| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 |
- # This file was generated using a Jinja2 template.
- # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
- # Using multistage build:
- # https://docs.docker.com/develop/develop-images/multistage-build/
- # https://whitfin.io/speeding-up-rust-docker-builds/
- ####################### VAULT BUILD IMAGE #######################
- # This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable.
- # It can be viewed in multiple ways:
- # - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
- # - From the console, with the following commands:
- # docker pull bitwardenrs/web-vault:v2.12.0e
- # docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.12.0e
- #
- # - To do the opposite, and get the tag from the hash, you can do:
- # docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c
- FROM bitwardenrs/web-vault@sha256:ce56b3f5e538351411785ac45e9b4b913259c3508b1323d62e8fa0f30717dd1c as vault
- ########################## BUILD IMAGE ##########################
- # We need to use the Rust build image, because
- # we need the Rust compiler and Cargo tooling
- FROM rust:1.40 as build
- # set sqlite as default for DB ARG for backward compatibility
- ARG DB=sqlite
- # Build time options to avoid dpkg warnings and help with reproducible builds.
- ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
- # Don't download rust docs
- RUN rustup set profile minimal
- # Creates a dummy project used to grab dependencies
- RUN USER=root cargo new --bin /app
- WORKDIR /app
- # Copies over *only* your manifests and build files
- COPY ./Cargo.* ./
- COPY ./rust-toolchain ./rust-toolchain
- COPY ./build.rs ./build.rs
- # Builds your dependencies and removes the
- # dummy project, except the target folder
- # This folder contains the compiled dependencies
- RUN cargo build --features ${DB} --release
- RUN find . -not -path "./target*" -delete
- # Copies the complete project
- # To avoid copying unneeded files, use .dockerignore
- COPY . .
- # Make sure that we actually build the project
- RUN touch src/main.rs
- # Builds again, this time it'll just be
- # your actual source files being built
- RUN cargo build --features ${DB} --release
- ######################## RUNTIME IMAGE ########################
- # Create a new stage with a minimal image
- # because we already have a binary built
- FROM debian:buster-slim
- ENV ROCKET_ENV "staging"
- ENV ROCKET_PORT=80
- ENV ROCKET_WORKERS=10
- # Install needed libraries
- RUN apt-get update && apt-get install -y \
- --no-install-recommends \
- openssl \
- ca-certificates \
- curl \
- sqlite3 \
- && rm -rf /var/lib/apt/lists/*
- RUN mkdir /data
- VOLUME /data
- EXPOSE 80
- EXPOSE 3012
- # Copies the files from the context (Rocket.toml file and web-vault)
- # and the binary from the "build" stage to the current stage
- COPY Rocket.toml .
- COPY --from=vault /web-vault ./web-vault
- COPY --from=build app/target/release/bitwarden_rs .
- COPY docker/healthcheck.sh ./healthcheck.sh
- HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
- # Configures the startup!
- WORKDIR /
- CMD ["/bitwarden_rs"]
|
