Use new and improved rust workflow and Dockerfile

.dockerignore

@@ -1,2 +1,4 @@
 /target
 .env
+# Use the rust environment provided by the container
+rust-toolchain.toml

.gitea/workflows/build.yml

@@ -1,84 +1,24 @@
-# Based on: https://pastebin.com/99Fq2b2w
 name: Build and deploy
 on:
     push:
         branches:
             - master
             - feature/**
+        tags:
+            - v*.*.*
 
 jobs:
     build:
-        name: Build application
+        uses: dreaded_x/workflows/.gitea/workflows/rust-kubernetes.yaml@55061527726dc902446f62c7c13dca5607e4d6a8
-        runs-on: ubuntu-latest
+        secrets: inherit
-        container: catthehacker/ubuntu:act-latest
-        steps:
-            - name: Checkout
-              uses: actions/checkout@v4
-
-            - name: Setup Rust
-              uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-                  rustflags: ""
+            generate_crds: true
-
-            - name: Build
-              run: cargo build --release
-
-            - name: Upload artifact
-              uses: actions/upload-artifact@v3
-              with:
-                  name: automation
-                  path: target/release/automation
-
-    container:
-        name: Build container
-        runs-on: ubuntu-latest
-        needs: [build]
-        container: catthehacker/ubuntu:act-latest
-        steps:
-            - name: Checkout
-              uses: actions/checkout@v4
-
-            - name: Download artifact
-              uses: actions/download-artifact@v3
-              with:
-                  name: automation
-
-            - name: Set permissions
-              run: |
-                  chown 65532:65532 ./automation
-                  chmod 0755 ./automation
-
-            - name: Docker meta
-              id: meta
-              uses: https://github.com/docker/metadata-action@v5
-              with:
-                  images: git.huizinga.dev/dreaded_x/automation_rs
-                  tags: |
-                      type=ref,event=branch
-                      type=ref,event=pr
-                      type=semver,pattern={{version}}
-                      type=semver,pattern={{major}}.{{minor}}
-
-            - name: Login to registry
-              uses: https://github.com/docker/login-action@v3
-              with:
-                  registry: git.huizinga.dev
-                  username: ${{ gitea.actor }}
-                  password: ${{ secrets.REGISTRY_TOKEN }}
-
-            - name: Build and push Docker image
-              uses: https://github.com/docker/build-push-action@v5
-              with:
-                  context: .
-                  push: true
-                  tags: ${{ steps.meta.outputs.tags }}
-                  labels: ${{ steps.meta.outputs.labels }}
 
     deploy:
         name: Deploy container
         runs-on: ubuntu-latest
         container: catthehacker/ubuntu:act-latest
-        needs: [container]
+        needs: build
         if: gitea.ref == 'refs/heads/master'
         steps:
             - name: Stop and remove current container
@@ -88,6 +28,7 @@ jobs:
 
             - name: Create container
               run: |
+                  echo "DIGEST = ${{ needs.build.outputs.digest }}"
                   docker create \
                     --pull always \
                     --restart unless-stopped \
@@ -97,11 +38,9 @@ jobs:
                     -e MQTT_PASSWORD=${{ secrets.MQTT_PASSWORD }} \
                     -e HUE_TOKEN=${{ secrets.HUE_TOKEN }} \
                     -e NTFY_TOPIC=${{ secrets.NTFY_TOPIC }} \
-                    git.huizinga.dev/dreaded_x/automation_rs:master
+                    git.huizinga.dev/dreaded_x/automation_rs:${{ needs.build.outputs.digest }}
 
                   docker network connect web automation_rs
 
             - name: Start container
               run: docker start automation_rs
-
-            # TODO: Perform a healthcheck

.pre-commit-config.yaml

@@ -5,16 +5,12 @@ repos:
       - id: trailing-whitespace
       - id: end-of-file-fixer
       - id: check-yaml
+        args:
+          - --allow-multiple-documents
       - id: check-toml
       - id: check-added-large-files
       - id: check-merge-conflict
 
