dev: container work

overhaul dockerfile
update container workflow

.github/workflows/container.yml

@@ -0,0 +1,40 @@
+name: Container (Docker)
+
+on:
+  push:
+  pull_request:
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - id: checkout
+        name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - id: setup
+        name: Setup Toolchain
+        uses: docker/setup-buildx-action@v2
+
+      - id: build
+        name: Build
+        uses: docker/build-push-action@v4
+        with:
+          push: false
+          load: true
+          tags: torrust-tracker:local
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - id: inspect
+        name: Inspect
+        run: docker image inspect torrust-tracker:local
+
+      - id: compose
+        name: Compose
+        run: docker compose build

Dockerfile

@@ -1,80 +1,143 @@
-FROM clux/muslrust:stable AS chef
-WORKDIR /app
-RUN cargo install cargo-chef
+# syntax=docker/dockerfile:latest
 
+# Torrust Tracker Index
 
-FROM chef AS planner
-WORKDIR /app
-COPY . .
-RUN cargo chef prepare --recipe-path recipe.json
+## Builder Image
+FROM rust:latest as chef
+WORKDIR /tmp
+RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
+RUN cargo binstall --no-confirm cargo-chef cargo-nextest
 
+## Tester Image
+FROM rust:slim as tester
+WORKDIR /tmp
+### (fixme) https://github.com/cargo-bins/cargo-binstall/issues/1252
+RUN apt-get update; apt-get install -y curl; apt-get autoclean
+RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash
+RUN cargo binstall --no-confirm cargo-nextest
 
