Switched to nonroot distroless base and improved layer caching

2025-03-21 03:34:30 +01:00 · 2025-03-21 03:34:30 +01:00 · 1b2e0faece
commit 1b2e0faece
parent 16dc78358d
2 changed files with 20 additions and 9 deletions
--- a/.gitea/workflows/build.yaml
+++ b/.gitea/workflows/build.yaml
@ -59,7 +59,7 @@ jobs:

      - name: Generate CRDs
        run: |
-          docker run --rm ${{ steps.build.outputs.imageid }} crdgen > ./manifests/crds.yaml
+          docker run --rm ${{ steps.build.outputs.imageid }} /crdgen > ./manifests/crds.yaml

      - name: Push container
        uses: docker/build-push-action@v6
--- a/27
+++ b/27
@ -1,9 +1,20 @@
-FROM rust:1.85 AS builder
-WORKDIR /usr/src/lldap-controller
-ADD . .
-RUN cargo install --path .
+FROM rust:1.85 AS chef
+ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
+RUN cargo install cargo-chef --locked --version 0.1.71
+WORKDIR /app

-FROM debian:bookworm-slim
-COPY --from=builder /usr/local/cargo/bin/lldap-controller /usr/local/bin/lldap-controller
-COPY --from=builder /usr/local/cargo/bin/crdgen /usr/local/bin/crdgen
-CMD ["lldap-controller"]
+FROM chef AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+FROM chef AS builder
+COPY --from=planner /app/recipe.json recipe.json
+RUN cargo chef cook --release --recipe-path recipe.json
+
+COPY . .
+RUN cargo build --release
+
+FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
+COPY --from=builder /app/target/release/lldap-controller /lldap-controller
+COPY --from=builder /app/target/release/crdgen /crdgen
+CMD ["/lldap-controller"]