Use debian without static libs instead.
All checks were successful
Build and Push Docker Image / build-and-push (push) Successful in 15m24s
All checks were successful
Build and Push Docker Image / build-and-push (push) Successful in 15m24s
This commit is contained in:
parent
215d32c76e
commit
aaa8b7c587
GPG key ID:
32C1DDF333EDA6A4
2 changed files with 84 additions and 18 deletions
68
.forgejo/workflows/docker-build-push.yaml
Normal file
68
.forgejo/workflows/docker-build-push.yaml
Normal file
|
|
@ -0,0 +1,68 @@
|
|||
name: Build and Push Docker Image
|
||||
|
||||
# Define when this workflow will run
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master # Trigger on pushes to master branch
|
||||
tags:
|
||||
- '[0-9]+.[0-9]+.[0-9]+' # Trigger on semantic version tags
|
||||
paths-ignore:
|
||||
- 'Cargo.lock'
|
||||
- 'LICENSE'
|
||||
- 'README.md'
|
||||
- 'docker-compose.yml'
|
||||
workflow_dispatch: # Allow manual triggering of the workflow
|
||||
|
||||
# Define environment variables used throughout the workflow
|
||||
env:
|
||||
REGISTRY: git.nadeko.net
|
||||
IMAGE_NAME: fijxu/inv_sig_helper
|
||||
|
||||
jobs:
|
||||
build-and-push:
|
||||
runs-on: runner
|
||||
|
||||
steps:
|
||||
# Step 1: Check out the repository code
|
||||
- name: Checkout code
|
||||
uses: https://github.com/actions/checkout@v3
|
||||
|
||||
# Step 3: Set up Docker Buildx for enhanced build capabilities
|
||||
- name: Set up Docker Buildx
|
||||
uses: https://github.com/docker/setup-buildx-action@v3
|
||||
|
||||
# Step 4: Authenticate with Quay.io registry
|
||||
- name: Login to Docker Container Registry
|
||||
uses: https://github.com/docker/login-action@v3.1.0
|
||||
with:
|
||||
registry: git.nadeko.net
|
||||
username: ${{ secrets.USERNAME }}
|
||||
password: ${{ secrets.TOKEN }}
|
||||
|
||||
# Step 5: Extract metadata for Docker image tagging and labeling
|
||||
- name: Extract metadata for Docker
|
||||
id: meta
|
||||
uses: https://github.com/docker/metadata-action@v4
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
# Define tagging strategy
|
||||
tags: |
|
||||
type=semver,pattern={{version}}
|
||||
type=semver,pattern={{major}}.{{minor}}
|
||||
type=semver,pattern={{major}}
|
||||
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}
|
||||
type=sha,prefix={{branch}}-
|
||||
# Define labels
|
||||
labels: |
|
||||
quay.expires-after=12w
|
||||
|
||||
# Step 6: Build and push the Docker image
|
||||
- name: Build and push Docker image
|
||||
uses: https://github.com/docker/build-push-action@v5
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
platforms: linux/amd64
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
34
Dockerfile
34
Dockerfile
|
|
@ -1,20 +1,22 @@
|
|||
# Use the official Alpine-based Rust image as a parent image
|
||||
FROM rust:1.80-alpine AS builder
|
||||
# Use the official Debian-based Rust image as a parent image
|
||||
FROM rust:1.81-slim-bookworm AS builder
|
||||
|
||||
# Set the working directory in the container
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
RUN DEBIAN_FRONTEND='noninteractive' apt update
|
||||
|
||||
# Install build dependencies
|
||||
RUN apk add --no-cache \
|
||||
musl-dev \
|
||||
openssl-dev \
|
||||
openssl-libs-static \
|
||||
pkgconfig \
|
||||
RUN DEBIAN_FRONTEND='noninteractive' apt install -y --no-install-recommends \
|
||||
libssl-dev \
|
||||
pkg-config \
|
||||
patch
|
||||
|
||||
RUN DEBIAN_FRONTEND='noninteractive' apt autoclean
|
||||
|
||||
# Set environment variables for static linking
|
||||
ENV OPENSSL_STATIC=yes
|
||||
ENV OPENSSL_DIR=/usr
|
||||
# ENV OPENSSL_STATIC=yes
|
||||
# ENV OPENSSL_DIR=/usr
|
||||
|
||||
# Copy the current directory contents into the container
|
||||
COPY . .
|
||||
|
|
@ -22,23 +24,19 @@ COPY . .
|
|||
# Determine the target architecture and build the application
|
||||
RUN RUST_TARGET=$(rustc -vV | sed -n 's/host: //p') && \
|
||||
rustup target add $RUST_TARGET && \
|
||||
RUSTFLAGS='-C target-feature=+crt-static' cargo build --release --target $RUST_TARGET
|
||||
cargo build --release --target $RUST_TARGET
|
||||
|
||||
# Stage for creating the non-privileged user
|
||||
FROM alpine:3.20 AS user-stage
|
||||
FROM debian:bookworm-slim AS user-stage
|
||||
|
||||
RUN adduser -u 10001 -S appuser
|
||||
|
||||
# Stage for a smaller final image
|
||||
FROM scratch
|
||||
RUN adduser --uid 10001 appuser
|
||||
RUN apt update && apt install libssl3
|
||||
RUN apt-get clean autoclean && apt-get autoremove --yes && rm -rf /var/lib/apt /var/lib/dpkg /var/lib/cache /var/lib/log
|
||||
|
||||
# Copy necessary files from the builder stage, using the correct architecture path
|
||||
COPY --from=builder /usr/src/app/target/*/release/inv_sig_helper_rust /app/inv_sig_helper_rust
|
||||
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
||||
|
||||
# Copy passwd file for the non-privileged user from the user-stage
|
||||
COPY --from=user-stage /etc/passwd /etc/passwd
|
||||
|
||||
# Set the working directory
|
||||
WORKDIR /app
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue