From c8965ae51b56f142fe68099a5919f6153d1c5622 Mon Sep 17 00:00:00 2001 From: spikecodes <19519553+spikecodes@users.noreply.github.com> Date: Fri, 9 Apr 2021 15:24:47 -0700 Subject: [PATCH] Switch Docker base image to "scratch" --- Dockerfile | 48 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index d71b3c1..a308152 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,43 @@ -FROM rust:alpine as builder -WORKDIR /usr/src/libreddit -COPY . . -RUN apk add --no-cache g++ -RUN cargo install --path . +#################################################################################################### +## Builder +#################################################################################################### +FROM rust:latest AS builder -FROM alpine:latest -RUN apk add --no-cache curl -COPY --from=builder /usr/local/cargo/bin/libreddit /usr/local/bin/libreddit -RUN adduser --system --home /nonexistent --no-create-home --disabled-password libreddit +RUN rustup target add x86_64-unknown-linux-musl +RUN apt update && apt install -y musl-tools musl-dev +RUN update-ca-certificates + +RUN adduser --home /nonexistent --no-create-home --disabled-password libreddit + +WORKDIR /usr/src/libreddit + +COPY . . + +RUN cargo build --target x86_64-unknown-linux-musl --release + +#################################################################################################### +## Final image +#################################################################################################### +FROM scratch + +# Import user information from builder. +COPY --from=builder /etc/passwd /etc/passwd +COPY --from=builder /etc/group /etc/group + +# Import ca-certificates from builder +COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates +COPY --from=builder /etc/ssl/certs /etc/ssl/certs + +# Copy our build +COPY --from=builder /usr/src/libreddit/target/x86_64-unknown-linux-musl/release/libreddit /usr/local/bin/libreddit + +# Use an unprivileged user. USER libreddit + +# Tell Docker to expose port 8080 EXPOSE 8080 -HEALTHCHECK --interval=5m --timeout=3s CMD curl -f http://localhost:8080/settings || exit 1 + +# Run a healthcheck every minute to make sure Libreddit is functional +HEALTHCHECK --interval=1m --timeout=3s CMD curl -f http://localhost:8080/settings || exit 1 CMD ["libreddit"] \ No newline at end of file