-
Notifications
You must be signed in to change notification settings - Fork 44
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
overhaul dockerfile update container workflow
- Loading branch information
Showing
5 changed files
with
209 additions
and
111 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
name: Container (Docker) | ||
|
||
on: | ||
push: | ||
pull_request: | ||
|
||
env: | ||
CARGO_TERM_COLOR: always | ||
|
||
jobs: | ||
test: | ||
name: Test | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- id: checkout | ||
name: Checkout Repository | ||
uses: actions/checkout@v3 | ||
|
||
- id: setup | ||
name: Setup Toolchain | ||
uses: docker/setup-buildx-action@v2 | ||
|
||
- id: build | ||
name: Build | ||
uses: docker/build-push-action@v4 | ||
with: | ||
push: false | ||
load: true | ||
tags: torrust-tracker:local | ||
cache-from: type=gha | ||
cache-to: type=gha,mode=max | ||
|
||
- id: inspect | ||
name: Inspect | ||
run: docker image inspect torrust-tracker:local | ||
|
||
- id: compose | ||
name: Compose | ||
run: docker compose build |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,80 +1,146 @@ | ||
FROM clux/muslrust:stable AS chef | ||
WORKDIR /app | ||
RUN cargo install cargo-chef | ||
|
||
|
||
FROM chef AS planner | ||
WORKDIR /app | ||
COPY . . | ||
RUN cargo chef prepare --recipe-path recipe.json | ||
|
||
|
||
FROM chef as development | ||
WORKDIR /app | ||
ARG UID=1000 | ||
ARG RUN_AS_USER=appuser | ||
ARG TRACKER_UDP_PORT=6969 | ||
ARG TRACKER_HTTP_PORT=7070 | ||
ARG TRACKER_API_PORT=1212 | ||
# Add the app user for development | ||
ENV USER=appuser | ||
ENV UID=$UID | ||
RUN adduser --uid "${UID}" "${USER}" | ||
# Build dependencies | ||
COPY --from=planner /app/recipe.json recipe.json | ||
RUN cargo chef cook --recipe-path recipe.json | ||
# Build the application | ||
COPY . . | ||
RUN cargo build --bin torrust-tracker | ||
USER $RUN_AS_USER:$RUN_AS_USER | ||
EXPOSE $TRACKER_UDP_PORT/udp | ||
EXPOSE $TRACKER_HTTP_PORT/tcp | ||
EXPOSE $TRACKER_API_PORT/tcp | ||
CMD ["cargo", "run"] | ||
|
||
|
||
FROM chef AS builder | ||
WORKDIR /app | ||
ARG UID=1000 | ||
# Add the app user for production | ||
ENV USER=appuser | ||
ENV UID=$UID | ||
RUN adduser \ | ||
--disabled-password \ | ||
--gecos "" \ | ||
--home "/nonexistent" \ | ||
--shell "/sbin/nologin" \ | ||
--no-create-home \ | ||
--uid "${UID}" \ | ||
"${USER}" | ||
# Build dependencies | ||
COPY --from=planner /app/recipe.json recipe.json | ||
RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json | ||
# Build the application | ||
COPY . . | ||
RUN cargo build --release --target x86_64-unknown-linux-musl --bin torrust-tracker | ||
# Strip the binary | ||
# More info: https://github.com/LukeMathWalker/cargo-chef/issues/149 | ||
RUN strip /app/target/x86_64-unknown-linux-musl/release/torrust-tracker | ||
|
||
|
||
FROM alpine:latest | ||
WORKDIR /app | ||
ARG RUN_AS_USER=appuser | ||
ARG TRACKER_UDP_PORT=6969 | ||
ARG TRACKER_HTTP_PORT=7070 | ||
ARG TRACKER_API_PORT=1212 | ||
RUN apk --no-cache add ca-certificates | ||
