-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: add alpine based docker images #39
base: main
Are you sure you want to change the base?
Changes from 19 commits
67ca21f
9b0925a
e00cd6d
d635f62
e3bfd72
fa646f2
51e72ea
7674495
d651011
e3262da
d199e33
75a34d9
2bf2e89
85a7cc3
fd9debe
59d4491
be15e67
7891f17
846f851
28bb0c1
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
FROM rust:alpine AS builder | ||
WORKDIR app | ||
|
||
RUN apk add --no-cache musl-dev openssl-dev openssl-libs-static sqlite-dev sqlite-static | ||
|
||
# First build dependencies, this should cache a dependency layer which | ||
# only needs to be refreshed when Cargo.(lock|toml) is updated | ||
COPY Cargo.lock Cargo.toml ./ | ||
RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs | ||
RUN cargo build --release --locked | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Also note I added Personally I feel explicitly updating dependencies is always better, especially because the current build workflows don't have a test stage first. For easier maintenance it could require an additional github workflow to help maintaining dependency updates (fe using https://github.com/marketplace/actions/dependencies-autoupdate) |
||
RUN rm ./src/main.rs && rmdir ./src | ||
|
||
COPY . . | ||
RUN cargo build --release --locked --bin mollysocket | ||
|
||
|
||
FROM alpine:3 AS runtime | ||
WORKDIR app | ||
|
||
ENV MOLLY_HOST=127.0.0.1 | ||
ENV MOLLY_PORT=8020 | ||
|
||
RUN apk add --no-cache ca-certificates | ||
|
||
COPY --from=builder /app/target/release/mollysocket /usr/local/bin/ | ||
HEALTHCHECK --interval=1m --timeout=3s \ | ||
CMD wget -q --tries=1 "http://$MOLLY_HOST:$MOLLY_PORT/" -O - | grep '"mollysocket":{"version":' | ||
ENTRYPOINT ["/usr/local/bin/mollysocket"] |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
FROM docker.io/rust:bookworm AS builder | ||
WORKDIR app | ||
|
||
# First build dependencies, this should cache a dependency layer which | ||
# only needs to be refreshed when Cargo.(lock|toml) is updated | ||
COPY Cargo.lock Cargo.toml ./ | ||
RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs | ||
RUN cargo build --release --locked | ||
RUN rm ./src/main.rs && rmdir ./src | ||
|
||
COPY . . | ||
RUN cargo build --release --locked --bin mollysocket | ||
|
||
|
||
FROM docker.io/debian:bookworm-slim AS runtime | ||
WORKDIR app | ||
|
||
ENV MOLLY_HOST=127.0.0.1 | ||
ENV MOLLY_PORT=8020 | ||
|
||
RUN apt update && \ | ||
apt install -y wget libssl3 libsqlite3-0 ca-certificates && \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
COPY --from=builder /app/target/release/mollysocket /usr/local/bin/ | ||
HEALTHCHECK --interval=1m --timeout=3s \ | ||
CMD wget -q --tries=1 "http://$MOLLY_HOST:$MOLLY_PORT/" -O - | grep '"mollysocket":{"version":' | ||
ENTRYPOINT ["/usr/local/bin/mollysocket"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that although this comment is intrinsically correct, github actions require additional configuration to make docker layer caching work during github workflows.
Not sure if you are interested in that because of the comment about nightly builds to resolve CVE's in the base images.