forked from iv-org/inv_sig_helper
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
55 lines (40 loc) · 1.47 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# Use the official Alpine-based Rust image as a parent image
FROM rust:1.80-alpine AS builder
# Set the working directory in the container
WORKDIR /usr/src/app
# Install build dependencies
RUN apk add --no-cache \
musl-dev \
openssl-dev \
openssl-libs-static \
pkgconfig \
patch
# Set environment variables for static linking
ENV OPENSSL_STATIC=yes
ENV OPENSSL_DIR=/usr
# Copy the current directory contents into the container
COPY . .
# Determine the target architecture and build the application
RUN RUST_TARGET=$(rustc -vV | sed -n 's/host: //p') && \
rustup target add $RUST_TARGET && \
RUSTFLAGS='-C target-feature=+crt-static' cargo build --release --target $RUST_TARGET
# Stage for creating the non-privileged user
FROM alpine:3.20 AS user-stage
RUN adduser -u 10001 -S appuser
# Stage for a smaller final image
FROM scratch
# Copy necessary files from the builder stage, using the correct architecture path
COPY --from=builder /usr/src/app/target/*/release/inv_sig_helper_rust /app/inv_sig_helper_rust
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy passwd file for the non-privileged user from the user-stage
COPY --from=user-stage /etc/passwd /etc/passwd
# Set the working directory
WORKDIR /app
# Expose port 12999
EXPOSE 12999
# Switch to non-privileged user
USER appuser
# Set the entrypoint to the binary name
ENTRYPOINT ["/app/inv_sig_helper_rust"]
# Set default arguments in CMD
CMD ["--tcp", "127.0.0.1:12999"]