-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathDockerfile
54 lines (39 loc) · 1.68 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
FROM --platform=${BUILDPLATFORM} ghcr.io/cross-rs/aarch64-unknown-linux-musl:0.2.5 AS build-arm64
ARG BUILDPLATFORM
ARG TARGETPLATFORM
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --target aarch64-unknown-linux-musl --default-toolchain stable
ENV PATH=/root/.cargo/bin:$PATH
RUN cargo --version
WORKDIR /usr/src
RUN mkdir /usr/src/policy-server
WORKDIR /usr/src/policy-server
COPY ./ ./
RUN cargo install cargo-auditable
RUN cargo auditable install --target aarch64-unknown-linux-musl --path .
FROM --platform=${BUILDPLATFORM} ghcr.io/cross-rs/x86_64-unknown-linux-musl:0.2.5 AS build-amd64
ARG BUILDPLATFORM
ARG TARGETPLATFORM
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --target x86_64-unknown-linux-musl --default-toolchain stable
ENV PATH=/root/.cargo/bin:$PATH
RUN cargo --version
WORKDIR /usr/src
RUN mkdir /usr/src/policy-server
WORKDIR /usr/src/policy-server
COPY ./ ./
RUN cargo install cargo-auditable
RUN cargo auditable install --target x86_64-unknown-linux-musl --path .
FROM --platform=$BUILDPLATFORM alpine AS cfg
RUN echo "policy-server:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd
RUN echo "policy-server:x:65533:policy-server" >> /etc/group
FROM scratch AS copy-amd64
COPY --from=build-amd64 --chmod=0755 /root/.cargo/bin/policy-server /policy-server
FROM scratch AS copy-arm64
COPY --from=build-arm64 --chmod=0755 /root/.cargo/bin/policy-server /policy-server
# Copy the statically-linked binary into a scratch container.
FROM copy-${TARGETARCH}
COPY --from=cfg /etc/passwd /etc/passwd
COPY --from=cfg /etc/group /etc/group
ADD Cargo.lock /Cargo.lock
USER 65533:65533
EXPOSE 3000
ENTRYPOINT ["/policy-server"]