FROM rust:1.67.1-buster as builder

WORKDIR /app
COPY Cargo.toml Cargo.lock askama.toml ./
COPY src ./src
COPY static ./static
# Build binary in release mode.
RUN cargo build --release --all-features

FROM debian:bullseye-20230109-slim as base

WORKDIR /

RUN apt-get update \
    && apt-get install -y openssl ca-certificates \
    && rm -rf /var/lib/apt/lists/*

COPY static ./static

# Copy built binary to a new image.
COPY --from=builder /app/target/release/s3bot /usr/local/bin/

ENTRYPOINT ["/usr/local/bin/s3bot"]

FROM base as rootless

# Create a user and make the image rootless. So no one
# can escalate privileges even if they have access to
# container.
RUN useradd --create-home  -u 1000 --user-group s3bot
WORKDIR /home/s3bot
RUN mv /static ./static
USER s3bot