-FROM chef as development
-WORKDIR /app
-ARG UID=1000
-ARG RUN_AS_USER=appuser
-ARG TRACKER_UDP_PORT=6969
-ARG TRACKER_HTTP_PORT=7070
-ARG TRACKER_API_PORT=1212
-# Add the app user for development
-ENV USER=appuser
-ENV UID=$UID
-RUN adduser --uid "${UID}" "${USER}"
-# Build dependencies
-COPY --from=planner /app/recipe.json recipe.json
-RUN cargo chef cook --recipe-path recipe.json
-# Build the application
-COPY . .
-RUN cargo build --bin torrust-tracker
-USER $RUN_AS_USER:$RUN_AS_USER
-EXPOSE $TRACKER_UDP_PORT/udp
-EXPOSE $TRACKER_HTTP_PORT/tcp
-EXPOSE $TRACKER_API_PORT/tcp  
-CMD ["cargo", "run"]
-
-
-FROM chef AS builder
+
+## Chef Prepare (look at project and see wat we need)
+FROM chef AS recipe
+COPY . /app/src
+WORKDIR /app/src
+RUN cargo chef prepare --recipe-path /app/recipe.json
+
+
+## Cook (release)
+FROM chef AS dependencies
+WORKDIR /app/src
+COPY --from=recipe /app/recipe.json /app/recipe.json
+RUN cargo chef cook --tests --benches --examples --workspace --all-targets --all-features --recipe-path /app/recipe.json --release
+RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /app/temp.tar.zst --release  ; rm /app/temp.tar.zst
+
+## Cook (debug)
+FROM chef AS dependencies_debug
+WORKDIR /app/src
+COPY --from=recipe /app/recipe.json /app/recipe.json
+RUN cargo chef cook --tests --benches --examples --workspace --all-targets --all-features --recipe-path /app/recipe.json
+RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /app/temp.tar.zst ; rm /app/temp.tar.zst
+
+
+## Build Archive (release)
+FROM dependencies AS build
+WORKDIR /app/src
+COPY . /app/src
+RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /app/torrust-tracker.tar.zst --release
+
+## Build Archive (debug)
+FROM dependencies_debug AS build_debug
+WORKDIR /app/src
+COPY . /app/src
+RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /app/torrust-tracker-debug.tar.zst
+
+
+# Extract and Test (release)
+FROM tester as test
 WORKDIR /app
-ARG UID=1000
-# Add the app user for production
-ENV USER=appuser
-ENV UID=$UID
-RUN adduser \
-  --disabled-password \
-  --gecos "" \
-  --home "/nonexistent" \
-  --shell "/sbin/nologin" \
-  --no-create-home \
-  --uid "${UID}" \
-  "${USER}"  
-# Build dependencies
-COPY --from=planner /app/recipe.json recipe.json
-RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json
-# Build the application
-COPY . .
-RUN cargo build --release --target x86_64-unknown-linux-musl --bin torrust-tracker
-# Strip the binary
-# More info: https://github.com/LukeMathWalker/cargo-chef/issues/149
-RUN strip /app/target/x86_64-unknown-linux-musl/release/torrust-tracker
-
-
-FROM alpine:latest
+COPY . /app/src
+COPY --from=build \
+  /app/torrust-tracker.tar.zst \
+  /app/torrust-tracker.tar.zst
+RUN cargo nextest run --workspace-remap /app/src/ --extract-to /app/src/ --no-run --archive-file /app/torrust-tracker.tar.zst
+RUN cargo nextest run --workspace-remap /app/src/ --cargo-metadata /app/src/target/nextest/cargo-metadata.json --binaries-metadata /app/src/target/nextest/binaries-metadata.json
+RUN mkdir -p /app/bin/; cp --link /app/src/target/release/torrust-tracker /app/bin/torrust-tracker
+RUN chmod -R u=rwx,go=rx,a+X /app/bin
+RUN chown -R root:root /app/bin
+RUN mkdir /app/lib/; cp $(realpath $(ldd /app/bin/torrust-tracker | grep "libz\.so\.1" | awk '{print $3}')) /app/lib/libz.so.1
+
+
+# Extract and Test (debug)
+FROM tester as test_debug
 WORKDIR /app
-ARG RUN_AS_USER=appuser
-ARG TRACKER_UDP_PORT=6969
-ARG TRACKER_HTTP_PORT=7070
-ARG TRACKER_API_PORT=1212
-RUN apk --no-cache add ca-certificates
+COPY . /app/src
+COPY --from=build_debug \
+  /app/torrust-tracker-debug.tar.zst \
+  /app/torrust-tracker-debug.tar.zst
+RUN mkdir -p /app/test
+RUN cargo nextest run --workspace-remap /app/src/ --extract-to /app/src/ --no-run --archive-file /app/torrust-tracker-debug.tar.zst
+RUN cargo nextest run --workspace-remap /app/src/ --cargo-metadata /app/src/target/nextest/cargo-metadata.json --binaries-metadata /app/src/target/nextest/binaries-metadata.json
+RUN mkdir -p /app/bin/; cp --link /app/src/target/debug/torrust-tracker /app/bin/torrust-tracker
+RUN chmod -R u=rwx,go=rx,a+X /app/bin
+RUN chown -R root:root /app/bin
+RUN mkdir /app/lib/; cp -p $(realpath $(ldd /app/bin/torrust-tracker | grep "libz\.so\.1" | awk '{print $3}')) /app/lib/libz.so.1
+
+
+## Torrust-Tracker (release)
+FROM gcr.io/distroless/cc:nonroot as tracker
+ARG UDP_PORT=6969
+ARG HTTP_PORT=7070
+ARG API_PORT=1212
+
+ENV UDP_PORT=${UDP_PORT}
+ENV HTTP_PORT=${HTTP_PORT}
+ENV API_PORT=${API_PORT}
+ENV TZ=Etc/UTC
+
+EXPOSE ${UDP_PORT}/udp
+EXPOSE ${HTTP_PORT}/tcp
+EXPOSE ${API_PORT}/tcp
+
+COPY --from=test /app/bin /usr/bin
+COPY --from=test /app/lib /usr/lib
+
+## Torrust-Tracker (debug)
+FROM gcr.io/distroless/cc:debug as tracker_debug
+
+RUN ["/busybox/cp", "-sp", "/busybox/sh", "/bin/sh"]
+ENV ENV=/etc/profile
+
+ARG USER_ID=1000
+ARG USER_NAME=appuser
+ARG UDP_PORT=6969
+ARG HTTP_PORT=7070
+ARG API_PORT=1212
+
+ENV USER_ID=${USER_ID}
+ENV USER_NAME=${USER_NAME}
+ENV UDP_PORT=${UDP_PORT}
+ENV HTTP_PORT=${HTTP_PORT}
+ENV API_PORT=${API_PORT}
 ENV TZ=Etc/UTC
-ENV RUN_AS_USER=$RUN_AS_USER
-COPY --from=builder /etc/passwd /etc/passwd
-COPY --from=builder /etc/group /etc/group
-COPY --from=builder --chown=$RUN_AS_USER \
-  /app/target/x86_64-unknown-linux-musl/release/torrust-tracker \
-  /app/torrust-tracker
-RUN chown -R $RUN_AS_USER:$RUN_AS_USER /app
-USER $RUN_AS_USER:$RUN_AS_USER
-EXPOSE $TRACKER_UDP_PORT/udp
-EXPOSE $TRACKER_HTTP_PORT/tcp
-EXPOSE $TRACKER_API_PORT/tcp
-ENTRYPOINT ["/app/torrust-tracker"]
+
+EXPOSE ${UDP_PORT}/udp
+EXPOSE ${HTTP_PORT}/tcp
+EXPOSE ${API_PORT}/tcp
+
+COPY --from=test_debug /app/bin /usr/bin
+COPY --from=test_debug /app/lib /usr/lib
+RUN chmod -R u=rwx,go=rx,a+X /usr/bin
+RUN chown -R root:root /usr/bin
+
+RUN printf "\n in debug mode \n \n run 'exec /app/bin/torrust-tracker' (debug build) to start tracker \n \n" > /etc/motd
+RUN echo '[ ! -z "$TERM" -a -r /etc/motd ] && cat /etc/motd' >> /etc/profile.d/motd.sh
+
+RUN adduser --disabled-password --uid "${USER_ID}" "${USER_NAME}"
+USER "${USER_NAME}":"${USER_NAME}"
+
+RUN env
+
+
+## Run Release by Default
+FROM tracker as default
+CMD /usr/bin/torrust-tracker

