56 lines
1.5 KiB
Text
56 lines
1.5 KiB
Text
|
# Use the official Alpine-based Rust image as a parent image
|
||
|
FROM rust:1.80-alpine AS builder
|
||
|
|
||
|
# Set the working directory in the container
|
||
|
WORKDIR /usr/src/app
|
||
|
|
||
|
# Install build dependencies
|
||
|
RUN apk add --no-cache \
|
||
|
musl-dev \
|
||
|
openssl-dev \
|
||
|
openssl-libs-static \
|
||
|
pkgconfig \
|
||
|
patch
|
||
|
|
||
|
# Set environment variables for static linking
|
||
|
ENV OPENSSL_STATIC=yes
|
||
|
ENV OPENSSL_DIR=/usr
|
||
|
|
||
|
# Copy the current directory contents into the container
|
||
|
COPY . .
|
||
|
|
||
|
# Determine the target architecture and build the application
|
||
|
RUN RUST_TARGET=$(rustc -vV | sed -n 's/host: //p') && \
|
||
|
rustup target add $RUST_TARGET && \
|
||
|
RUSTFLAGS='-C target-feature=+crt-static' cargo build --release --target $RUST_TARGET
|
||
|
|
||
|
# Stage for creating the non-privileged user
|
||
|
FROM alpine:3.20 AS user-stage
|
||
|
|
||
|
RUN adduser -u 10001 -S appuser
|
||
|
|
||
|
# Stage for a smaller final image
|
||
|
FROM scratch
|
||
|
|
||
|
# Copy necessary files from the builder stage, using the correct architecture path
|
||
|
COPY --from=builder /usr/src/app/target/*/release/inv_sig_helper_rust /app/inv_sig_helper_rust
|
||
|
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||
|
|
||
|
# Copy passwd file for the non-privileged user from the user-stage
|
||
|
COPY --from=user-stage /etc/passwd /etc/passwd
|
||
|
|
||
|
# Set the working directory
|
||
|
WORKDIR /app
|
||
|
|
||
|
# Expose port 12999
|
||
|
EXPOSE 12999
|
||
|
|
||
|
# Switch to non-privileged user
|
||
|
USER appuser
|
||
|
|
||
|
# Set the entrypoint to the binary name
|
||
|
ENTRYPOINT ["/app/inv_sig_helper_rust"]
|
||
|
|
||
|
# Set default arguments in CMD
|
||
|
CMD ["--tcp", "127.0.0.1:12999"]
|