feat(backend): modernize Dockerfile and implement manual deployment script

tranhoangpich · tranhoangpich · commit 6f39134f3483 · 2026-03-17T13:28:59.000+07:00
diff --git a/apps/backend/Dockerfile b/apps/backend/Dockerfile
@@ -1,18 +1,21 @@
-FROM rust:latest AS builder
+FROM rust:1-bookworm AS builder
 
-RUN apt-get update && apt-get install -y musl-tools
-RUN rustup target add x86_64-unknown-linux-musl
+# Install system dependencies if needed (e.g. openssl, although it seems we don't need it yet)
+# RUN apt-get update && apt-get install -y pkg-config libssl-dev
 
 WORKDIR /app
 COPY . .
 
-# Build with MUSL for a static binary
-RUN cargo build --release --target x86_64-unknown-linux-musl --manifest-path apps/backend/Cargo.toml
+# Build for the native architecture or specified platform
+RUN cargo build --release --manifest-path apps/backend/Cargo.toml && \
+    mkdir -p /app/bin && \
+    find /app -name verifyos-backend -type f -executable -exec cp {} /app/bin/verifyos-backend \;
 
-FROM alpine:latest
-RUN apk add --no-cache ca-certificates
+FROM debian:bookworm-slim
+RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /app/apps/backend/target/x86_64-unknown-linux-musl/release/verifyos-backend /usr/local/bin/verifyos-backend
+# Copy the binary from the staging bin folder
+COPY --from=builder /app/bin/verifyos-backend /usr/local/bin/verifyos-backend
 
 ENV RUST_LOG=info
 EXPOSE 7070
diff --git a/apps/backend/deploy.sh b/apps/backend/deploy.sh
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+# verifyOS Backend Manual Deployment Script
+# This script builds the Docker image and pushes it to Amazon ECR.
+
+set -e
+
+# Configuration
+REGION="ap-southeast-1"
+REPO_NAME="verifyos-backend"
+SERVICE_NAME="verifyos-backend"
+
+echo "🚀 Starting manual deployment for $SERVICE_NAME..."
+
+# 1. Login to ECR
+echo "🔑 Logging in to Amazon ECR..."
+AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+ECR_URL="$AWS_ACCOUNT_ID.dkr.ecr.$REGION.amazonaws.com"
+aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin $ECR_URL
+
+# 2. Build Docker Image
+echo "📦 Building Docker image for linux/amd64..."
+# Run build from project root to include core library
+cd ../..
+docker build --platform linux/amd64 -t $REPO_NAME -f apps/backend/Dockerfile .
+docker tag $REPO_NAME:latest $ECR_URL/$REPO_NAME:latest
+
+# 3. Push to ECR
+echo "📤 Pushing image to ECR..."
+docker push $ECR_URL/$REPO_NAME:latest
+
+# 4. Deploy to App Runner
+echo "🔄 Updating App Runner service..."
+# Find the Service ARN
+SERVICE_ARN=$(aws apprunner list-services --region $REGION --query "ServiceSummaryList[?ServiceName=='$SERVICE_NAME'].ServiceArn" --output text)
+
+if [ -z "$SERVICE_ARN" ] || [ "$SERVICE_ARN" == "None" ]; then
+    echo "❌ Error: Could not find App Runner service named $SERVICE_NAME in $REGION"
+    exit 1
+fi
+
+echo "📍 Found Service ARN: $SERVICE_ARN"
+aws apprunner start-deployment --region $REGION --service-arn "$SERVICE_ARN"
+
+echo "✅ Deployment initiated! Check AWS Console for progress."
diff --git a/apps/backend/src/app/scan.rs b/apps/backend/src/app/scan.rs
@@ -69,29 +69,8 @@ impl ScanService {
 
         let run_started = Instant::now();
         let bundle_path = bundle_path.as_ref();
-        let run = match engine.run(bundle_path) {
-            Ok(run) => run,
-            Err(OrchestratorError::AppBundleNotFound)
-                if is_zip_like(bundle_path) =>
-            {
-                match extract_app_bundle(bundle_path) {
-                    Ok((dir, app_path)) => {
-                        let run = engine
-                            .run_on_bundle(&app_path, run_started)
-                            .map_err(|err| ScanError::ScanFailed(err.to_string()))?;
-                        std::mem::drop(dir);
-                        run
-                    }
-                    Err(err) => {
-                        return Err(ScanError::ScanFailed(format!(
-                            "{}. If you only have a .app, zip it and upload the .zip",
-                            err
-                        )));
-                    }
-                }
-            }
-            Err(err) => return Err(ScanError::ScanFailed(err.to_string())),
-        };
+        let run = engine.run(bundle_path)
+            .map_err(|err| ScanError::ScanFailed(err.to_string()))?;
 
         let mut report = build_report(run.results, run.total_duration_ms, run.cache_stats);
         let baseline = request.baseline.as_ref().map(|baseline| apply_baseline(&mut report, baseline));
@@ -137,41 +116,7 @@ fn build_rule_selection(
     })
 }
 
-fn is_zip_like(path: &Path) -> bool {
-    path.extension()
-        .and_then(|ext| ext.to_str())
-        .is_some_and(|ext| ext.eq_ignore_ascii_case("zip") || ext.eq_ignore_ascii_case("ipa"))
-}
 
-fn extract_app_bundle(path: &Path) -> Result<(tempfile::TempDir, PathBuf), String> {
-    let file = std::fs::File::open(path).map_err(|err| err.to_string())?;
-    let mut archive = ZipArchive::new(file).map_err(|err| err.to_string())?;
-    let dir = tempfile::tempdir().map_err(|err| err.to_string())?;
-    archive
-        .extract(dir.path())
-        .map_err(|err| err.to_string())?;
-
-    let app_path = find_app_bundle(dir.path())
-        .ok_or_else(|| "Could not locate .app in uploaded archive".to_string())?;
-    Ok((dir, app_path))
-}
-
-fn find_app_bundle(root: &Path) -> Option<PathBuf> {
-    let mut queue = vec![root.to_path_buf()];
-    while let Some(dir) = queue.pop() {
-        let entries = std::fs::read_dir(&dir).ok()?;
-        for entry in entries.flatten() {
-            let path = entry.path();
-            if path.is_dir() {
-                if path.extension().is_some_and(|ext| ext == "app") {
-                    return Some(path);
-                }
-                queue.push(path);
-            }
-        }
-    }
-    None
-}
 
 fn load_xcode_project(
     path: &Path,
