Actually add Dockerfile

tee/.dockerignore

@@ -0,0 +1,28 @@
+# Rust build artifacts
+target/
+**/*.rs.bk
+**/*.rlib
+**/*.d
+**/*.rlib.d
+**/*.o
+**/*.rmeta
+
+# Cargo cache and configuration files
+.cargo/
+
+.nix/
+flake.nix
+flake.lock
+result # Nix build output symlink
+
+# Git-related files
+.git/
+.gitignore
+
+# IDE and editor specific files
+.idea/
+.vscode/
+*.swp
+*~
+.#*
+

tee/crates/shielder-prover-server/Cargo.toml

@@ -10,7 +10,7 @@ repository = { workspace = true }
 
 [dependencies]
 axum = { workspace = true, features = ["tokio", "macros"] }
-clap = { workspace = true, features = ["derive"] }
+clap = { workspace = true, features = ["derive", "env"] }
 serde = { workspace = true }
 shielder-prover-common = { workspace = true }
 thiserror = { workspace = true }

tee/crates/shielder-prover-server/src/command_line_args.rs

@@ -3,38 +3,38 @@ use clap::Parser;
 #[derive(Parser, Debug, Clone)]
 pub struct CommandLineArgs {
     /// A port on whhich this serves listend to incoming HTTP connections.
-    #[arg(short, long, default_value = "3000")]
+    #[arg(short, long, default_value = "3000", env = "PUBLIC_PORT")]
     pub public_port: u16,
 
     /// Internal port on which host and tee applications talks to each other
     /// This is the part of the vsock endpoint, which is tee_cid:tee_port
-    #[arg(short, long, default_value_t = shielder_prover_common::protocol::VSOCK_PORT)]
+    #[arg(short, long, default_value_t = shielder_prover_common::protocol::VSOCK_PORT, env = "TEE_PORT")]
     pub tee_port: u16,
 
     /// Local IPv4 address on which this server listens to incoming HTTP connections
-    #[arg(short, long, default_value = "0.0.0.0")]
+    #[arg(short, long, default_value = "0.0.0.0", env = "BIND_ADDRESS")]
     pub bind_address: String,
 
     /// A context identifier on which this server and TEE server communicate with each other
     /// This is the part of the vsock endpoint, which is tee_cid:tee_port
-    #[clap(long, default_value_t = vsock::VMADDR_CID_HOST)]
+    #[clap(long, default_value_t = vsock::VMADDR_CID_HOST, env = "TEE_CID")]
     pub tee_cid: u32,
 
     /// How many incoming requests can this server handle at once
     /// Do not raise it above 128 as this is the limit of vsock connections, at least
     /// for the rust lib used by this server
-    #[clap(long, default_value_t = 100)]
+    #[clap(long, default_value_t = 100, env = "TASK_POOL_CAPACITY")]
     pub task_pool_capacity: usize,
 
     /// Maximum request size (in bytes) sent to server
-    #[clap(long, default_value_t = 100 * 1024)]
+    #[clap(long, default_value_t = 100 * 1024, env = "MAXIMUM_REQUEST_SIZE")]
     pub maximum_request_size: usize,
 
     /// How much time this server waits for a task pool to spawn a new task
-    #[clap(long, default_value_t = 5)]
+    #[clap(long, default_value_t = 5, env = "TASK_POOL_TIMEOUT_SECS")]
     pub task_pool_timeout_secs: u64,
 
     /// How much time this server waits for a response from TEE
-    #[clap(long, default_value_t = 60)]
+    #[clap(long, default_value_t = 60, env = "TEE_COMPUTE_TIMEOUT_SECS")]
     pub tee_compute_timeout_secs: u64,
 }

tee/docker/Dockerfile

@@ -0,0 +1,25 @@
+FROM rust:1.88 AS builder
+
+WORKDIR /app
+
+COPY Cargo.toml Cargo.lock ./
+
+# Copy the rest of your source code
+COPY . .
+
+RUN cargo build --release -p shielder-prover-server
+
+FROM ubuntu:jammy
+
+WORKDIR /app
+
+COPY --from=builder /app/target/release/shielder-prover-server .
+
+COPY docker/dockerentrypoint.sh .
+
+RUN chmod +x dockerentrypoint.sh
+
+# Expose the default public port
+EXPOSE 3000
+
+ENTRYPOINT ["/app/shielder-prover-server"]