data.source.coop/Dockerfile at main · source-cooperative/data.source.coop · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
# Build stage - target x86_64 for ECS Fargate compatibility
# Use bookworm variant to match runtime stage GLIBC version
FROM --platform=linux/amd64 rust:1.90.0-bookworm AS builder

# Set environment variables for consistent builds
ENV CARGO_TARGET_DIR=/app/target
ENV RUSTFLAGS="-C target-cpu=x86-64"

# Copy source code
COPY . /app
WORKDIR /app

# Add x86_64 target and build
RUN rustup target add x86_64-unknown-linux-gnu
RUN cargo build --release --target x86_64-unknown-linux-gnu

# Runtime stage - minimal Debian image
FROM --platform=linux/amd64 debian:bookworm-slim AS runtime

# Install runtime dependencies (ca-certificates for HTTPS requests)
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        ca-certificates \
        curl \
        && rm -rf /var/lib/apt/lists/*

# Create app user for security
RUN groupadd -r appuser && useradd -r -g appuser appuser

# Copy the built binary from builder stage
COPY --from=builder /app/target/x86_64-unknown-linux-gnu/release/source-data-proxy /app/source-data-proxy

# Set proper permissions
RUN chown appuser:appuser /app/source-data-proxy && \
    chmod +x /app/source-data-proxy

# Switch to non-root user
USER appuser

# Set working directory and expose port
WORKDIR /app
EXPOSE 8080

# Health check endpoint (using root path which returns version info)
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8080/ || exit 1

# Run the binary directly
ENTRYPOINT ["/app/source-data-proxy"]