-
Notifications
You must be signed in to change notification settings - Fork 16
/
Dockerfile.server
82 lines (76 loc) · 2.69 KB
/
Dockerfile.server
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# syntax=docker/dockerfile:1.4
ARG ENABLE_SCCACHE=0
ARG SCCACHE_BUCKET
ARG SCCACHE_REGION
ARG SCCACHE_S3_KEY_PREFIX
FROM scratch as source
COPY --link Cargo.lock .
COPY --link Cargo.toml .
COPY --link src src
COPY --link .cargo .cargo
FROM scratch as vendor
COPY --link vendor vendor
FROM public.ecr.aws/docker/library/rust:alpine@sha256:4a7925c3974fab3fb68b3f4d93d1a4a36cb201f9f87b01014def219b125f1960 as toolchain
ARG ENABLE_SCCACHE
COPY --link rust-toolchain.toml .
RUN cargo version
RUN apk add --no-cache \
git \
musl-dev \
openssl-dev \
pkgconfig \
protobuf
RUN [ "$ENABLE_SCCACHE" == "1" ] && apk add --no-cache sccache || true
RUN cargo install cargo-chef
ENV PROTOC=/usr/bin/protoc
FROM toolchain as planner
WORKDIR /usr/src/server
COPY --from=vendor . .
COPY --from=core . ../core
COPY --from=source . .
RUN cargo --locked chef prepare --bin server --recipe-path recipe.json
FROM toolchain as builder
ARG ENABLE_SCCACHE
ARG SCCACHE_BUCKET
ARG SCCACHE_REGION
ARG SCCACHE_S3_KEY_PREFIX
WORKDIR /usr/src/server
COPY --from=vendor . .
COPY --from=core . ../core
COPY --from=planner /usr/src/server/recipe.json recipe.json
RUN --mount=type=secret,id=AWS_ACCESS_KEY_ID --mount=type=secret,id=AWS_SECRET_ACCESS_KEY --mount=type=secret,id=AWS_SESSION_TOKEN <<EOF
if [ "$ENABLE_SCCACHE" == "1" ]; then
export RUSTC_WRAPPER=sccache
export AWS_ACCESS_KEY_ID=$(cat /run/secrets/AWS_ACCESS_KEY_ID)
export AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/AWS_SECRET_ACCESS_KEY)
export AWS_SESSION_TOKEN=$(cat /run/secrets/AWS_SESSION_TOKEN)
fi
cargo --locked chef cook --release --bin server --recipe-path recipe.json
if [ "$ENABLE_SCCACHE" == "1" ]; then
sccache --show-stats
fi
EOF
COPY --from=source . .
RUN --mount=type=secret,id=AWS_ACCESS_KEY_ID --mount=type=secret,id=AWS_SECRET_ACCESS_KEY --mount=type=secret,id=AWS_SESSION_TOKEN <<EOF
if [ "$ENABLE_SCCACHE" == "1" ]; then
export RUSTC_WRAPPER=sccache
export AWS_ACCESS_KEY_ID=$(cat /run/secrets/AWS_ACCESS_KEY_ID)
export AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/AWS_SECRET_ACCESS_KEY)
export AWS_SESSION_TOKEN=$(cat /run/secrets/AWS_SESSION_TOKEN)
fi
cargo --locked install --bin server --features partnerships --path src/api/server
if [ "$ENABLE_SCCACHE" == "1" ]; then
sccache --show-stats
fi
EOF
FROM public.ecr.aws/docker/library/alpine@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b as deployable
COPY --from=builder /usr/local/cargo/bin/server /server
COPY --link src/api/Rocket.toml .
COPY --link src/api/resources resources
# needed to support ring (which we pull in via jsonwebtoken)
RUN apk add --no-cache libc6-compat
EXPOSE 80/tcp
ENV ROCKET_PROFILE=development
ENV OTEL_BSP_SCHEDULE_DELAY=500
ENTRYPOINT ["/server"]
CMD ["server"]