feat: new Dockerfile (support musl)

mfactory-lab · Sep 18, 2023 · ff444a3 · ff444a3
1 parent 7dafc56
commit ff444a3
Showing 1 changed file with 103 additions and 32 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,45 +1,116 @@
-# syntax=docker/dockerfile:1.4
-# https://github.com/LukeMathWalker/cargo-chef
+ARG RUST_VERSION=1.72.0
+ARG ALPINE_VERSION=3.18
+ARG CARGO_BUILD_FEATURES=default
+ARG RUST_RELEASE_MODE=debug
+ARG UID=911
+ARG GID=911
 
-ARG APP_NAME=svt-agent
-ARG RUST_LOG=info
-ARG RUST_BACKTRACE=0
+# AMD64 builder base
+FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:x86_64-musl-stable-${RUST_VERSION}-openssl3 AS base-amd64
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV CARGO_HOME=/root/.cargo
+ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib
+
+RUN apt update && apt install -y \
+    --no-install-recommends \
+    git
+
+RUN mkdir -pv "${CARGO_HOME}" && \
+    rustup set profile minimal && \
+    rustup target add x86_64-unknown-linux-musl
+
+# ARM64 builder base
+FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION}-openssl3 AS base-arm64
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV CARGO_HOME=/root/.cargo
+ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib
+
+RUN apt update && apt install -y \
+    --no-install-recommends \
+    git
+
+RUN mkdir -pv "${CARGO_HOME}" && \
+    rustup set profile minimal && \
+    rustup target add aarch64-unknown-linux-musl
+
+# AMD64 builder
+FROM base-amd64 AS build-amd64
+
+ARG CARGO_BUILD_FEATURES
+ARG RUST_RELEASE_MODE
 
-FROM lukemathwalker/cargo-chef:latest-rust-1 AS chef
 WORKDIR /app
 
-FROM chef AS planner
-COPY Cargo.* .
-COPY src ./src
-RUN cargo chef prepare --recipe-path recipe.json
+#COPY Cargo.* .
+#COPY src ./src
+COPY . ./
+
+# Debug build
+RUN --mount=type=cache,target=/app/target set -ex; \
+    if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \
+#        echo "pub const VERSION: &str = \"$(git describe --tag)\";" > src/version.rs; \
+        cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \
+        mv target/x86_64-unknown-linux-musl/debug/svt-agent ./app; \
+    fi
 
-FROM chef AS cacher
-COPY --from=planner /app/recipe.json recipe.json
-# Build dependencies - this is the caching Docker layer!
-RUN --mount=type=cache,target=/usr/local/cargo/registry \
-    cargo chef cook --release --recipe-path recipe.json
+# Release build
+RUN set -ex; \
+    if [ "${RUST_RELEASE_MODE}" = "release" ]; then \
+#        echo "pub const VERSION: &str = \"$(git describe --tag)\";" > src/version.rs; \
+        cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \
+        mv target/x86_64-unknown-linux-musl/release/svt-agent ./app; \
+    fi
+
+# ARM64 builder
+FROM base-arm64 AS build-arm64
+
+ARG CARGO_BUILD_FEATURES
+ARG RUST_RELEASE_MODE
+
+WORKDIR /app
 
-FROM chef AS builder
 COPY Cargo.* .
 COPY src ./src
-COPY --from=cacher /app/target target
-COPY --from=cacher $CARGO_HOME $CARGO_HOME
-RUN cargo build --release
 
-# FROM scratch
-# FROM gcr.io/distroless/cc
-# FROM gcr.io/distroless/cc-debian1
-FROM gcr.io/distroless/cc AS final
+# Debug build
+RUN --mount=type=cache,target=/app/target set -ex; \
+    if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \
+#        echo "pub const VERSION: &str = \"$(git describe --tag)\";" > src/version.rs; \
+        cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \
+        mv target/aarch64-unknown-linux-musl/debug/svt-agent ./svt-agent; \
+    fi
 
-WORKDIR /app
+# Release build
+RUN set -ex; \
+    if [ "${RUST_RELEASE_MODE}" = "release" ]; then \
+#        echo "pub const VERSION: &str = \"$(git describe --tag)\";" > src/version.rs; \
+        cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \
+        mv target/aarch64-unknown-linux-musl/release/svt-agent ./svt-agent; \
+    fi
+
+# Get target binary
+FROM build-${TARGETARCH} AS build
+
+## Final image
+FROM alpine:${ALPINE_VERSION}
+
+ARG UID
+ARG GID
+
+RUN apk add --no-cache \
+    ca-certificates
+
+COPY --from=build --chmod=0755 /app/app /usr/local/bin
+
+RUN ls -la /usr/local/bin
+
+RUN addgroup -S -g ${GID} svt-agent && \
+    adduser -S -H -D -G svt-agent -u ${UID} -g "" -s /sbin/nologin svt-agent
 
-ARG APP_NAME
-ARG RUST_LOG
-ENV RUST_LOG=${RUST_LOG}
-ARG RUST_BACKTRACE
-ENV RUST_BACKTRACE=${RUST_BACKTRACE}
+USER svt-agent
 
-COPY --from=builder /app/target/release/${APP_NAME} /
-COPY ./ansible/ ./ansible
+CMD ["svt-agent"]
 
-ENTRYPOINT [ "/svt-agent" ]
+STOPSIGNAL SIGTERM