroup -S builder && \
adduser -S builder -G builder -h /app && \
apk update && \
apk add --no-cache \
curl \
gcc \
libgcc \
musl-dev \
openssl-dev \
postgresql-dev
# Install build dependencies, rustup & rust's nightly build & toolchain # Switch to the non-root user
RUN apk update && apk add --no-cache openssl-dev curl postgresql-dev libgcc musl-dev gcc && \ USER builder
{ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly; } && \
rustup target add x86_64-unknown-linux-musl --toolchain nightly WORKDIR /app
# Install rustup in the new user's home
# Create mountpoints for volumes with correct permissions
RUN { curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain nightly; } && \
rustup target add x86_64-unknown-linux-musl --toolchain nightly && \
mkdir -p .cargo/registry target
# Copy source code over to builder # Copy source code over to builder
COPY Cargo.toml Cargo.lock ./ COPY --chown=builder:builder Cargo.toml Cargo.lock ./
COPY src/ ./src/ COPY --chown=builder:builder src/ ./src/

4
docker/Dockerfile.dev
View File

@ -1,8 +1,10 @@
# vim: filetype=dockerfile
FROM chewingbever/fej-builder:latest FROM chewingbever/fej-builder:latest
ENV RUST_BACKTRACE 1 ENV RUST_BACKTRACE 1
COPY ./docker/entrypoint_dev.sh /entrypoint.sh COPY --chown=builder:builder ./docker/entrypoint_dev.sh /entrypoint.sh
COPY --chown=builder:builder ./Rocket.toml /app/Rocket.toml
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT ["/entrypoint.sh"]
CMD ["run", "--bin", "server"] CMD ["run", "--bin", "server"]

39
docker/Dockerfile.rel
View File

@ -1,3 +1,4 @@
# vim: filetype=dockerfile
FROM chewingbever/fej-builder:latest AS builder FROM chewingbever/fej-builder:latest AS builder
# And then finally, build the project # And then finally, build the project
@ -5,22 +6,42 @@ FROM chewingbever/fej-builder:latest AS builder
# https://users.rust-lang.org/t/sigsegv-with-program-linked-against-openssl-in-an-alpine-container/52172 # https://users.rust-lang.org/t/sigsegv-with-program-linked-against-openssl-in-an-alpine-container/52172
# TODO add what these flags do & why they work # TODO add what these flags do & why they work
# NOTE: cargo install auto-appends bin to the path # NOTE: cargo install auto-appends bin to the path
RUN --mount=type=cache,target=/usr/src/app/target \
--mount=type=cache,target=/root/.cargo/registry \ # RUN --mount=type=cache,mode=0777,target=/app/target \
cargo install \ # --mount=type=cache,mode=0777,target=/app/.cargo/registry \
--path . \
--root /usr/local \ # Buildkit cache mounts really don't like it when you're not root,
--target x86_64-unknown-linux-musl # so I guess we're building release without a cache for now
RUN cargo install \
--path . \
--root /app/output \
--target x86_64-unknown-linux-musl
# Now, we create the actual image # Now, we create the actual image
FROM alpine:latest FROM alpine:latest
# Install some dynamic libraries needed for everything to work # Install some dynamic libraries needed for everything to work
RUN apk update && apk add --no-cache openssl libgcc curl # Create -non-root user
RUN apk update && \
apk add --no-cache \
curl \
libgcc \
libpq \
openssl && \
addgroup -S fej && \
adduser -S fej -G fej -h /app
# Switch to non-root user
USER fej:fej
# Copy binary over to final image # Copy binary over to final image
COPY --from=builder /usr/local/bin/server /usr/local/bin/server COPY --from=builder --chown=fej:fej /app/output/bin /app/bin
# Embed config file inside container
# The workdir is changed so that the config file is read properly
WORKDIR /app
COPY --chown=fej:fej Rocket.toml /app/Rocket.toml
HEALTHCHECK \ HEALTHCHECK \
--interval=10s \ --interval=10s \
@ -29,4 +50,4 @@ HEALTHCHECK \
--retries=3 \ --retries=3 \
CMD curl -q localhost:8000 CMD curl -q localhost:8000
CMD ["/usr/local/bin/server"] CMD ["/app/bin/server"]

28
fejctl
View File

@ -9,18 +9,27 @@ function create_images() {
# First, we build the builder # First, we build the builder
DOCKER_BUILDKIT=1 docker build \ DOCKER_BUILDKIT=1 docker build \
-f docker/Dockerfile.builder \ -f docker/Dockerfile.builder \
-t "$image-builder:latest" . -t "$image-builder:latest" . || {
>&2 echo "Failed to build builder.";
exit 1;
}
if [[ "$1" = "rel" ]]; then if [[ "$1" = "rel" ]]; then
DOCKER_BUILDKIT=1 docker build \ DOCKER_BUILDKIT=1 docker build \
-t "$image:latest" \ -t "$image:latest" \
-f docker/Dockerfile.rel . -f docker/Dockerfile.rel . || {
>&2 echo "Failed to build release image.";
exit 1;
}
else else
# Then, we create the debug image # Then, we create the debug image
DOCKER_BUILDKIT=1 docker build \ DOCKER_BUILDKIT=1 docker build \
-t "$image:dev" \ -t "$image:dev" \
-f docker/Dockerfile.dev . -f docker/Dockerfile.dev . || {
>&2 echo "Failed to build debug image.";
exit 1;
}
fi fi
} }
@ -28,9 +37,9 @@ function create_images() {
# #
# $@: the arguments to pass to the image (passed as arguments to cargo) # $@: the arguments to pass to the image (passed as arguments to cargo)
function run_image() { function run_image() {
docker volume create fej_build-cache docker volume create fej_build-cache > /dev/null
docker volume create fej_registry-cache docker volume create fej_registry-cache > /dev/null
docker volume create fej_db-data docker volume create fej_db-data > /dev/null
# Run the database image # Run the database image
docker run --rm \ docker run --rm \
@ -54,9 +63,8 @@ function run_image() {
--name fej \ --name fej \
--env-file .env.container \ --env-file .env.container \
--network fej \ --network fej \
-v 'fej_build-cache:/usr/src/app/target' \ -v 'fej_build-cache:/app/target' \
-v 'fej_registry-cache:/root/.cargo/registry' \ -v 'fej_registry-cache:/app/.cargo/registry' \
-v "$PWD/Rocket.toml:/usr/src/app/Rocket.toml:ro" \
"$image:dev" "$@" "$image:dev" "$@"
} }
@ -109,6 +117,8 @@ function publish() {
exit 2 exit 2
fi fi
create_images rel
patch_version=`grep -Po '(?<=version = ").*(?=")' Cargo.toml | head -n1` patch_version=`grep -Po '(?<=version = ").*(?=")' Cargo.toml | head -n1`
major_version=`echo "$patch_version" | sed -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)/\1/'` major_version=`echo "$patch_version" | sed -E 's/([0-9]+)\.([0-9]+)\.([0-9]+)/\1/'`
minor_version=`echo "$patch_version" | sed -E 's/([0-9]+).([0-9]+).([0-9]+)/\1.\2/'` minor_version=`echo "$patch_version" | sed -E 's/([0-9]+).([0-9]+).([0-9]+)/\1.\2/'`