From 1b2e0faece57b05800bcd1e578a942472d95c7fd Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Fri, 21 Mar 2025 03:34:30 +0100 Subject: [PATCH] Switched to nonroot distroless base and improved layer caching --- .gitea/workflows/build.yaml | 2 +- Dockerfile | 27 +++++++++++++++++++-------- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml index d04dbcc..e4f7dbb 100644 --- a/.gitea/workflows/build.yaml +++ b/.gitea/workflows/build.yaml @@ -59,7 +59,7 @@ jobs: - name: Generate CRDs run: | - docker run --rm ${{ steps.build.outputs.imageid }} crdgen > ./manifests/crds.yaml + docker run --rm ${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml - name: Push container uses: docker/build-push-action@v6 diff --git a/Dockerfile b/Dockerfile index 844aaba..05bf844 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,20 @@ -FROM rust:1.85 AS builder -WORKDIR /usr/src/lldap-controller -ADD . . -RUN cargo install --path . +FROM rust:1.85 AS chef +ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse +RUN cargo install cargo-chef --locked --version 0.1.71 +WORKDIR /app -FROM debian:bookworm-slim -COPY --from=builder /usr/local/cargo/bin/lldap-controller /usr/local/bin/lldap-controller -COPY --from=builder /usr/local/cargo/bin/crdgen /usr/local/bin/crdgen -CMD ["lldap-controller"] +FROM chef AS planner +COPY . . +RUN cargo chef prepare --recipe-path recipe.json + +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json +RUN cargo chef cook --release --recipe-path recipe.json + +COPY . . +RUN cargo build --release + +FROM gcr.io/distroless/cc-debian12:nonroot AS runtime +COPY --from=builder /app/target/release/lldap-controller /lldap-controller +COPY --from=builder /app/target/release/crdgen /crdgen +CMD ["/lldap-controller"]