From 01e88eeb3bcd77f4951550b2a42f951722b9419d Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Sat, 23 Aug 2025 01:45:49 +0200
Subject: [PATCH] Use new and improved rust workflow and Dockerfile

---
 .dockerignore              |  2 +
 .gitea/workflows/build.yml | 78 ++++----------------------------------
 Dockerfile                 | 28 +++++++++++---
 3 files changed, 33 insertions(+), 75 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index fedaa2b..ac9867e 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,4 @@
 /target
 .env
+# Use the rust environment provided by the container
+rust-toolchain.toml
diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml
index deb94df..f40d837 100644
--- a/.gitea/workflows/build.yml
+++ b/.gitea/workflows/build.yml
@@ -1,84 +1,24 @@
-# Based on: https://pastebin.com/99Fq2b2w
 name: Build and deploy
 on:
     push:
         branches:
             - master
             - feature/**
+        tags:
+            - v*.*.*
 
 jobs:
     build:
-        name: Build application
-        runs-on: ubuntu-latest
-        container: catthehacker/ubuntu:act-latest
-        steps:
-            - name: Checkout
-              uses: actions/checkout@v4
-
-            - name: Setup Rust
-              uses: actions-rust-lang/setup-rust-toolchain@v1
-              with:
-                  rustflags: ""
-
-            - name: Build
-              run: cargo build --release
-
-            - name: Upload artifact
-              uses: actions/upload-artifact@v3
-              with:
-                  name: automation
-                  path: target/release/automation
-
-    container:
-        name: Build container
-        runs-on: ubuntu-latest
-        needs: [build]
-        container: catthehacker/ubuntu:act-latest
-        steps:
-            - name: Checkout
-              uses: actions/checkout@v4
-
-            - name: Download artifact
-              uses: actions/download-artifact@v3
-              with:
-                  name: automation
-
-            - name: Set permissions
-              run: |
-                  chown 65532:65532 ./automation
-                  chmod 0755 ./automation
-
-            - name: Docker meta
-              id: meta
-              uses: https://github.com/docker/metadata-action@v5
-              with:
-                  images: git.huizinga.dev/dreaded_x/automation_rs
-                  tags: |
-                      type=ref,event=branch
-                      type=ref,event=pr
-                      type=semver,pattern={{version}}
-                      type=semver,pattern={{major}}.{{minor}}
-
-            - name: Login to registry
-              uses: https://github.com/docker/login-action@v3
-              with:
-                  registry: git.huizinga.dev
-                  username: ${{ gitea.actor }}
-                  password: ${{ secrets.REGISTRY_TOKEN }}
-
-            - name: Build and push Docker image
-              uses: https://github.com/docker/build-push-action@v5
-              with:
-                  context: .
-                  push: true
-                  tags: ${{ steps.meta.outputs.tags }}
-                  labels: ${{ steps.meta.outputs.labels }}
+        uses: dreaded_x/workflows/.gitea/workflows/rust-kubernetes.yaml@22ee0c1788a8d2157db87d6a6f8dbe520fe48592
+        secrets: inherit
+        with:
+            upload_manifests: false
 
     deploy:
         name: Deploy container
         runs-on: ubuntu-latest
         container: catthehacker/ubuntu:act-latest
-        needs: [container]
+        needs: build
         if: gitea.ref == 'refs/heads/master'
         steps:
             - name: Stop and remove current container
@@ -97,11 +37,9 @@ jobs:
                     -e MQTT_PASSWORD=${{ secrets.MQTT_PASSWORD }} \
                     -e HUE_TOKEN=${{ secrets.HUE_TOKEN }} \
                     -e NTFY_TOPIC=${{ secrets.NTFY_TOPIC }} \
-                    git.huizinga.dev/dreaded_x/automation_rs:master
+                    git.huizinga.dev/dreaded_x/automation_rs@${{ needs.build.outputs.digest }}
 
                   docker network connect web automation_rs
 
             - name: Start container
               run: docker start automation_rs
-
-            # TODO: Perform a healthcheck
diff --git a/Dockerfile b/Dockerfile
index 4c18441..2054c8a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,26 @@
-FROM gcr.io/distroless/cc-debian12:nonroot
+FROM rust:1.86 AS base
+ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
+RUN cargo install cargo-chef --locked --version 0.1.71 && \
+    cargo install cargo-auditable --locked --version 0.6.6
+WORKDIR /app
 
+FROM base AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM base AS builder
+# HACK: Now we can use unstable feature while on stable rust!
+ENV RUSTC_BOOTSTRAP=1
+COPY --from=planner /app/recipe.json recipe.json
+RUN cargo chef cook --release --recipe-path recipe.json
+
+COPY . .
+ARG RELEASE_VERSION
+ENV RELEASE_VERSION=${RELEASE_VERSION}
+RUN cargo auditable build --release
+
+FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
+COPY --from=builder /app/target/release/automation /app/automation
 ENV AUTOMATION_CONFIG=/app/config.lua
 COPY ./config.lua /app/config.lua
-
-COPY ./automation /app/automation
-
-CMD ["/app/automation"]
+CMD [ "/app/automation" ]