47 lines
1.1 KiB
Docker
47 lines
1.1 KiB
Docker
####################################################################################################
|
|
## Builder
|
|
####################################################################################################
|
|
FROM rust:latest AS builder
|
|
|
|
RUN update-ca-certificates
|
|
|
|
# Create appuser
|
|
ENV USER=small-rust
|
|
ENV UID=10001
|
|
|
|
RUN adduser \
|
|
--disabled-password \
|
|
--gecos "" \
|
|
--home "/nonexistent" \
|
|
--shell "/sbin/nologin" \
|
|
--no-create-home \
|
|
--uid "${UID}" \
|
|
"${USER}"
|
|
|
|
|
|
WORKDIR /app
|
|
|
|
COPY ./ .
|
|
|
|
# We no longer need to use the x86_64-unknown-linux-musl target
|
|
RUN cargo build --release
|
|
|
|
####################################################################################################
|
|
## Final image
|
|
####################################################################################################
|
|
FROM gcr.io/distroless/cc
|
|
|
|
# Import from builder.
|
|
COPY --from=builder /etc/passwd /etc/passwd
|
|
COPY --from=builder /etc/group /etc/group
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy our build
|
|
COPY --from=builder /app/target/release/small-rust ./
|
|
|
|
# Use an unprivileged user.
|
|
USER small-rust:small-rust
|
|
|
|
CMD ["/app/small-rust"]
|