personal/monzo-ingestion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace the Docker build with the one from toggl-bridge as it's better
Some checks failed
Rust CI / Build and Test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Joshua Coles 2024-08-09 09:57:48 +01:00
parent 21a63a10a4
commit af0588c5ef
3 changed files with 86 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
.github/workflows/build.yml vendored
View File

@ -1,39 +1,98 @@
name: Build and Publish Docker Container
name: Rust CI
on:
push:
branches:
- main
branches: [ main ]
pull_request:
branches: [ main ]
env:
CARGO_TERM_COLOR: always
jobs:
build:
name: Build and Test
runs-on: ubuntu-latest
container:
image: catthehacker/ubuntu:act-latest
container: catthehacker/ubuntu:act-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
profile: minimal
override: true
components: rustfmt, clippy
- name: Add ARM64 target
run: rustup target add aarch64-unknown-linux-gnu
- name: Install ARM64 toolchain
run: |
apt-get update
apt-get install -y gcc-aarch64-linux-gnu
- name: Cache dependencies
uses: actions/cache@v3
with:
path: |
~/.cargo
target/
key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}"
restore-keys: |
${{ runner.os }}-cargo-
- name: Build (x86_64)
uses: actions-rs/cargo@v1
with:
command: build
args: --release --all-features
- name: Build (ARM64)
uses: actions-rs/cargo@v1
with:
command: build
args: --release --all-features --target aarch64-unknown-linux-gnu
env:
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
- name: Run tests
uses: actions-rs/cargo@v1
with:
command: test
args: --all-features
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: binaries
path: |
target/release/${{ github.event.repository.name }}
target/aarch64-unknown-linux-gnu/release/${{ github.event.repository.name }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@v2
- name: Login to Docker
uses: docker/login-action@v1
- name: Login to DockerHub
uses: docker/login-action@v2
with:
registry: git.joshuacoles.me
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and Push Docker image
uses: docker/build-push-action@v5
- name: Build and push multi-arch Docker image
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm64
push: true
file: ./Dockerfile.cache
tags: git.joshuacoles.me/${{ github.repository }}:latest,git.joshuacoles.me/${{ github.repository }}:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
- uses: robiningelbrecht/ntfy-action@v1.0.0
name: Notify via ntfy.sh

88
Dockerfile
View File

@ -1,78 +1,14 @@
# syntax=docker/dockerfile:1
# Comments are provided throughout this file to help you get started.
# If you need more help, visit the Dockerfile reference guide at
# https://docs.docker.com/engine/reference/builder/
################################################################################
# Create a stage for building the application.
ARG RUST_VERSION=1.76.0
ARG APP_NAME=monzo-ingestion
FROM rust:${RUST_VERSION}-slim-bullseye AS build
ARG APP_NAME
FROM --platform=$BUILDPLATFORM debian:bullseye-slim AS builder
ARG TARGETPLATFORM
WORKDIR /app
COPY . .
RUN case "$TARGETPLATFORM" in \
"linux/amd64") BINARY_PATH="target/release/toggl-bridge" ;; \
"linux/arm64") BINARY_PATH="target/aarch64-unknown-linux-gnu/release/toggl-bridge" ;; \
*) exit 1 ;; \
esac && \
mv "$BINARY_PATH" /usr/local/bin/toggl-bridge
# Build the application.
# Leverage a cache mount to /usr/local/cargo/registry/
# for downloaded dependencies and a cache mount to /app/target/ for
# compiled dependencies which will speed up subsequent builds.
# Leverage a bind mount to the src directory to avoid having to copy the
# source code into the container. Once built, copy the executable to an
# output directory before the cache mounted /app/target is unmounted.
RUN --mount=type=bind,source=src,target=src \
--mount=type=bind,source=entity,target=entity \
--mount=type=bind,source=migration,target=migration \
--mount=type=bind,source=Cargo.toml,target=Cargo.toml \
--mount=type=bind,source=Cargo.lock,target=Cargo.lock \
--mount=type=cache,target=/app/target/ \
--mount=type=cache,target=/usr/local/cargo/registry/ \
<<EOF
set -e
cargo build --locked --release
cp ./target/release/$APP_NAME /bin/server
EOF
################################################################################
# Create a new stage for running the application that contains the minimal
# runtime dependencies for the application. This often uses a different base
# image from the build stage where the necessary files are copied from the build
# stage.
#
# The example below uses the debian bullseye image as the foundation for running the app.
# By specifying the "bullseye-slim" tag, it will also use whatever happens to be the
# most recent version of that tag when you build your Dockerfile. If
# reproducability is important, consider using a digest
# (e.g., debian@sha256:ac707220fbd7b67fc19b112cee8170b41a9e97f703f588b2cdbbcdcecdd8af57).
FROM debian:bullseye-slim AS final
RUN set -ex; \
apt-get update && \
apt-get -y install --no-install-recommends \
ca-certificates curl && \
rm -rf /var/lib/apt/lists/*
# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser
USER appuser
# Copy the executable from the "build" stage.
COPY --from=build /bin/server /bin/
# Expose the port that the application listens on.
EXPOSE 3000
HEALTHCHECK --interval=5s --timeout=3s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
# What the container should run when it is started.
CMD ["/bin/server", "web", "--addr", "0.0.0.0:3000"]
FROM --platform=$TARGETPLATFORM debian:bullseye-slim
COPY --from=builder /usr/local/bin/toggl-bridge /usr/local/bin/
CMD ["toggl-bridge"]

48
Dockerfile.cache
View File

@ -1,48 +0,0 @@
# Setup the base build image, this will be used for planning (to cache dependencies) and axctually building the image
ARG RUST_VERSION=1.76.0
FROM clux/muslrust:${RUST_VERSION}-stable AS chef
USER root
RUN apt-get update && \
apt-get install -y --no-install-recommends \
lld musl-tools clang libclang-dev llvm \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
ARG RUST_TARGET_ARCH=aarch64
ARG RUST_TARGET=${RUST_TARGET_ARCH}-unknown-linux-musl
ENV CC_${RUST_TARGET_ARCH}_unknown_linux_musl=clang
ENV AR_${RUST_TARGET_ARCH}_unknown_linux_musl=llvm-ar
ENV CARGO_TARGET_${RUST_TARGET_ARCH}_UNKNOWN_LINUX_MUSL_RUSTFLAGS="-Clink-self-contained=yes -Clinker=rust-lld"
RUN cargo install cargo-chef
WORKDIR /app
FROM chef as planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json
FROM chef AS builder
ARG BINARY=monzo-ingestion
ARG RUST_TARGET_ARCH=aarch64
ARG RUST_TARGET=${RUST_TARGET_ARCH}-unknown-linux-musl
COPY --from=planner /app/recipe.json recipe.json
RUN cargo chef cook --release --target "${RUST_TARGET}" --recipe-path recipe.json
COPY . .
RUN cargo build --release --target "${RUST_TARGET}" --bin "${BINARY}"
FROM alpine AS runtime
ARG APP_USER=appuser
RUN addgroup -S ${APP_USER} && adduser -S ${APP_USER} -G ${APP_USER}
RUN apk add --no-cache ca-certificates curl
COPY --from=builder /app/target/${RUST_TARGET}/release/${BINARY} /usr/local/bin/server
EXPOSE 3000
HEALTHCHECK --interval=5s --timeout=3s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
USER ${APP_USER}
CMD ["/usr/local/bin/server", "serve", "--addr", "0.0.0.0:3000"]