Dockerfile templates for rust projects

This commit is contained in:
Fabian Schmidt 2024-09-16 12:38:41 +02:00
commit 33e73ecf5b
8 changed files with 181 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/target

7
Cargo.lock generated Normal file
View File

@ -0,0 +1,7 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "small-rust"
version = "0.1.0"

11
Cargo.toml Normal file
View File

@ -0,0 +1,11 @@
[package]
name = "small-rust"
version = "0.1.0"
edition = "2021"
[dependencies]
[profile.release]
lto = true
codegen-units = 1
strip = "symbols"

10
docker-compose.yml Normal file
View File

@ -0,0 +1,10 @@
services:
small-rust-distroless:
build:
dockerfile: ./docker/distroless.Dockerfile
small-rust-alpine:
build:
dockerfile: ./docker/alpine.Dockerfile
small-rust-scratch:
build:
dockerfile: ./docker/scratch.Dockerfile

56
docker/alpine.Dockerfile Executable file
View File

@ -0,0 +1,56 @@
####################################################################################################
## Builder
####################################################################################################
FROM rust:1-alpine3.19
# This is important, see https://github.com/rust-lang/docker-rust/issues/85
ENV RUSTFLAGS="-C target-feature=-crt-static"
RUN apk add --no-cache musl-dev
WORKDIR /app
COPY ./ /app
RUN cargo build --release
RUN strip target/release/small-rust
####################################################################################################
## Final image
####################################################################################################
FROM alpine:3.19
RUN apk add --no-cache libgcc
COPY --from=0 /app/target/release/small-rust .
ENTRYPOINT ["/small-rust"]
####################################################################################################
## Alternatively use this builder
####################################################################################################
#FROM rust:latest AS builder
#
#RUN rustup target add x86_64-unknown-linux-musl
#RUN apt update && apt install -y musl-tools musl-dev
#RUN update-ca-certificates
#
## Create appuser
#ENV USER=myip
#ENV UID=10001
#
#RUN adduser \
# --disabled-password \
# --gecos "" \
# --home "/nonexistent" \
# --shell "/sbin/nologin" \
# --no-create-home \
# --uid "${UID}" \
# "${USER}"
#
#
#WORKDIR /myip
#
#COPY ./ .
#
#RUN cargo build --target x86_64-unknown-linux-musl --release

View File

@ -0,0 +1,46 @@
####################################################################################################
## Builder
####################################################################################################
FROM rust:latest AS builder
RUN update-ca-certificates
# Create appuser
ENV USER=small-rust
ENV UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
"${USER}"
WORKDIR /app
COPY ./ .
# We no longer need to use the x86_64-unknown-linux-musl target
RUN cargo build --release
####################################################################################################
## Final image
####################################################################################################
FROM gcr.io/distroless/cc
# Import from builder.
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group
WORKDIR /app
# Copy our build
COPY --from=builder /app/target/release/small-rust ./
# Use an unprivileged user.
USER small-rust:small-rust
CMD ["/app/small-rust"]

47
docker/scratch.Dockerfile Executable file
View File

@ -0,0 +1,47 @@
####################################################################################################
## Builder
####################################################################################################
FROM rust:latest AS builder
RUN rustup target add x86_64-unknown-linux-musl
RUN apt update && apt install -y musl-tools musl-dev
RUN update-ca-certificates
# Create appuser
ENV USER=small-rust
ENV UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
"${USER}"
WORKDIR /app
COPY ./ .
RUN cargo build --target x86_64-unknown-linux-musl --release
####################################################################################################
## Final image
####################################################################################################
FROM scratch
# Import from builder.
COPY --from=builder /etc/passwd /etc/passwd
COPY --from=builder /etc/group /etc/group
WORKDIR /app
# Copy our build
COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/small-rust ./
# Use an unprivileged user.
USER small-rust:small-rust
CMD ["/app/small-rust"]

3
src/main.rs Normal file
View File

@ -0,0 +1,3 @@
fn main() {
println!("Hello, world!");
}