Switched to nonroot distroless base and improved layer caching

2025-03-21 03:34:30 +01:00 · 2025-03-21 03:34:30 +01:00 · 1b2e0faece
commit 1b2e0faece
parent 16dc78358d
2 changed files with 20 additions and 9 deletions
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@ -59,7 +59,7 @@ jobs:
      - name: Generate CRDs
        run: |
-          docker run --rm ${{ steps.build.outputs.imageid }} crdgen > ./manifests/crds.yaml
+          docker run --rm ${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml
      - name: Push container
        uses: docker/build-push-action@v6
--- a/27
+++ b/27
@ -1,9 +1,20 @@
-FROM rust:1.85 AS builder
+FROM rust:1.85 AS chef
-WORKDIR /usr/src/lldap-controller
+ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
-ADD . .
+RUN cargo install cargo-chef --locked --version 0.1.71
-RUN cargo install --path .
+WORKDIR /app
-FROM debian:bookworm-slim
+FROM chef AS planner
-COPY --from=builder /usr/local/cargo/bin/lldap-controller /usr/local/bin/lldap-controller
+COPY . .
-COPY --from=builder /usr/local/cargo/bin/crdgen /usr/local/bin/crdgen
+RUN cargo chef prepare --recipe-path recipe.json
-CMD ["lldap-controller"]
+
 FROM chef AS builder
 COPY --from=planner /app/recipe.json recipe.json
 RUN cargo chef cook --release --recipe-path recipe.json
 COPY . .
 RUN cargo build --release
 FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
 COPY --from=builder /app/target/release/lldap-controller /lldap-controller
 COPY --from=builder /app/target/release/crdgen /crdgen
 CMD ["/lldap-controller"]