From 40ee96d7145d4d5b3311e182d908c94ce5df7f4f Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Fri, 21 Mar 2025 03:58:52 +0100
Subject: [PATCH] Build auditable binaries

---
 Dockerfile | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 05bf844..383cc5e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,18 +1,19 @@
-FROM rust:1.85 AS chef
+FROM rust:1.85 AS base
 ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse
-RUN cargo install cargo-chef --locked --version 0.1.71
+RUN cargo install cargo-chef --locked --version 0.1.71 && \
+    cargo install cargo-auditable --locked --version 0.6.6
 WORKDIR /app
 
-FROM chef AS planner
+FROM base AS planner
 COPY . .
 RUN cargo chef prepare --recipe-path recipe.json
 
-FROM chef AS builder
+FROM base AS builder
 COPY --from=planner /app/recipe.json recipe.json
 RUN cargo chef cook --release --recipe-path recipe.json
 
 COPY . .
-RUN cargo build --release
+RUN cargo auditable build --release
 
 FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
 COPY --from=builder /app/target/release/lldap-controller /lldap-controller