From f5d9914b1021351fc224df33b33f6fe6a20075ed Mon Sep 17 00:00:00 2001 From: Vivek Revankar Date: Tue, 17 Sep 2024 20:08:23 -0700 Subject: [PATCH 1/8] add new dockerfiles --- Dockerfile.alpine | 49 +++++++++++++++++++++++++++++++++++++++++++++++ Dockerfile.ubuntu | 48 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 Dockerfile.alpine create mode 100644 Dockerfile.ubuntu diff --git a/Dockerfile.alpine b/Dockerfile.alpine new file mode 100644 index 00000000..125175e6 --- /dev/null +++ b/Dockerfile.alpine @@ -0,0 +1,49 @@ +# supported versions here: https://github.com/rust-lang/docker-rust/tree/9f287282d513a84cb7c7f38f197838f15d37b6a9/1.81.0 +ARG ALPINE_VERSION=3.20 + +######################## +## builder image +######################## +FROM rust:alpine${ALPINE_VERSION} AS builder + +RUN apk add --no-cache musl-dev + +WORKDIR /redlib + +# download (most) dependencies in their own layer +COPY Cargo.lock Cargo.toml ./ +RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs +RUN cargo fetch +RUN rm ./src/main.rs && rmdir ./src + +# copy the source and build the redlib binary +COPY . ./ +RUN cargo install --path . +RUN echo "finished building redlib!" + +######################## +## release image +######################## +FROM alpine:${ALPINE_VERSION} AS release + +# Import ca-certificates from builder +COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates +COPY --from=builder /etc/ssl/certs /etc/ssl/certs + +# Import redlib binary from builder +COPY --from=builder /usr/local/cargo/bin/redlib /usr/local/bin/redlib + +# Add non-root user for running redlib +RUN adduser --home /nonexistent --no-create-home --disabled-password redlib +USER redlib + +# Document that we intend to expose port 8080 to whoever runs the container +EXPOSE 8080 + +# Run a healthcheck every minute to make sure redlib is functional +HEALTHCHECK --interval=1m --timeout=3s CMD wget --spider --q http://localhost:8080/settings || exit 1 + +# Add container metadata +MAINTAINER sigaloid + +CMD ["redlib"] diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu new file mode 100644 index 00000000..f0eb4ef3 --- /dev/null +++ b/Dockerfile.ubuntu @@ -0,0 +1,48 @@ +# supported versions here: https://github.com/rust-lang/docker-rust/tree/9f287282d513a84cb7c7f38f197838f15d37b6a9/1.81.0 +ARG RUST_BUILDER_VERSION=bookworm +ARG UBUNTU_RELEASE_VERSION=jammy + +######################## +## builder image +######################## +FROM rust:${RUST_BUILDER_VERSION} AS builder + +WORKDIR /redlib + +# download (most) dependencies in their own layer +COPY Cargo.lock Cargo.toml ./ +RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs +RUN cargo fetch +RUN rm ./src/main.rs && rmdir ./src + +# copy the source and build the redlib binary +COPY . ./ +RUN cargo install --path . +RUN echo "finished building redlib!" + +######################## +## release image +######################## +FROM ubuntu:${UBUNTU_RELEASE_VERSION} AS release + +# Import ca-certificates from builder +COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates +COPY --from=builder /etc/ssl/certs /etc/ssl/certs + +# Import redlib binary from builder +COPY --from=builder /usr/local/cargo/bin/redlib /usr/local/bin/redlib + +# Add non-root user for running redlib +RUN adduser --no-create-home --disabled-password redlib +USER redlib + +# Document that we intend to expose port 8080 to whoever runs the container +EXPOSE 8080 + +# Run a healthcheck every minute to make sure redlib is functional +HEALTHCHECK --interval=1m --timeout=3s CMD wget --spider --q http://localhost:8080/settings || exit 1 + +# Add container metadata +MAINTAINER sigaloid + +CMD ["redlib"] From b3e2d1f9fd5c17dbd428f07bbe3430aa0d6769a6 Mon Sep 17 00:00:00 2001 From: Vivek Date: Sat, 21 Sep 2024 15:33:41 -0700 Subject: [PATCH 2/8] update default ubuntu base images --- Dockerfile.ubuntu | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index f0eb4ef3..e0680ad9 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -1,6 +1,6 @@ # supported versions here: https://github.com/rust-lang/docker-rust/tree/9f287282d513a84cb7c7f38f197838f15d37b6a9/1.81.0 -ARG RUST_BUILDER_VERSION=bookworm -ARG UBUNTU_RELEASE_VERSION=jammy +ARG RUST_BUILDER_VERSION=slim-bookworm +ARG UBUNTU_RELEASE_VERSION=noble ######################## ## builder image From 29c2111ab48c8a721978f1e33b6b67a068dcbd6a Mon Sep 17 00:00:00 2001 From: Vivek Revankar Date: Tue, 1 Oct 2024 03:10:14 +0000 Subject: [PATCH 3/8] updates --- Dockerfile.alpine | 10 +++------- Dockerfile.ubuntu | 17 ++++++++++------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 125175e6..41a2258e 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -13,12 +13,12 @@ WORKDIR /redlib # download (most) dependencies in their own layer COPY Cargo.lock Cargo.toml ./ RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs -RUN cargo fetch +RUN cargo build --release --locked --bin redlib RUN rm ./src/main.rs && rmdir ./src # copy the source and build the redlib binary COPY . ./ -RUN cargo install --path . +RUN cargo build --release --locked --bin redlib RUN echo "finished building redlib!" ######################## @@ -26,12 +26,8 @@ RUN echo "finished building redlib!" ######################## FROM alpine:${ALPINE_VERSION} AS release -# Import ca-certificates from builder -COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates -COPY --from=builder /etc/ssl/certs /etc/ssl/certs - # Import redlib binary from builder -COPY --from=builder /usr/local/cargo/bin/redlib /usr/local/bin/redlib +COPY --from=builder /redlib/target/release/redlib /usr/local/bin/redlib # Add non-root user for running redlib RUN adduser --home /nonexistent --no-create-home --disabled-password redlib diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index e0680ad9..0a228280 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -12,12 +12,12 @@ WORKDIR /redlib # download (most) dependencies in their own layer COPY Cargo.lock Cargo.toml ./ RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs -RUN cargo fetch +RUN cargo build --release --locked --bin redlib RUN rm ./src/main.rs && rmdir ./src # copy the source and build the redlib binary COPY . ./ -RUN cargo install --path . +RUN cargo build --release --locked --bin redlib RUN echo "finished building redlib!" ######################## @@ -25,15 +25,18 @@ RUN echo "finished building redlib!" ######################## FROM ubuntu:${UBUNTU_RELEASE_VERSION} AS release -# Import ca-certificates from builder -COPY --from=builder /usr/share/ca-certificates /usr/share/ca-certificates -COPY --from=builder /etc/ssl/certs /etc/ssl/certs +# Install ca-certificates +RUN apt-get update && apt-get install -y ca-certificates # Import redlib binary from builder -COPY --from=builder /usr/local/cargo/bin/redlib /usr/local/bin/redlib +COPY --from=builder /redlib/target/release/redlib /usr/local/bin/redlib # Add non-root user for running redlib -RUN adduser --no-create-home --disabled-password redlib +RUN useradd \ + --no-create-home \ + --password "!" \ + --comment "user for running redlib" \ + redlib USER redlib # Document that we intend to expose port 8080 to whoever runs the container From 37aa633b435422f2d804b70612b21b844a0880b6 Mon Sep 17 00:00:00 2001 From: Vivek Revankar Date: Tue, 1 Oct 2024 03:13:39 +0000 Subject: [PATCH 4/8] update comment --- Dockerfile.alpine | 2 +- Dockerfile.ubuntu | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 41a2258e..2c43b6b1 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,4 +1,4 @@ -# supported versions here: https://github.com/rust-lang/docker-rust/tree/9f287282d513a84cb7c7f38f197838f15d37b6a9/1.81.0 +# supported versions here: https://hub.docker.com/_/rust ARG ALPINE_VERSION=3.20 ######################## diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index 0a228280..83cb4464 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -1,4 +1,4 @@ -# supported versions here: https://github.com/rust-lang/docker-rust/tree/9f287282d513a84cb7c7f38f197838f15d37b6a9/1.81.0 +# supported versions here: https://hub.docker.com/_/rust ARG RUST_BUILDER_VERSION=slim-bookworm ARG UBUNTU_RELEASE_VERSION=noble From 8d3afc7461b960a4d630919f586627baddca58b6 Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 1 Oct 2024 22:22:18 -0700 Subject: [PATCH 5/8] update cargo command Co-authored-by: Pim --- Dockerfile.alpine | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 2c43b6b1..99bc12f8 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -13,7 +13,7 @@ WORKDIR /redlib # download (most) dependencies in their own layer COPY Cargo.lock Cargo.toml ./ RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs -RUN cargo build --release --locked --bin redlib +RUN cargo build --release --locked RUN rm ./src/main.rs && rmdir ./src # copy the source and build the redlib binary From 25b527ec3fc1b70f0c2d9b2f490867ac2dc1c24d Mon Sep 17 00:00:00 2001 From: Vivek Date: Tue, 1 Oct 2024 22:22:28 -0700 Subject: [PATCH 6/8] update cargo command Co-authored-by: Pim --- Dockerfile.ubuntu | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index 83cb4464..f357dba7 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -12,7 +12,7 @@ WORKDIR /redlib # download (most) dependencies in their own layer COPY Cargo.lock Cargo.toml ./ RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs -RUN cargo build --release --locked --bin redlib +RUN cargo build --release --locked RUN rm ./src/main.rs && rmdir ./src # copy the source and build the redlib binary From 10e3bf2e439ba00cabe404690be2a288d46f8362 Mon Sep 17 00:00:00 2001 From: Vivek Revankar Date: Thu, 21 Nov 2024 17:32:21 -0800 Subject: [PATCH 7/8] specify binary --- Dockerfile.alpine | 2 +- Dockerfile.ubuntu | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 99bc12f8..2c43b6b1 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -13,7 +13,7 @@ WORKDIR /redlib # download (most) dependencies in their own layer COPY Cargo.lock Cargo.toml ./ RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs -RUN cargo build --release --locked +RUN cargo build --release --locked --bin redlib RUN rm ./src/main.rs && rmdir ./src # copy the source and build the redlib binary diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index f357dba7..83cb4464 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -12,7 +12,7 @@ WORKDIR /redlib # download (most) dependencies in their own layer COPY Cargo.lock Cargo.toml ./ RUN mkdir src && echo "fn main() { panic!(\"why am i running?\") }" > src/main.rs -RUN cargo build --release --locked +RUN cargo build --release --locked --bin redlib RUN rm ./src/main.rs && rmdir ./src # copy the source and build the redlib binary From 282df1162f73b331e02814ac82b82dd63d11660d Mon Sep 17 00:00:00 2001 From: Vivek Revankar Date: Thu, 21 Nov 2024 19:01:54 -0800 Subject: [PATCH 8/8] use label instead of maintainer --- Dockerfile.alpine | 2 +- Dockerfile.ubuntu | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 2c43b6b1..051476a7 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -40,6 +40,6 @@ EXPOSE 8080 HEALTHCHECK --interval=1m --timeout=3s CMD wget --spider --q http://localhost:8080/settings || exit 1 # Add container metadata -MAINTAINER sigaloid +LABEL org.opencontainers.image.authors="sigaloid" CMD ["redlib"] diff --git a/Dockerfile.ubuntu b/Dockerfile.ubuntu index 83cb4464..2e277c5a 100644 --- a/Dockerfile.ubuntu +++ b/Dockerfile.ubuntu @@ -46,6 +46,6 @@ EXPOSE 8080 HEALTHCHECK --interval=1m --timeout=3s CMD wget --spider --q http://localhost:8080/settings || exit 1 # Add container metadata -MAINTAINER sigaloid +LABEL org.opencontainers.image.authors="sigaloid" CMD ["redlib"]