# vim: filetype=dockerfile FROM chewingbever/fej-builder:latest AS backend-builder COPY --chown=builder:builder Cargo.toml Cargo.lock ./ COPY --chown=builder:builder src/ ./src/ COPY --chown=builder:builder migrations/ ./migrations/ # And then finally, build the project # Thank the lords that this article exists # https://users.rust-lang.org/t/sigsegv-with-program-linked-against-openssl-in-an-alpine-container/52172 # TODO add what these flags do & why they work # NOTE: cargo install auto-appends bin to the path # RUN --mount=type=cache,mode=0777,target=/app/target \ # --mount=type=cache,mode=0777,target=/app/.cargo/registry \ # Buildkit cache mounts really don't like it when you're not root, # so I guess we're building release without a cache for now RUN cargo install \ --path . \ --root /app/output \ --features frontend FROM node:16-alpine3.13 AS frontend-builder COPY ./web /app WORKDIR /app # Build the frontend RUN yarn install && \ yarn run build # Now, we create the actual image FROM alpine:3.13.5 COPY ./docker/crontab /var/spool/cron/crontabs/fej # Install some dynamic libraries needed for everything to work # Create -non-root user # Change permissions for crontab file RUN apk update && \ apk add --no-cache \ curl \ libgcc \ libpq \ openssl && \ addgroup -S fej && \ adduser -S fej -G fej -h /app # Switch to non-root user USER fej:fej # Copy binary & frontend over to final image COPY --from=backend-builder --chown=fej:fej /app/output/bin /app/bin COPY --from=frontend-builder --chown=fej:fej /app/dist /app/dist # Embed config file inside container # The workdir is changed so that the config file is read properly WORKDIR /app COPY --chown=fej:fej Rocket.toml /app/Rocket.toml HEALTHCHECK \ --interval=10s \ --timeout=5s \ --start-period=1s \ --retries=3 \ CMD curl -q localhost:8000 ENTRYPOINT ["/app/bin/server"]