build: improve DockerFile (#77)

Cargo.toml

@@ -42,6 +42,6 @@ tempfile = "3.6.0"
 serde_test = "1.0.171"
 
 [profile.release]
+strip = true
 lto = true
 codegen-units = 1
-debug = true

Dockerfile

@@ -1,43 +1,76 @@
+# Global Build Args
+ARG BINARY_NAME=netcup-offer-bot
+ARG USER=runner
+ARG GROUP=runner
+ARG USER_ID=1000
+ARG GROUP_ID=1000
+ARG EXECUTION_DIRECTORY=/app
+ARG BUILD_DIRECTORY=/build
+ARG BUILD_TARGET=x86_64-unknown-linux-musl
+
 FROM clux/muslrust:stable AS chef
+
+# Build Environment Args
+ARG BUILD_DIRECTORY
+
 USER root
 RUN cargo install cargo-chef
-WORKDIR /app
+WORKDIR $BUILD_DIRECTORY
 
 FROM chef AS planner
 COPY . .
 RUN cargo chef prepare --recipe-path recipe.json
 
 FROM chef AS builder
-COPY --from=planner /app/recipe.json recipe.json
-RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json
+
+ARG BUILD_DIRECTORY
+ARG BUILD_TARGET
+
+COPY --from=planner $BUILD_DIRECTORY/recipe.json recipe.json
+RUN cargo chef cook --release --target $BUILD_TARGET --recipe-path recipe.json
 COPY . .
-RUN cargo build --release --target x86_64-unknown-linux-musl
+RUN cargo build --release --target $BUILD_TARGET
 
 FROM alpine AS env
-RUN apk add --no-cache ca-certificates
-RUN adduser \
-    --disabled-password \
-    --gecos "" \
-    --home "/app" \
-    --shell "/sbin/nologin" \
-    "1000"
+
+# Build Environment Args
+ARG USER
+ARG GROUP
+ARG USER_ID
+ARG GROUP_ID
+ARG EXECUTION_DIRECTORY
+
+RUN apk add --no-cache ca-certificates && \
+    addgroup -g $GROUP_ID -S $GROUP &&  \
+    adduser -u $USER_ID -S $USER -G $GROUP && \
+    mkdir -p $EXECUTION_DIRECTORY
 
 FROM scratch AS runtime
 
+# Build Environment Args
+ARG BINARY_NAME
+ARG USER
+ARG GROUP
+ARG EXECUTION_DIRECTORY
+ARG BUILD_DIRECTORY
+ARG BUILD_TARGET
+
 ARG version=unknown
 ARG release=unreleased
 
 LABEL version=${version} \
       release=${release}
 
-COPY --from=env /etc/passwd /etc/passwd
-COPY --from=env /etc/group /etc/group
-COPY --from=env --chown=1000:1000 /app /app
-COPY --from=env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=env --chown=root:root /etc/passwd /etc/passwd
+COPY --from=env --chown=root:root /etc/group /etc/group
+COPY --from=env --chown=root:root /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+# Create execution directory
+COPY --from=env --chown=$USER:$GROUP $EXECUTION_DIRECTORY $EXECUTION_DIRECTORY
 
-WORKDIR /app
-COPY --from=builder --chown=root:root /app/target/x86_64-unknown-linux-musl/release/netcup-offer-bot ./app
+WORKDIR $EXECUTION_DIRECTORY
+COPY --from=builder --chown=root:root $BUILD_DIRECTORY/target/$BUILD_TARGET/release/$BINARY_NAME ./app
 
-USER 1000:1000
+USER $USER:$GROUP
 
-CMD ["./app"]
+ENTRYPOINT ["./app"]