-
Notifications
You must be signed in to change notification settings - Fork 116
/
Dockerfile
33 lines (25 loc) · 956 Bytes
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
FROM ghcr.io/blockscout/services-base:latest as chef
FROM chef AS plan
COPY . .
RUN cargo chef prepare --recipe-path recipe.json
FROM chef as cache
COPY --from=plan /app/recipe.json recipe.json
RUN cargo chef cook --release --recipe-path recipe.json
FROM chef AS build
COPY . .
COPY --from=cache /app/target target
COPY --from=cache $CARGO_HOME $CARGO_HOME
RUN cargo build --release
FROM ubuntu:20.04 as run
RUN apt-get update && apt-get install -y libssl1.1 libssl-dev ca-certificates
WORKDIR /app
ENV APP_USER=app
# Processes in a container should not run as root, so we need to create app user
# https://medium.com/@mccode/processes-in-containers-should-not-run-as-root-2feae3f0df3b
RUN groupadd $APP_USER \
&& useradd -g $APP_USER $APP_USER
COPY --from=build /app/target/release/sig-provider-server /app/sig-provider-server
# Change directory access for app user
RUN chown -R $APP_USER:$APP_USER /app
USER app
CMD ["./sig-provider-server"]