-
Notifications
You must be signed in to change notification settings - Fork 61
Expand file tree
/
Copy pathDockerfile
More file actions
58 lines (43 loc) · 1.48 KB
/
Dockerfile
File metadata and controls
58 lines (43 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Builder stage
FROM rust:1-slim-bookworm AS builder
# Labels for the builder stage
LABEL stage=builder
# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
libclang-dev \
perl \
pkg-config \
make \
&& rm -rf /var/lib/apt/lists/*
# Create a new empty shell project
WORKDIR /usr/src/squawk
# First, copy only the workspace configuration and toolchain files
COPY Cargo.toml Cargo.lock rust-toolchain.toml ./
# Copy the entire project
COPY . .
# Build the release version
RUN cargo build --release
# Final stage
FROM debian:bookworm-slim
# Metadata labels
LABEL org.opencontainers.image.title="Squawk"
LABEL org.opencontainers.image.description="Linter for PostgreSQL focused on database migrations"
LABEL org.opencontainers.image.licenses="Apache-2.0 OR MIT"
LABEL org.opencontainers.image.source="https://github.com/sbdchd/squawk"
# Create a non-root user to run the application
RUN groupadd -r squawk && useradd -r -g squawk squawk
# Install runtime dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
# Copy the binary from the builder stage
COPY --from=builder /usr/src/squawk/target/release/squawk /usr/local/bin/squawk
# Set the ownership of the binary
RUN chown squawk:squawk /usr/local/bin/squawk
# Switch to non-root user
USER squawk
WORKDIR /data
# Command to run when the container starts
ENTRYPOINT ["squawk"]
CMD ["--help"]