Skip to content

Commit

Permalink
chore: slimming docker image size
Browse files Browse the repository at this point in the history
  • Loading branch information
hopeyen committed Mar 7, 2024
1 parent 6c6f405 commit 0f853de
Show file tree
Hide file tree
Showing 3 changed files with 89 additions and 21 deletions.
1 change: 1 addition & 0 deletions .github/workflows/containers.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ on:
branches:
- main
- dev
- "hope/ci/*"

env:
REGISTRY: ghcr.io/${{ github.repository_owner }}
Expand Down
54 changes: 44 additions & 10 deletions Dockerfile.file-exchange
Original file line number Diff line number Diff line change
@@ -1,12 +1,46 @@
FROM rust:1.74-bookworm as build
WORKDIR /root
COPY . .
RUN cargo build --release --bin file-exchange
FROM rust:1-bullseye AS build-image

########################################################################################

FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y --no-install-recommends openssl ca-certificates \
# Update and install necessary packages, including libc6-dev for libresolv
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
wget \
curl \
libpq-dev \
pkg-config \
libssl-dev \
clang \
build-essential \
libc6-dev \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY --from=build /root/target/release/file-exchange /usr/local/bin/
ENTRYPOINT ["/usr/local/bin/file-exchange"]

# Ensure CA certificates are installed
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates

# Copy project files to the container
COPY . /file-exchange
WORKDIR /file-exchange

# Set Rust flags to link against libresolv
ENV RUSTFLAGS="-C link-arg=-lresolv"

# Build the Rust project
RUN cargo build --release -p file-exchange

# Setup the runtime environment
FROM alpine:3.17.3 as alpine
RUN set -x \
&& apk update \
&& apk add --no-cache upx dumb-init
COPY --from=build-image /file-exchange/target/release/file-exchange /file-exchange/target/release/file-exchange
RUN upx --overlay=strip --best /file-exchange/target/release/file-exchange

FROM gcr.io/distroless/cc AS runtime
COPY --from=build-image /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=build-image /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build-image /etc/passwd /etc/passwd
COPY --from=build-image /etc/group /etc/group
COPY --from=alpine /usr/bin/dumb-init /usr/bin/dumb-init
COPY --from=alpine "/file-exchange/target/release/file-exchange" "/usr/local/bin/file-exchange"
COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh
ENTRYPOINT [ "/usr/bin/dumb-init", "--", "/usr/local/bin/file-exchange" ]
55 changes: 44 additions & 11 deletions Dockerfile.file-service
Original file line number Diff line number Diff line change
@@ -1,13 +1,46 @@
FROM rust:1.74-bookworm as build
WORKDIR /root
COPY . .
ENV SQLX_OFFLINE=true
RUN cargo build --release --bin file-service

########################################################################################
FROM debian:bookworm-slim
FROM rust:1-bullseye AS build-image

# Update and install necessary packages, including libc6-dev for libresolv
RUN apt-get update \
&& apt-get install -y --no-install-recommends openssl ca-certificates \
&& apt-get install -y --no-install-recommends \
wget \
curl \
libpq-dev \
pkg-config \
libssl-dev \
clang \
build-essential \
libc6-dev \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY --from=build /root/target/release/file-service /usr/local/bin/
ENTRYPOINT ["/usr/local/bin/file-service"]

# Ensure CA certificates are installed
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates

# Copy project files to the container
COPY . /file-service
WORKDIR /file-service

# Set Rust flags to link against libresolv
ENV RUSTFLAGS="-C link-arg=-lresolv"

# Build the Rust project
RUN cargo build --release -p file-service

# Setup the runtime environment
FROM alpine:3.17.3 as alpine
RUN set -x \
&& apk update \
&& apk add --no-cache upx dumb-init
COPY --from=build-image /file-service/target/release/file-service /file-service/target/release/file-service
RUN upx --overlay=strip --best /file-service/target/release/file-service

FROM gcr.io/distroless/cc AS runtime
COPY --from=build-image /usr/share/zoneinfo /usr/share/zoneinfo
COPY --from=build-image /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build-image /etc/passwd /etc/passwd
COPY --from=build-image /etc/group /etc/group
COPY --from=alpine /usr/bin/dumb-init /usr/bin/dumb-init
COPY --from=alpine "/file-service/target/release/file-service" "/usr/local/bin/file-service"
COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh
ENTRYPOINT [ "/usr/bin/dumb-init", "--", "/usr/local/bin/file-service" ]

0 comments on commit 0f853de

Please sign in to comment.