-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
84 lines (66 loc) · 2.32 KB
/
Dockerfile
File metadata and controls
84 lines (66 loc) · 2.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# ══════════════════════════════════════════════════════════
# Multi-stage Dockerfile for Slack Incident Bot
# ══════════════════════════════════════════════════════════
# ── Stage 1: Build Dependencies ──
FROM rust:1.88-slim as planner
WORKDIR /app
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
RUN cargo install cargo-chef --locked
COPY . .
RUN cargo chef prepare --recipe-path recipe.json
# ── Stage 2: Build Cached Dependencies ──
FROM rust:1.88-slim as cacher
WORKDIR /app
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
RUN cargo install cargo-chef --locked
COPY --from=planner /app/recipe.json recipe.json
RUN cargo chef cook --release --recipe-path recipe.json
# ── Stage 3: Build Application ──
FROM rust:1.88-slim as builder
WORKDIR /app
# Install build dependencies
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
# Copy cached dependencies
COPY --from=cacher /app/target target
COPY --from=cacher /usr/local/cargo /usr/local/cargo
# Copy source code
COPY Cargo.toml Cargo.lock ./
COPY src ./src
COPY migrations ./migrations
# Build release binary
RUN cargo build --release
# ── Stage 4: Runtime ──
FROM debian:bookworm-slim
# Install runtime dependencies
RUN apt-get update && apt-get install -y \
ca-certificates \
libssl3 \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd -m -u 1000 -s /bin/bash incident-bot
# Set working directory
WORKDIR /app
# Copy binary from builder
COPY --from=builder /app/target/release/incident-bot /app/incident-bot
# Copy migrations (needed for startup)
COPY --from=builder /app/migrations /app/migrations
# Set ownership
RUN chown -R incident-bot:incident-bot /app
# Switch to non-root user
USER incident-bot
# Expose port
EXPOSE 3000
# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD ["/usr/bin/curl", "-f", "http://localhost:3000/health"]
# Run the binary
CMD ["/app/incident-bot"]