chore(ci+cd): improve docker build

.github/workflows/ci.yml

@@ -23,3 +23,60 @@ jobs:
         run: cargo build --verbose
       - name: Run tests
         run: cargo test --verbose
+
+  docker-build-test:
+    name: Docker Build and
+    needs: build
+    strategy:
+      matrix:
+        include:
+          - platform: amd64
+            runs-on: ubuntu-latest
+            docker-platform: linux/amd64
+          - platform: arm64
+            runs-on: ubuntu-22.04-arm # GitHub's public ARM runner
+            docker-platform: linux/arm64
+    runs-on: ${{ matrix.runs-on }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the GitHub Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: docker-metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/traceloop/hub # GitHub
+            traceloop/hub # Docker Hub
+          tags: |
+            type=sha
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          platforms: ${{ matrix.docker-platform }}
+          tags: ${{ steps.docker-metadata.outputs.tags }}
+          labels: ${{ steps.docker-metadata.outputs.labels }}
+          cache-from: type=gha,scope=${{ matrix.platform }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
+          sbom: false
+          provenance: false

.github/workflows/docker.yml

@@ -57,6 +57,8 @@ jobs:
           labels: ${{ steps.docker-metadata.outputs.labels }}
           platforms: |
             linux/amd64, linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
   deploy:
     name: Deploy to Traceloop
     runs-on: ubuntu-latest

Dockerfile

@@ -1,16 +1,39 @@
-FROM rust:1.82-bookworm AS builder
-
+FROM lukemathwalker/cargo-chef:latest-rust-1.82 AS chef
 WORKDIR /app
+
+# Planner stage - analyze dependencies
+FROM chef AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+# Builder stage with dependency caching
+FROM chef AS builder
+COPY --from=planner /app/recipe.json recipe.json
+# Build dependencies - this is the key caching layer
+RUN cargo chef cook --release --recipe-path recipe.json
+# Now build application code
 COPY . .
 RUN cargo build --release --bin hub
 
-FROM debian:bookworm-slim AS runtime
-RUN apt-get update && apt-get install -y openssl ca-certificates
+# Runtime stage - using Alpine for smaller image
+FROM alpine:3.19 AS runtime
+# Install SSL certificates and minimal dependencies
+RUN apk add --no-cache ca-certificates openssl libgcc
+
+# Create a non-root user to run the application
+RUN addgroup -S app && adduser -S app -G app
 WORKDIR /app
-COPY --from=builder /app/target/release/hub /usr/local/bin
-WORKDIR /etc
 
-ENV PORT 3000
+# Only copy the built binary
+COPY --from=builder /app/target/release/hub /usr/local/bin/
+RUN chmod +x /usr/local/bin/hub
+
+# Set environment variables
+ENV PORT=3000
 EXPOSE 3000
 
-ENTRYPOINT ["/usr/local/bin/hub"]
+# Use non-root user for better security
+USER app
+
+# Set the entrypoint
+ENTRYPOINT ["/usr/local/bin/hub"]

src/pipelines/pipeline.rs

@@ -102,7 +102,7 @@ pub async fn chat_completions(
         }
     }
 
-    tracer.log_error("No matching model found".to_string());
+    tracer.log_error("No matching model found ".to_string());
     eprintln!("No matching model found for: {}", payload.model);
     Err(StatusCode::NOT_FOUND)
 }