Fijxu/inv_sig_helper
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Use debian without static libs instead.
All checks were successful
Build and Push Docker Image / build-and-push (push) Successful in 15m24s
Details

Browse source
This commit is contained in:
Fijxu 2024-09-17 23:17:40 -03:00
parent 215d32c76e
commit aaa8b7c587
Signed by: Fijxu
GPG key ID: 32C1DDF333EDA6A4
2 changed files with 84 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
.forgejo/workflows/docker-build-push.yaml Normal file
View file

@ -0,0 +1,68 @@
name: Build and Push Docker Image
# Define when this workflow will run
on:
push:
branches:
- master # Trigger on pushes to master branch
tags:
- '[0-9]+.[0-9]+.[0-9]+' # Trigger on semantic version tags
paths-ignore:
- 'Cargo.lock'
- 'LICENSE'
- 'README.md'
- 'docker-compose.yml'
workflow_dispatch: # Allow manual triggering of the workflow
# Define environment variables used throughout the workflow
env:
REGISTRY: git.nadeko.net
IMAGE_NAME: fijxu/inv_sig_helper
jobs:
build-and-push:
runs-on: runner
steps:
# Step 1: Check out the repository code
- name: Checkout code
uses: https://github.com/actions/checkout@v3
# Step 3: Set up Docker Buildx for enhanced build capabilities
- name: Set up Docker Buildx
uses: https://github.com/docker/setup-buildx-action@v3
# Step 4: Authenticate with Quay.io registry
- name: Login to Docker Container Registry
uses: https://github.com/docker/login-action@v3.1.0
with:
registry: git.nadeko.net
username: ${{ secrets.USERNAME }}
password: ${{ secrets.TOKEN }}
# Step 5: Extract metadata for Docker image tagging and labeling
- name: Extract metadata for Docker
id: meta
uses: https://github.com/docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# Define tagging strategy
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'master') }}
type=sha,prefix={{branch}}-
# Define labels
labels: |
quay.expires-after=12w
# Step 6: Build and push the Docker image
- name: Build and push Docker image
uses: https://github.com/docker/build-push-action@v5
with:
context: .
push: true
platforms: linux/amd64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

34
Dockerfile
View file

@ -1,20 +1,22 @@
# Use the official Alpine-based Rust image as a parent image # Use the official Debian-based Rust image as a parent image
FROM rust:1.80-alpine AS builder FROM rust:1.81-slim-bookworm AS builder
# Set the working directory in the container # Set the working directory in the container
WORKDIR /usr/src/app WORKDIR /usr/src/app
RUN DEBIAN_FRONTEND='noninteractive' apt update
# Install build dependencies # Install build dependencies
RUN apk add --no-cache \ RUN DEBIAN_FRONTEND='noninteractive' apt install -y --no-install-recommends \
musl-dev \ libssl-dev \
openssl-dev \ pkg-config \
openssl-libs-static \
pkgconfig \
patch patch
RUN DEBIAN_FRONTEND='noninteractive' apt autoclean
# Set environment variables for static linking # Set environment variables for static linking
ENV OPENSSL_STATIC=yes # ENV OPENSSL_STATIC=yes
ENV OPENSSL_DIR=/usr # ENV OPENSSL_DIR=/usr
# Copy the current directory contents into the container # Copy the current directory contents into the container
COPY . . COPY . .
@ -22,23 +24,19 @@ COPY . .
# Determine the target architecture and build the application # Determine the target architecture and build the application
RUN RUST_TARGET=$(rustc -vV | sed -n 's/host: //p') && \ RUN RUST_TARGET=$(rustc -vV | sed -n 's/host: //p') && \
rustup target add $RUST_TARGET && \ rustup target add $RUST_TARGET && \
RUSTFLAGS='-C target-feature=+crt-static' cargo build --release --target $RUST_TARGET cargo build --release --target $RUST_TARGET
# Stage for creating the non-privileged user # Stage for creating the non-privileged user
FROM alpine:3.20 AS user-stage FROM debian:bookworm-slim AS user-stage
RUN adduser -u 10001 -S appuser RUN adduser --uid 10001 appuser
RUN apt update && apt install libssl3
# Stage for a smaller final image RUN apt-get clean autoclean && apt-get autoremove --yes && rm -rf /var/lib/apt /var/lib/dpkg /var/lib/cache /var/lib/log
FROM scratch
# Copy necessary files from the builder stage, using the correct architecture path # Copy necessary files from the builder stage, using the correct architecture path
COPY --from=builder /usr/src/app/target/*/release/inv_sig_helper_rust /app/inv_sig_helper_rust COPY --from=builder /usr/src/app/target/*/release/inv_sig_helper_rust /app/inv_sig_helper_rust
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy passwd file for the non-privileged user from the user-stage
COPY --from=user-stage /etc/passwd /etc/passwd
# Set the working directory # Set the working directory
WORKDIR /app WORKDIR /app