forked from Jesssullivan/tummycrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathContainerfile
More file actions
92 lines (76 loc) · 3.75 KB
/
Containerfile
File metadata and controls
92 lines (76 loc) · 3.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Containerfile — tcfsd worker image
#
# Multi-stage build:
# builder — Rust release build with k8s-worker feature
# runtime — distroless/cc for minimal attack surface
#
# Build:
# podman build -t ghcr.io/jesssullivan/tcfsd:latest -f Containerfile .
#
# Run:
# podman run --rm \
# --env-file /path/to/s3-credentials.env \
# ghcr.io/jesssullivan/tcfsd:latest \
# --mode=worker --config=/etc/tcfsd/config.toml
# ── Stage 1: Rust builder ─────────────────────────────────────────────────────
FROM rust:1.93-slim-bookworm AS builder
WORKDIR /build
# Install build deps for native crates (fuse3 headers, protobuf compiler)
RUN apt-get update -qq && apt-get install -y --no-install-recommends \
protobuf-compiler \
pkg-config \
libssl-dev \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Cache dependency compilation: copy ALL workspace member manifests first
COPY Cargo.toml Cargo.lock ./
COPY crates/tcfs-core/Cargo.toml crates/tcfs-core/
COPY crates/tcfs-crypto/Cargo.toml crates/tcfs-crypto/
COPY crates/tcfs-secrets/Cargo.toml crates/tcfs-secrets/
COPY crates/tcfs-storage/Cargo.toml crates/tcfs-storage/
COPY crates/tcfs-chunks/Cargo.toml crates/tcfs-chunks/
COPY crates/tcfs-sync/Cargo.toml crates/tcfs-sync/
COPY crates/tcfs-vfs/Cargo.toml crates/tcfs-vfs/
COPY crates/tcfs-fuse/Cargo.toml crates/tcfs-fuse/
COPY crates/tcfs-nfs/Cargo.toml crates/tcfs-nfs/
COPY crates/tcfs-cloudfilter/Cargo.toml crates/tcfs-cloudfilter/
COPY crates/tcfs-sops/Cargo.toml crates/tcfs-sops/
COPY crates/tcfs-file-provider/Cargo.toml crates/tcfs-file-provider/
COPY crates/tcfs-dbus/Cargo.toml crates/tcfs-dbus/
COPY crates/tcfs-auth/Cargo.toml crates/tcfs-auth/
COPY crates/tcfsd/Cargo.toml crates/tcfsd/
COPY crates/tcfs-cli/Cargo.toml crates/tcfs-cli/
COPY crates/tcfs-tui/Cargo.toml crates/tcfs-tui/
COPY crates/tcfs-mcp/Cargo.toml crates/tcfs-mcp/
COPY tests/e2e/Cargo.toml tests/e2e/
# Create stub lib/main files so cargo can resolve the workspace dependency graph
RUN for d in tcfs-core tcfs-crypto tcfs-secrets tcfs-storage tcfs-chunks tcfs-sync \
tcfs-vfs tcfs-fuse tcfs-nfs tcfs-cloudfilter tcfs-sops tcfs-file-provider \
tcfs-dbus tcfs-auth tcfs-tui; do \
mkdir -p crates/$d/src && echo "// stub" > crates/$d/src/lib.rs; \
done && \
mkdir -p crates/tcfsd/src crates/tcfs-cli/src crates/tcfs-mcp/src tests/e2e/src && \
echo "fn main() {}" > crates/tcfsd/src/main.rs && \
echo "fn main() {}" > crates/tcfs-cli/src/main.rs && \
echo "fn main() {}" > crates/tcfs-mcp/src/main.rs && \
echo "// stub" > tests/e2e/src/lib.rs
# Build deps only (cached layer)
RUN cargo build --release --features tcfsd/k8s-worker -p tcfsd 2>&1 || true
# Copy real source
COPY crates/ crates/
# Build the worker binary
RUN touch crates/tcfsd/src/main.rs && \
cargo build --release --features tcfsd/k8s-worker -p tcfsd
# ── Stage 2: Runtime (distroless) ─────────────────────────────────────────────
FROM gcr.io/distroless/cc-debian12:latest
# Copy binary
COPY --from=builder /build/target/release/tcfsd /tcfsd
# Default config location (override with -v or ConfigMap)
# Config must be mounted at /etc/tcfsd/config.toml
VOLUME ["/etc/tcfsd", "/var/lib/tcfsd"]
# Metrics port
EXPOSE 9100
# Graceful shutdown: SIGTERM is forwarded to tcfsd, which drains in-flight tasks
STOPSIGNAL SIGTERM
ENTRYPOINT ["/tcfsd"]
CMD ["--mode=worker", "--config=/etc/tcfsd/config.toml"]