34 lines
775 B
Docker
34 lines
775 B
Docker
FROM rust:1.72-buster as builder
|
|
|
|
WORKDIR /app
|
|
COPY Cargo.toml Cargo.lock askama.toml ./
|
|
COPY src ./src
|
|
COPY static ./static
|
|
# Build binary in release mode.
|
|
RUN cargo build --release --all-features
|
|
|
|
FROM debian:bullseye-20230109-slim as base
|
|
|
|
WORKDIR /
|
|
|
|
RUN apt-get update \
|
|
&& apt-get install -y openssl ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY static ./static
|
|
|
|
# Copy built binary to a new image.
|
|
COPY --from=builder /app/target/release/s3bot /usr/local/bin/
|
|
|
|
ENTRYPOINT ["/usr/local/bin/s3bot"]
|
|
|
|
FROM base as rootless
|
|
|
|
# Create a user and make the image rootless. So no one
|
|
# can escalate privileges even if they have access to
|
|
# container.
|
|
RUN useradd --create-home -u 1000 --user-group s3bot
|
|
WORKDIR /home/s3bot
|
|
RUN mv /static ./static
|
|
USER s3bot
|