core/Dockerfile.auth at master · calimero-network/core · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# syntax=docker/dockerfile:1

ARG RUST_VERSION=1.88.0
# ^~~ keep this in sync with rust-toolchain.toml

ARG APP_NAME=mero-auth

################################################################################
FROM rust:${RUST_VERSION}-slim-bookworm AS build
ARG APP_NAME

RUN apt-get update && apt-get install -y --no-install-recommends \
    clang \
    libclang-dev \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

COPY Cargo.toml Cargo.lock ./
COPY crates ./crates
COPY apps ./apps
COPY tools ./tools

ARG CALIMERO_AUTH_FRONTEND_SRC # the url or absolute path to the webui (archive or directory)
ARG CALIMERO_AUTH_FRONTEND_REPO # the git repository hosting the webui
ARG CALIMERO_AUTH_FRONTEND_VERSION # the version of the webui to use (tag or "latest")
ARG CALIMERO_AUTH_FRONTEND_REF # fallback branch ref used when version is "latest"
ARG CALIMERO_AUTH_FRONTEND_ASSET # optional release asset name to download
ARG CALIMERO_AUTH_FRONTEND_FETCH # invalidate the cache, fetch the webui
# CALIMERO_AUTH_FRONTEND_FETCH_TOKEN # GitHub token to use for fetching the webui (for a git release asset)

# ^~~ docker build
#        --build-arg CALIMERO_AUTH_FRONTEND_FETCH=1
#   env: --secret id=gh-token,env=CALIMERO_AUTH_FRONTEND_FETCH_TOKEN
#  file: --secret id=gh-token,src=./gh_token.txt

RUN --mount=type=cache,target=/app/target \
    --mount=type=cache,target=/usr/local/cargo/git \
    --mount=type=cache,target=/usr/local/cargo/registry \
    --mount=type=secret,id=gh-token,env=CALIMERO_AUTH_FRONTEND_FETCH_TOKEN \
    [ -n "$CALIMERO_AUTH_FRONTEND_FETCH_TOKEN" ] || unset CALIMERO_AUTH_FRONTEND_FETCH_TOKEN && \
    cargo build --locked --release -p ${APP_NAME} && \
    cp target/release/${APP_NAME} /usr/local/bin/

################################################################################
FROM debian:bookworm-slim AS runtime
ARG APP_NAME

LABEL org.opencontainers.image.description="Calimero Authentication Service" \
    org.opencontainers.image.licenses="MIT OR Apache-2.0" \
    org.opencontainers.image.authors="Calimero Limited <info@calimero.network>" \
    org.opencontainers.image.source="https://github.com/calimero-network/core" \
    org.opencontainers.image.url="https://calimero.network"

RUN apt-get update && apt-get install -y --no-install-recommends \
    ca-certificates \
    curl \
    && rm -rf /var/lib/apt/lists/*

ARG UID=10001
RUN adduser \
    --disabled-password \
    --gecos "" \
    --home "/user" \
    --shell "/sbin/nologin" \
    --uid "${UID}" \
    user

COPY --from=build \
    /usr/local/bin/${APP_NAME} \
    /usr/local/bin/
COPY crates/auth/config/config.toml /etc/calimero/auth.toml

USER user
WORKDIR /data

VOLUME /data
EXPOSE 3001

ENV APP_NAME=${APP_NAME}
ENTRYPOINT ${APP_NAME} --config /etc/calimero/auth.toml --verbose