# syntax=docker/dockerfile:latest | ||
|
||
# Torrust Tracker | ||
|
||
## Builder Image | ||
FROM rust:latest as chef | ||
WORKDIR /tmp | ||
RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash | ||
RUN cargo binstall --no-confirm cargo-chef cargo-nextest | ||
|
||
|
||
## Tester Image | ||
FROM rust:slim as tester | ||
WORKDIR /tmp | ||
### (fixme) https://github.com/cargo-bins/cargo-binstall/issues/1252 | ||
RUN apt-get update; apt-get install -y curl; apt-get autoclean | ||
RUN curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash | ||
RUN cargo binstall --no-confirm cargo-nextest | ||
|
||
|
||
## Chef Prepare (look at project and see wat we need) | ||
FROM chef AS recipe | ||
WORKDIR /build/src | ||
COPY . /build/src | ||
RUN cargo chef prepare --recipe-path /build/recipe.json | ||
|
||
|
||
## Cook (debug) | ||
FROM chef AS dependencies_debug | ||
WORKDIR /build/src | ||
COPY --from=recipe /build/recipe.json /build/recipe.json | ||
RUN cargo chef cook --tests --benches --examples --workspace --all-targets --all-features --recipe-path /build/recipe.json | ||
RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/temp.tar.zst ; rm /build/temp.tar.zst | ||
|
||
## Cook (release) | ||
FROM chef AS dependencies | ||
WORKDIR /build/src | ||
COPY --from=recipe /build/recipe.json /build/recipe.json | ||
RUN cargo chef cook --tests --benches --examples --workspace --all-targets --all-features --recipe-path /build/recipe.json --release | ||
RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/temp.tar.zst --release ; rm /build/temp.tar.zst | ||
|
||
|
||
## Build Archive (debug) | ||
FROM dependencies_debug AS build_debug | ||
WORKDIR /build/src | ||
COPY . /build/src | ||
RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/torrust-tracker-debug.tar.zst | ||
|
||
## Build Archive (release) | ||
FROM dependencies AS build | ||
WORKDIR /build/src | ||
COPY . /build/src | ||
RUN cargo nextest archive --tests --benches --examples --workspace --all-targets --all-features --archive-file /build/torrust-tracker.tar.zst --release | ||
|
||
|
||
# Extract and Test (debug) | ||
FROM tester as test_debug | ||
WORKDIR /test | ||
COPY . /test/src | ||
COPY --from=build_debug \ | ||
/build/torrust-tracker-debug.tar.zst \ | ||
/test/torrust-tracker-debug.tar.zst | ||
RUN mkdir -p /test/test | ||
RUN cargo nextest run --workspace-remap /test/src/ --extract-to /test/src/ --no-run --archive-file /test/torrust-tracker-debug.tar.zst | ||
RUN cargo nextest run --workspace-remap /test/src/ --target-dir-remap /test/src/target/ --cargo-metadata /test/src/target/nextest/cargo-metadata.json --binaries-metadata /test/src/target/nextest/binaries-metadata.json | ||
|
||
RUN mkdir -p /app/bin/; cp -l /test/src/target/debug/torrust-tracker /app/bin/torrust-tracker | ||
RUN mkdir /app/lib/; cp -l $(realpath $(ldd /app/bin/torrust-tracker | grep "libz\.so\.1" | awk '{print $3}')) /app/lib/libz.so.1 | ||
|
||
RUN chown -R root:root /app | ||
RUN chmod -R u=rw,go=r,a+X /app | ||
RUN chmod -R a+x /app/bin | ||
|
||