cSpell.json

@@ -1,8 +1,10 @@
 {
     "words": [
+        "adduser",
         "alekitto",
         "appuser",
         "Arvid",
+        "autoclean",
         "AUTOINCREMENT",
         "automock",
         "Avicora",
@@ -12,6 +14,7 @@
         "bencoded",
         "beps",
         "binascii",
+        "binstall",
         "Bitflu",
         "bools",
         "bufs",
@@ -26,11 +29,13 @@
         "codegen",
         "completei",
         "connectionless",
+        "distroless",
         "dockerhub",
         "downloadedi",
         "dtolnay",
         "filesd",
         "Freebox",
+        "gecos",
         "Grcov",
         "hasher",
         "hexlify",
@@ -49,6 +54,7 @@
         "leechers",
         "libsqlite",
         "libtorrent",
+        "libz",
         "Lphant",
         "metainfo",
         "middlewares",
@@ -59,14 +65,18 @@
         "nanos",
         "nextest",
         "nocapture",
+        "nologin",
+        "nonroot",
         "Norberg",
         "numwant",
         "oneshot",
         "ostr",
         "Pando",
         "proot",
+        "proto",
         "Quickstart",
         "Rasterbar",
+        "realpath",
         "reannounce",
         "repr",
         "reqwest",
@@ -88,6 +98,7 @@
         "Swiftbit",
         "taiki",
         "thiserror",
+        "tlsv",
         "Torrentstorm",
         "torrust",
         "torrustracker",
@@ -106,5 +117,8 @@
         "Xunlei",
         "xxxxxxxxxxxxxxxxxxxxd",
         "yyyyyyyyyyyyyyyyyyyyd"
+    ],
+    "enableFiletypes": [
+        "dockerfile"
     ]
 }

compose.yaml

@@ -2,10 +2,14 @@ name: torrust
 services:
 
   tracker:
+    image: torrust-tracker:local
     build:
       context: .
-      target: development
-    user: ${TORRUST_TRACKER_USER_UID:-1000}:${TORRUST_TRACKER_USER_UID:-1000}
+      tags:
+        - torrust-tracker:local
+    pull_policy: missing
+
+    user: ${USER_UID:-1000}:${USER_UID:-1000}
     tty: true
     networks:
       - server_side
@@ -14,8 +18,8 @@ services:
       - 7070:7070
       - 1212:1212
     volumes:
-      - ./:/app
-      - ~/.cargo:/home/appuser/.cargo
+      - ./:/app/src
+      - ./storage:/app/storage
     depends_on:
       - mysql