From d31750883d164f17ee18bc7080192676187b6f51 Mon Sep 17 00:00:00 2001 From: imnyang Date: Wed, 11 Mar 2026 15:10:15 +0000 Subject: [PATCH] Update Dockerfile --- Dockerfile | 45 +++++++++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6b706ec..deaf666 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,26 @@ -# Make sure RUST_VERSION matches the Rust version +# Pin the Rust toolchain version used in the build stage. ARG RUST_VERSION=1.92 -ARG APP_NAME=docker-rust-hello + +# Name of the compiled binary produced by Cargo (must match Cargo.toml package name). +ARG APP_NAME=paste ################################################################################ -# Create a stage for building the application. +# Build stage (DOI Rust image) +# This stage compiles the application. ################################################################################ -FROM dhi.io/rust:${RUST_VERSION}-alpine3.22-dev AS build +FROM docker.io/library/rust:${RUST_VERSION}-alpine AS build + +# Re-declare args inside the stage if you want to use them here. ARG APP_NAME + +# All build steps happen inside /app. WORKDIR /app -# Install host build dependencies. +# Install build dependencies needed to compile Rust crates on Alpine RUN apk add --no-cache clang lld musl-dev git -# Build the application. +# Build the application RUN --mount=type=bind,source=src,target=src \ --mount=type=bind,source=Cargo.toml,target=Cargo.toml \ --mount=type=bind,source=Cargo.lock,target=Cargo.lock \ @@ -24,13 +31,13 @@ RUN --mount=type=bind,source=src,target=src \ cp ./target/release/$APP_NAME /bin/server ################################################################################ -# Create a new stage for running the application that contains the minimal -# We use dhi.io/static for the final stage because it’s a minimal Docker Hardened Image runtime (basically “just # enough OS to run the binary”), which helps keep the image small and with a lower attack surface compared to a # # full Alpine/Debian runtime. +# Runtime stage (DOI Alpine image) +# This stage runs the already-compiled binary with minimal dependencies. ################################################################################ -FROM dhi.io/static:20250419 AS final +FROM docker.io/library/alpine:3.18 AS final -# Create a non-privileged user that the app will run under. +# Create a non-privileged user (recommended best practice) ARG UID=10001 RUN adduser \ --disabled-password \ @@ -39,17 +46,19 @@ RUN adduser \ --shell "/sbin/nologin" \ --no-create-home \ --uid "${UID}" \ - appuser -USER appuser + imnyang -# Copy the executable from the "build" stage. -COPY --from=build /bin/server /bin/ +# Drop privileges for runtime. +USER imnyang -# Configure rocket to listen on all interfaces. +# Copy only the compiled binary from the build stage. +COPY --from=build /bin/paste /app/ + +# Rocket: listen on all interfaces inside the container. ENV ROCKET_ADDRESS=0.0.0.0 -# Expose the port that the application listens on. +# Document the port your app listens on. EXPOSE 8000 -# What the container should run when it is started. -CMD ["/bin/server"] \ No newline at end of file +# Start the application. +CMD ["/app/paste"] \ No newline at end of file