# Extract and Test (release) | ||
FROM tester as test | ||
WORKDIR /test | ||
COPY . /test/src | ||
COPY --from=build \ | ||
/build/torrust-tracker.tar.zst \ | ||
/test/torrust-tracker.tar.zst | ||
RUN cargo nextest run --workspace-remap /test/src/ --extract-to /test/src/ --no-run --archive-file /test/torrust-tracker.tar.zst | ||
RUN cargo nextest run --workspace-remap /test/src/ --target-dir-remap /test/src/target/ --cargo-metadata /test/src/target/nextest/cargo-metadata.json --binaries-metadata /test/src/target/nextest/binaries-metadata.json | ||
|
||
RUN mkdir -p /app/bin/; cp -l /test/src/target/release/torrust-tracker /app/bin/torrust-tracker | ||
RUN mkdir /app/lib/; cp -l $(realpath $(ldd /app/bin/torrust-tracker | grep "libz\.so\.1" | awk '{print $3}')) /app/lib/libz.so.1 | ||
|
||
RUN chown -R root:root /app | ||
RUN chmod -R u=rw,go=r,a+X /app | ||
RUN chmod -R a+x /app/bin | ||
|
||
|
||
## Torrust-Tracker (debug) | ||
FROM gcr.io/distroless/cc:debug as tracker_debug | ||
|
||
RUN ["/busybox/cp", "-sp", "/busybox/sh", "/bin/sh"] | ||
ENV ENV=/etc/profile | ||
|
||
ARG USER_ID=1000 | ||
ARG USER_NAME=appuser | ||
ARG UDP_PORT=6969 | ||
ARG HTTP_PORT=7070 | ||
ARG API_PORT=1212 | ||
|
||
ENV USER_ID=${USER_ID} | ||
ENV USER_NAME=${USER_NAME} | ||
ENV UDP_PORT=${UDP_PORT} | ||
ENV HTTP_PORT=${HTTP_PORT} | ||
ENV API_PORT=${API_PORT} | ||
ENV TZ=Etc/UTC | ||
|
||
EXPOSE ${UDP_PORT}/udp | ||
EXPOSE ${HTTP_PORT}/tcp | ||
EXPOSE ${API_PORT}/tcp | ||
|
||
COPY --from=test_debug /app/ /usr/ | ||
|
||
RUN printf "\n in debug mode \n \n run 'exec /usr/bin/torrust-tracker' (debug build) to start tracker \n \n" > /etc/motd | ||
RUN echo '[ ! -z "$TERM" -a -r /etc/motd ] && cat /etc/motd' >> /etc/profile | ||
|
||
WORKDIR /home/${USER_NAME} | ||
RUN adduser --disabled-password --uid "${USER_ID}" "${USER_NAME}" | ||
USER "${USER_NAME}":"${USER_NAME}" | ||
|
||
RUN env | ||
|
||
## Torrust-Tracker (release) (default) | ||
FROM gcr.io/distroless/cc:nonroot as tracker | ||
COPY --from=gcr.io/distroless/cc:debug /busybox/wget /usr/bin/wget | ||
COPY --from=test /app/ /usr/ | ||
|
||
ARG UDP_PORT=6969 | ||
ARG HTTP_PORT=7070 | ||
ARG API_PORT=1212 | ||
|
||
ENV UDP_PORT=${UDP_PORT} | ||
ENV HTTP_PORT=${HTTP_PORT} | ||
ENV API_PORT=${API_PORT} | ||
ENV TZ=Etc/UTC | ||
ENV RUN_AS_USER=$RUN_AS_USER | ||
COPY --from=builder /etc/passwd /etc/passwd | ||
COPY --from=builder /etc/group /etc/group | ||
COPY --from=builder --chown=$RUN_AS_USER \ | ||
/app/target/x86_64-unknown-linux-musl/release/torrust-tracker \ | ||
/app/torrust-tracker | ||
RUN chown -R $RUN_AS_USER:$RUN_AS_USER /app | ||
USER $RUN_AS_USER:$RUN_AS_USER | ||
EXPOSE $TRACKER_UDP_PORT/udp | ||
EXPOSE $TRACKER_HTTP_PORT/tcp | ||
EXPOSE $TRACKER_API_PORT/tcp | ||
ENTRYPOINT ["/app/torrust-tracker"] | ||
|
||
EXPOSE ${UDP_PORT}/udp | ||
EXPOSE ${HTTP_PORT}/tcp | ||
EXPOSE ${API_PORT}/tcp | ||
|
||
# HEALTHCHECK ["/usr/bin/wget", "--no-verbose", "--tries=1", "--spider", "localhost:${API_PORT}/version"] | ||
|
||
CMD ["/usr/bin/torrust-tracker"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.