geforkt von mirrored/vaultwarden
f250c54813
No need to use two different base images. Debian buster is pulled later anyway so we can just use it for the vault stage as well. My reason for this change is partly to avoid redundancy and partly to make it easier to build everything yourself. When all the build environment is based on Debian than you just have to figure out how to build a Debian Docker base image (ref: https://github.com/ypid/docker-makefile).
101 Zeilen
2,6 KiB
Docker
101 Zeilen
2,6 KiB
Docker
# Using multistage build:
|
|
# https://docs.docker.com/develop/develop-images/multistage-build/
|
|
# https://whitfin.io/speeding-up-rust-docker-builds/
|
|
####################### VAULT BUILD IMAGE #######################
|
|
FROM debian:buster-slim as vault
|
|
|
|
ENV VAULT_VERSION "v2.12.0b"
|
|
|
|
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive \
|
|
LANG=C.UTF-8 \
|
|
TZ=UTC \
|
|
TERM=xterm-256color
|
|
|
|
RUN apt update -y \
|
|
&& apt install -y \
|
|
curl \
|
|
tar
|
|
|
|
RUN mkdir /web-vault
|
|
WORKDIR /web-vault
|
|
|
|
SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
|
|
|
|
RUN curl -L $URL | tar xz
|
|
RUN ls
|
|
|
|
########################## BUILD IMAGE ##########################
|
|
# We need to use the Rust build image, because
|
|
# we need the Rust compiler and Cargo tooling
|
|
FROM rust:1.40 as build
|
|
|
|
# set sqlite as default for DB ARG for backward comaptibility
|
|
ARG DB=sqlite
|
|
|
|
# Don't download rust docs
|
|
RUN rustup set profile minimal
|
|
|
|
# Creates a dummy project used to grab dependencies
|
|
RUN USER=root cargo new --bin app
|
|
WORKDIR /app
|
|
|
|
# Copies over *only* your manifests and build files
|
|
COPY ./Cargo.* ./
|
|
COPY ./rust-toolchain ./rust-toolchain
|
|
COPY ./build.rs ./build.rs
|
|
|
|
# Builds your dependencies and removes the
|
|
# dummy project, except the target folder
|
|
# This folder contains the compiled dependencies
|
|
RUN cargo build --features ${DB} --release
|
|
RUN find . -not -path "./target*" -delete
|
|
|
|
# Copies the complete project
|
|
# To avoid copying unneeded files, use .dockerignore
|
|
COPY . .
|
|
|
|
# Make sure that we actually build the project
|
|
RUN touch src/main.rs
|
|
|
|
# Builds again, this time it'll just be
|
|
# your actual source files being built
|
|
RUN cargo build --features ${DB} --release
|
|
|
|
######################## RUNTIME IMAGE ########################
|
|
# Create a new stage with a minimal image
|
|
# because we already have a binary built
|
|
FROM debian:buster-slim
|
|
|
|
ENV ROCKET_ENV "staging"
|
|
ENV ROCKET_PORT=80
|
|
ENV ROCKET_WORKERS=10
|
|
|
|
# Install needed libraries
|
|
RUN apt-get update && apt-get install -y \
|
|
--no-install-recommends \
|
|
openssl \
|
|
ca-certificates \
|
|
curl \
|
|
sqlite3 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN mkdir /data
|
|
VOLUME /data
|
|
EXPOSE 80
|
|
EXPOSE 3012
|
|
|
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
|
# and the binary from the "build" stage to the current stage
|
|
COPY Rocket.toml .
|
|
COPY --from=vault /web-vault ./web-vault
|
|
COPY --from=build app/target/release/bitwarden_rs .
|
|
|
|
COPY docker/healthcheck.sh ./healthcheck.sh
|
|
|
|
HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
|
|
|
|
# Configures the startup!
|
|
WORKDIR /
|
|
CMD ["/bitwarden_rs"]
|