-  - repo: https://github.com/doublify/pre-commit-rust
-    rev: v1.0
-    hooks:
-      - id: clippy
-      - id: fmt
-
   - repo: https://github.com/JohnnyMorganz/StyLua
     rev: v0.20.0
     hooks:
@@ -26,7 +22,59 @@ repos:
       - id: typos
         args: ["--force-exclude"]
 
-  - repo: https://github.com/pryorda/dockerfilelint-precommit-hooks
+  - repo: local
-    rev: v0.1.0
     hooks:
-      - id: dockerfilelint
+      - id: fmt
+        name: fmt
+        description: Format files with cargo fmt.
+        entry: cargo +nightly fmt
+        language: system
+        types: [rust]
+        args: ["--", "--check"]
+        # For some reason some formatting is different depending on how you invoke?
+        pass_filenames: false
+
+      - id: clippy
+        name: clippy
+        description: Lint rust sources
+        entry: cargo clippy
+        language: system
+        args: ["--", "-D", "warnings"]
+        types: [file]
+        files: (\.rs|Cargo.lock)$
+        pass_filenames: false
+
+      - id: audit
+        name: audit
+        description: Audit packages
+        entry: cargo audit
+        args: ["--deny", "warnings"]
+        language: system
+        pass_filenames: false
+        verbose: true
+        always_run: true
+
+      - id: udeps
+        name: unused
+        description: Check for unused crates
+        entry: cargo udeps
+        args: ["--workspace"]
+        language: system
+        types: [file]
+        files: (\.rs|Cargo.lock)$
+        pass_filenames: false
+
+      - id: test
+        name: test
+        description: Rust test
+        entry: cargo test
+        language: system
+        args: ["--workspace"]
+        types: [file]
+        files: (\.rs|Cargo.lock)$
+        pass_filenames: false
+
+  - repo: https://github.com/hadolint/hadolint
+    rev: v2.12.0
+    hooks:
+      - id: hadolint

Cargo.toml

@@ -47,7 +47,6 @@ impls = "1.0.3"
 indexmap = { version = "2.0.0", features = ["serde"] }
 itertools = "0.13.0"
 json_value_merge = "2.0.0"
-pollster = "0.4.0"
 proc-macro2 = "1.0.81"
 quote = "1.0.36"
 reqwest = { version = "0.12.9", features = [

Dockerfile

@@ -1,8 +1,25 @@
-FROM gcr.io/distroless/cc-debian12:nonroot
+FROM rust:1.86 AS base
+ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
+RUN cargo install cargo-chef --locked --version 0.1.71 && \
+    cargo install cargo-auditable --locked --version 0.6.6
+WORKDIR /app
 
-ENV AUTOMATION_CONFIG=/app/config.lua
+FROM base AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM base AS builder
+# HACK: Now we can use unstable feature while on stable rust!
+ENV RUSTC_BOOTSTRAP=1
+COPY --from=planner /app/recipe.json recipe.json
+RUN cargo chef cook --release --recipe-path recipe.json
+
+COPY . .
+ARG RELEASE_VERSION
+ENV RELEASE_VERSION=${RELEASE_VERSION}
+RUN cargo auditable build --release
+
+FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
+COPY --from=builder /app/target/release/automation /app/automation
 COPY ./config.lua /app/config.lua
-
+CMD [ "/app/automation" ]
-COPY ./automation /app/automation
-
-CMD ["/app/automation"]

automation_lib/Cargo.toml

@@ -15,14 +15,12 @@ reqwest = { workspace = true }
 serde_repr = { workspace = true }
 tracing = { workspace = true }
 bytes = { workspace = true }
-pollster = { workspace = true }
 async-trait = { workspace = true }
 futures = { workspace = true }
 thiserror = { workspace = true }
 indexmap = { workspace = true }
 tokio-cron-scheduler = { workspace = true }
 mlua = { workspace = true }
-tokio-util = { workspace = true }
 uuid = { workspace = true }
 dyn-clone = { workspace = true }
 impls = { workspace = true }