-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathDockerfile
More file actions
39 lines (32 loc) · 1.28 KB
/
Dockerfile
File metadata and controls
39 lines (32 loc) · 1.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# --- Build stage (Alpine = native musl, no cross-compile wrapper) ---
FROM rust:alpine AS builder
RUN apk add --no-cache musl-dev
WORKDIR /app
# Cache dependencies: copy manifests first, build a dummy project
COPY Cargo.toml Cargo.lock ./
RUN mkdir src && echo 'fn main() {}' > src/main.rs && \
cargo build --release && \
rm -rf src
# Build the real binary
COPY src/ src/
RUN touch src/main.rs && cargo build --release
# --- CA certs (lightweight source for release stage) ---
FROM alpine:latest AS certs
# --- Release stage (pre-built binary, used by CI/CD with --target release) ---
FROM scratch AS release
COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --chmod=755 mcp /usr/local/bin/mcp
# Scratch has no writable filesystem — disable audit by default.
# Override with -e MCP_AUDIT_ENABLED=true when a volume is mounted.
ENV MCP_AUDIT_ENABLED=false
EXPOSE 8080
ENTRYPOINT ["mcp"]
# --- Default stage (build from source) ---
FROM scratch
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=builder /app/target/release/mcp /usr/local/bin/mcp
# Scratch has no writable filesystem — disable audit by default.
# Override with -e MCP_AUDIT_ENABLED=true when a volume is mounted.
ENV MCP_AUDIT_ENABLED=false
EXPOSE 8080
ENTRYPOINT ["mcp"]