-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathDockerfile.freyja_apps.multi
134 lines (107 loc) · 4.42 KB
/
Dockerfile.freyja_apps.multi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT license.
# SPDX-License-Identifier: MIT
# Comments are provided throughout this file to help you get started.
# If you need more help, visit the Dockerfile reference guide at
# https://docs.docker.com/engine/reference/builder/
################################################################################
# Create a stage for building the application.
ARG RUST_VERSION=1.72.1
ARG APP_NAME=freyja-in-memory-app
ARG UID=10001
# CONFIG_PATH must be relative to the project root
ARG CONFIG_PATH=""
FROM --platform=$BUILDPLATFORM docker.io/library/rust:${RUST_VERSION} AS build
# Target architecture to cross-compile
ARG TARGETARCH
ARG APP_NAME
ARG CONFIG_PATH
WORKDIR /sdv
COPY ./ .
COPY ./container/cargo/config.toml ./.cargo/config.toml
# Check that APP_NAME argument is valid.
RUN /sdv/container/scripts/argument_sanitizer.sh \
--arg-value "${APP_NAME}" \
--regex "^[a-zA-Z_0-9-]+$" || \
( echo "Argument sanitizer failed for ARG 'APP_NAME'"; exit 1 )
# Check that TARGETARCH argument is valid.
RUN /sdv/container/scripts/argument_sanitizer.sh \
--arg-value "${TARGETARCH}" \
--regex "^[a-zA-Z_0-9-]+$" || \
( echo "Argument sanitizer failed for ARG 'TARGETARCH'"; exit 1 )
# Check that CONFIG_PATH argument is valid if it's non-empty.
RUN if [ -n "${CONFIG_PATH}" ]; then \
/sdv/container/scripts/argument_sanitizer.sh \
--arg-value "${CONFIG_PATH}" \
--regex "^[\.\/a-zA-Z_0-9-]+$" || \
( echo "Argument sanitizer failed for ARG 'CONFIG_PATH'"; exit 1 ); \
fi
# Add Build dependencies.
RUN apt update && apt upgrade -y && apt install -y \
cmake \
libssl-dev \
pkg-config \
protobuf-compiler
# Based on the target architecture, add the appropriate build target and build service.
RUN if [ "$TARGETARCH" = "amd64" ]; then \
CARGOARCH="x86_64-unknown-linux-gnu"; \
elif [ "$TARGETARCH" = "arm64" ]; then \
apt install -y gcc-aarch64-linux-gnu; \
CARGOARCH="aarch64-unknown-linux-gnu"; \
else \
echo "Unsupported cross-compile architecture"; \
exit 1; \
fi; \
rustup target add ${CARGOARCH}; \
cargo build --release --target=${CARGOARCH} -p "${APP_NAME}"; \
cp /sdv/target/${CARGOARCH}/release/"${APP_NAME}" /sdv/service
# Create the config override directory and if CONFIG_PATH is provided, copy files from it
RUN mkdir -p /sdv/config \
&& if [ -n "${CONFIG_PATH}" ]; then \
cp -r "${CONFIG_PATH}"/* /sdv/config; \
fi
################################################################################
# Create a new stage for running the application that contains the minimal
# runtime dependencies for the application. This often uses a different base
# image from the build stage where the necessary files are copied from the build
# stage.
#
# The example below uses the debian bullseye image as the foundation for running the app.
# By specifying the "bullseye-slim" tag, it will also use whatever happens to be the
# most recent version of that tag when you build your Dockerfile. If
# reproducability is important, consider using a digest
# (e.g., debian@sha256:ac707220fbd7b67fc19b112cee8170b41a9e97f703f588b2cdbbcdcecdd8af57).
FROM --platform=$TARGETPLATFORM docker.io/library/debian:bullseye-slim AS final
ARG UID
ARG CONFIG_PATH
# Copy container scripts.
COPY ./container/scripts/*.sh /sdv/scripts/
# Check that UID argument is valid.
RUN /sdv/scripts/argument_sanitizer.sh \
--arg-value "${UID}" \
--regex "^[0-9]+$" || \
( echo "Argument sanitizer failed for ARG 'UID'"; exit 1 )
# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser
# Create and add user ownership to config directory.
RUN mkdir -p /sdv/.freyja/config
RUN chown appuser /sdv/.freyja/config
# Create mnt directory to copy override configs into.
RUN mkdir -p /mnt/config
USER appuser
WORKDIR /sdv
# Copy the executable from the "build" stage.
COPY --from=build /sdv/service /sdv/
# Copy from config override directory into where Freyja expects it
COPY --from=build /sdv/config /sdv/.freyja/config
ENV FREYJA_HOME=/sdv/.freyja
# What the container should run when it is started.
CMD ["/sdv/scripts/container_startup.sh"]