59 lines
1.6 KiB
Docker
59 lines
1.6 KiB
Docker
# Stage 1: Build
|
|
ARG RUST_VERSION=1.76.0
|
|
FROM lukemathwalker/cargo-chef:latest-rust-${RUST_VERSION} as chef
|
|
WORKDIR /build/
|
|
# hadolint ignore=DL3008
|
|
RUN apt-get update && \
|
|
apt-get install -y --no-install-recommends \
|
|
lld \
|
|
clang \
|
|
libclang-dev \
|
|
&& apt-get clean \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
FROM chef as planner
|
|
COPY . .
|
|
RUN cargo chef prepare --recipe-path recipe.json
|
|
|
|
FROM chef as builder
|
|
COPY --from=planner /build/recipe.json recipe.json
|
|
# Build dependencies - this is the caching Docker layer!
|
|
RUN cargo chef cook --release -p monzo-ingestion --recipe-path recipe.json
|
|
# Build application
|
|
COPY . .
|
|
RUN cargo build --release -p monzo-ingestion
|
|
|
|
# Stage 2: Run
|
|
FROM debian:bullseye-slim AS final
|
|
|
|
RUN set -ex; \
|
|
apt-get update && \
|
|
apt-get -y install --no-install-recommends \
|
|
ca-certificates curl && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create a non-privileged user that the app will run under.
|
|
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
|
|
ARG UID=10001
|
|
RUN adduser \
|
|
--disabled-password \
|
|
--gecos "" \
|
|
--home "/nonexistent" \
|
|
--shell "/sbin/nologin" \
|
|
--no-create-home \
|
|
--uid "${UID}" \
|
|
appuser
|
|
USER appuser
|
|
|
|
# Copy the executable from the "build" stage.
|
|
COPY --from=builder /build/target/release/monzo-ingestion /bin/server
|
|
|
|
# Expose the port that the application listens on.
|
|
EXPOSE 3000
|
|
|
|
HEALTHCHECK --interval=5s --timeout=3s --retries=3 \
|
|
CMD curl -f http://localhost:3000/health || exit 1
|
|
|
|
# What the container should run when it is started.
|
|
CMD ["/bin/server", "web", "--addr", "0.0.0.0:3000"]
|