From d089d4bcaf099c678f0e262ea4651c3d3cb22204 Mon Sep 17 00:00:00 2001 From: Timmi6790 <13711365+Timmi6790@users.noreply.github.com> Date: Fri, 8 Nov 2024 17:38:18 +0100 Subject: [PATCH] build: improve DockerFile (#77) --- Cargo.toml | 2 +- Dockerfile | 71 +++++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 53 insertions(+), 20 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 0771af7..8c5c2ba 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,6 +42,6 @@ tempfile = "3.6.0" serde_test = "1.0.171" [profile.release] +strip = true lto = true codegen-units = 1 -debug = true \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 8aa8ace..253b95e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,43 +1,76 @@ +# Global Build Args +ARG BINARY_NAME=netcup-offer-bot +ARG USER=runner +ARG GROUP=runner +ARG USER_ID=1000 +ARG GROUP_ID=1000 +ARG EXECUTION_DIRECTORY=/app +ARG BUILD_DIRECTORY=/build +ARG BUILD_TARGET=x86_64-unknown-linux-musl + FROM clux/muslrust:stable AS chef + +# Build Environment Args +ARG BUILD_DIRECTORY + USER root RUN cargo install cargo-chef -WORKDIR /app +WORKDIR $BUILD_DIRECTORY FROM chef AS planner COPY . . RUN cargo chef prepare --recipe-path recipe.json FROM chef AS builder -COPY --from=planner /app/recipe.json recipe.json -RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json + +ARG BUILD_DIRECTORY +ARG BUILD_TARGET + +COPY --from=planner $BUILD_DIRECTORY/recipe.json recipe.json +RUN cargo chef cook --release --target $BUILD_TARGET --recipe-path recipe.json COPY . . -RUN cargo build --release --target x86_64-unknown-linux-musl +RUN cargo build --release --target $BUILD_TARGET FROM alpine AS env -RUN apk add --no-cache ca-certificates -RUN adduser \ - --disabled-password \ - --gecos "" \ - --home "/app" \ - --shell "/sbin/nologin" \ - "1000" + +# Build Environment Args +ARG USER +ARG GROUP +ARG USER_ID +ARG GROUP_ID +ARG EXECUTION_DIRECTORY + +RUN apk add --no-cache ca-certificates && \ + addgroup -g $GROUP_ID -S $GROUP && \ + adduser -u $USER_ID -S $USER -G $GROUP && \ + mkdir -p $EXECUTION_DIRECTORY FROM scratch AS runtime +# Build Environment Args +ARG BINARY_NAME +ARG USER +ARG GROUP +ARG EXECUTION_DIRECTORY +ARG BUILD_DIRECTORY +ARG BUILD_TARGET + ARG version=unknown ARG release=unreleased LABEL version=${version} \ release=${release} -COPY --from=env /etc/passwd /etc/passwd -COPY --from=env /etc/group /etc/group -COPY --from=env --chown=1000:1000 /app /app -COPY --from=env /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt +COPY --from=env --chown=root:root /etc/passwd /etc/passwd +COPY --from=env --chown=root:root /etc/group /etc/group +COPY --from=env --chown=root:root /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt + +# Create execution directory +COPY --from=env --chown=$USER:$GROUP $EXECUTION_DIRECTORY $EXECUTION_DIRECTORY -WORKDIR /app -COPY --from=builder --chown=root:root /app/target/x86_64-unknown-linux-musl/release/netcup-offer-bot ./app +WORKDIR $EXECUTION_DIRECTORY +COPY --from=builder --chown=root:root $BUILD_DIRECTORY/target/$BUILD_TARGET/release/$BINARY_NAME ./app -USER 1000:1000 +USER $USER:$GROUP -CMD ["./app"] \ No newline at end of file +ENTRYPOINT ["./app"] \ No newline at end of file