diff --git a/Dockerfile b/Dockerfile index abcc78f..c7d75a4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,32 +1,25 @@ -ARG base="alpine:3.17" +ARG base="alpine:3.18" -FROM ${base} AS bin-builder -# Disable static linking, see: https://users.rust-lang.org/t/sigsegv-with-program-linked-against-openssl-in-an-alpine-container/52172 +FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx +FROM --platform=$BUILDPLATFORM ${base} AS bin-builder + +ARG TARGETPLATFORM +COPY --from=xx / / + # Enable cargo sparse index for faster update times, see: https://blog.rust-lang.org/inside-rust/2023/01/30/cargo-sparse-protocol.html -ENV RUSTFLAGS='-C target-feature=-crt-static' \ - CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse -RUN apk add --no-cache cargo openssl-dev musl-dev -# This will build all dependencies and store them in docker's cache. -# This way, it won't be necessary to recompile everything everytime -COPY backend/Cargo.toml . -COPY backend/Cargo.lock . -RUN echo '[[bin]]' >> Cargo.toml && \ - echo 'name = "cache"' >> Cargo.toml && \ - echo 'path = "cache.rs"' >> Cargo.toml && \ - echo 'fn main() {eprintln!("Caching crates...")}' > cache.rs && \ - cargo build --release -RUN rm cache.rs && \ - rm Cargo.toml -# Build wimple-wkd -COPY backend/Cargo.toml . -COPY backend/src src -RUN cargo build --release +ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse + +RUN apk add clang lld musl-dev cargo +COPY backend . +RUN xx-cargo build --release --target-dir ./build && \ + xx-verify ./build/$(xx-cargo --print-target-triple)/release/simple-wkd +RUN mv ./build/$(xx-cargo --print-target-triple)/release/simple-wkd simple-wkd-executable FROM --platform=$BUILDPLATFORM ${base} AS webpage-builder -RUN apk add --no-cache npm +RUN apk add npm COPY website . RUN npm install -g pnpm && \ pnpm install && \ @@ -39,13 +32,11 @@ RUN mv dist assets/webpage FROM ${base} # The final image uses user `wkd` for added security -# It also installs libgcc, because the executable is dynamically linked to it WORKDIR /wkd -RUN apk add --no-cache libgcc && \ - adduser --no-create-home --disabled-password wkd && \ +RUN adduser --no-create-home --disabled-password wkd && \ chown -R wkd:wkd /wkd USER wkd COPY --from=webpage-builder assets assets -COPY --from=bin-builder target/release/simple-wkd wkd +COPY --from=bin-builder simple-wkd-executable wkd ENTRYPOINT [ "/wkd/wkd" ] \ No newline at end of file