52 lines
1.5 KiB
Docker
52 lines
1.5 KiB
Docker
FROM rust:latest as builder
|
|
|
|
RUN \
|
|
# Setup image building for scratch image...
|
|
apt update \
|
|
&& apt install -y musl-tools musl-dev \
|
|
&& apt-get install -y build-essential \
|
|
&& yes | apt install gcc-x86-64-linux-gnu \
|
|
# Add open ssl support
|
|
&& apt install ca-certificates \
|
|
&& update-ca-certificates \
|
|
&& apt install pkg-config libssl-dev make \
|
|
# Add our own user and group to avoid permission problems
|
|
&& addgroup --gid 131313 app \
|
|
&& adduser --uid 131313 --gid 131313 --shell /bin/false --home /app --disabled-password app \
|
|
# Prepare user data for final image
|
|
&& cat /etc/passwd | grep app > /etc/passwd_app
|
|
|
|
WORKDIR /app
|
|
|
|
COPY . .
|
|
|
|
RUN rustup toolchain install nightly \
|
|
&& rustup target add x86_64-unknown-linux-musl
|
|
|
|
# Login to Gitea
|
|
ARG CRATES_TOKEN
|
|
RUN mkdir ~/.cargo && cat <<"EOF" | tee ${CARGO_HOME}/config.toml
|
|
[registry]
|
|
global-credential-providers = ["cargo:token"]
|
|
EOF
|
|
RUN cargo login --registry git_{{git-owner}} "Bearer ${CRATES_TOKEN}"
|
|
|
|
# Build bin for scratch
|
|
ENV RUSTFLAGS='-C linker=x86_64-linux-gnu-gcc'
|
|
RUN cargo build --release --target x86_64-unknown-linux-musl
|
|
|
|
# Final image
|
|
FROM scratch
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy user settings
|
|
COPY --from=builder /etc/passwd_app /etc/passwd
|
|
# Copy builded image
|
|
COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/{{project-name}} ./
|
|
# Copy CA Certificates
|
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
|
|
|
USER app
|
|
|
|
CMD ["./{{project-name}}"] |