-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathDockerfile
More file actions
70 lines (54 loc) · 2.4 KB
/
Dockerfile
File metadata and controls
70 lines (54 loc) · 2.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# syntax=docker/dockerfile:1
# =============================================================================
# Stage 1: Chef - Install cargo-chef for dependency caching
# =============================================================================
FROM rust:bookworm AS chef
RUN cargo install cargo-chef
WORKDIR /app
# =============================================================================
# Stage 2: Planner - Generate recipe.json (dependency manifest)
# =============================================================================
FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json
# =============================================================================
# Stage 3: Builder - Build dependencies (cached), then build application
# =============================================================================
FROM chef AS builder
# Copy recipe and build dependencies first (cached layer)
COPY --from=planner /app/recipe.json recipe.json
RUN cargo chef cook --release --recipe-path recipe.json
# Copy source and build the application
COPY . .
RUN cargo build --release --bin roodb --bin roodb_init
# =============================================================================
# Stage 4: Runtime - Minimal image with just the binaries
# =============================================================================
FROM debian:bookworm-slim AS runtime
LABEL org.opencontainers.image.source="https://github.com/jgarzik/roodb"
LABEL org.opencontainers.image.licenses="MIT"
LABEL org.opencontainers.image.description="RooDB distributed SQL database"
# Install runtime dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
libssl3 \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd --create-home --shell /bin/bash roodb
# Copy binaries from builder
COPY --from=builder /app/target/release/roodb /usr/local/bin/roodb
COPY --from=builder /app/target/release/roodb_init /usr/local/bin/roodb_init
# Copy entrypoint script
COPY docker/entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
# Create data and certs directories
RUN mkdir -p /data /certs && chown -R roodb:roodb /data
# Switch to non-root user
USER roodb
# Expose ports
# 3307 - Client connections (MySQL protocol over TLS)
# 4307 - Raft consensus (internal cluster communication)
EXPOSE 3307 4307
# Mount points
VOLUME ["/data", "/certs"]
ENTRYPOINT ["/entrypoint.sh"]