-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
59 lines (47 loc) · 2.12 KB
/
Copy pathDockerfile
File metadata and controls
59 lines (47 loc) · 2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# syntax=docker/dockerfile:1
# ---- Stage 1: build the Rust service ----
FROM rust:1-bookworm AS builder
WORKDIR /app
# Cache dependency compilation: copy manifests, build a dummy, then the real src.
COPY Cargo.toml Cargo.lock ./
RUN mkdir src && echo "fn main() {}" > src/main.rs \
&& cargo build --release \
&& rm -rf src
COPY src ./src
# Touch so cargo notices the real sources are newer than the dummy build.
RUN touch src/main.rs && cargo build --release
# ---- Stage 2: minimal runtime ----
# trixie (Debian 13) ships glibc >= 2.39, which the precompiled heimdall release
# binary requires; bookworm's 2.36 is too old. The app binary built on bookworm
# runs fine here (glibc is backwards compatible).
FROM debian:trixie-slim
# heimdall links OpenSSL 3 (libssl3 / libcrypto3); ca-certificates is needed for
# HTTPS RPC calls. No Rust toolchain in the runtime image.
RUN apt-get update \
&& apt-get install -y --no-install-recommends ca-certificates libssl3 curl \
&& rm -rf /var/lib/apt/lists/*
# Pin the heimdall version for reproducible builds. Override with
# `--build-arg HEIMDALL_VERSION=x.y.z`.
ARG HEIMDALL_VERSION=0.9.3
ARG TARGETARCH
RUN ARCH="${TARGETARCH:-$(dpkg --print-architecture)}" \
&& case "$ARCH" in \
amd64) HARCH=amd64 ;; \
arm64) HARCH=arm64 ;; \
*) echo "unsupported architecture: $ARCH" && exit 1 ;; \
esac \
&& curl -fsSL -o /usr/local/bin/heimdall \
"https://github.com/Jon-Becker/heimdall-rs/releases/download/${HEIMDALL_VERSION}/heimdall-linux-${HARCH}" \
&& chmod +x /usr/local/bin/heimdall \
&& /usr/local/bin/heimdall --version
COPY --from=builder /app/target/release/heimdall_api /usr/local/bin/heimdall_api
# Tell the service where heimdall lives (configurable; see src/config.rs).
ENV HEIMDALL_BIN=/usr/local/bin/heimdall
# Surface the pinned release version at runtime (e.g. in /health). heimdall's own
# --version string lags its release tags, so this build-arg value is the source
# of truth for which release was installed.
ENV HEIMDALL_VERSION=${HEIMDALL_VERSION}
ENV RUST_LOG=info
ENV BIND_ADDR=0.0.0.0:8080
EXPOSE 8080
CMD ["heimdall_api"]