diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..750a4ebf --- /dev/null +++ b/.dockerignore @@ -0,0 +1,12 @@ +/target +.env +/static +/docs +/.github +/docker +/tests +README.md +print_files.sh +.env-sample +/pubky/target +/examples diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 00000000..f7dac2fc --- /dev/null +++ b/Dockerfile @@ -0,0 +1,58 @@ +# ======================== +# Build Stage +# ======================== +FROM rust:1.81.0-alpine3.20 AS builder + +# Install build dependencies, including static OpenSSL libraries +RUN apk add --no-cache \ + musl-dev \ + openssl-dev \ + openssl-libs-static \ + pkgconfig \ + build-base \ + curl + +# Set environment variables for static linking with OpenSSL +ENV OPENSSL_STATIC=yes +ENV OPENSSL_LIB_DIR=/usr/lib +ENV OPENSSL_INCLUDE_DIR=/usr/include + +# Add the MUSL target for static linking +RUN rustup target add x86_64-unknown-linux-musl + +# Set the working directory +WORKDIR /usr/src/app + +# Copy over Cargo.toml and Cargo.lock for dependency caching +COPY Cargo.toml Cargo.lock ./ + +# Copy over all the source code +COPY . . + +# Build the project in release mode for the MUSL target +RUN cargo build --release --bin service --bin watcher --target x86_64-unknown-linux-musl + +# Strip the binaries to reduce size +RUN strip target/x86_64-unknown-linux-musl/release/service +RUN strip target/x86_64-unknown-linux-musl/release/watcher + +# ======================== +# Runtime Stage +# ======================== +FROM alpine:3.20 + +# Install runtime dependencies (only ca-certificates) +RUN apk add --no-cache ca-certificates + +# Copy the compiled binaries from the builder stage +COPY --from=builder /usr/src/app/target/x86_64-unknown-linux-musl/release/service /usr/local/bin/service +COPY --from=builder /usr/src/app/target/x86_64-unknown-linux-musl/release/watcher /usr/local/bin/watcher + +# Set the working directory +WORKDIR /usr/local/bin + +# Expose the port the service listens on +EXPOSE 8080 + +# Set the default command to run the service binary +CMD ["service"]