bddc1a8027
Build hiy-server targeting aarch64-unknown-linux-musl so the binary has no glibc dependency at all, making the runtime image irrelevant to glibc version mismatches. Uses rustls (already in Cargo.toml) so no OpenSSL vendoring needed. SQLite is bundled by sqlx.
41 lines
1.4 KiB
Text
41 lines
1.4 KiB
Text
# ── Build stage ───────────────────────────────────────────────────────────────
|
|
FROM rust:1.84-slim-bookworm AS builder
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
pkg-config \
|
|
musl-tools \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN rustup target add aarch64-unknown-linux-musl
|
|
|
|
WORKDIR /build
|
|
|
|
# Cache dependencies separately from source.
|
|
COPY Cargo.toml Cargo.lock* ./
|
|
COPY server/Cargo.toml ./server/
|
|
RUN mkdir -p server/src && echo 'fn main(){}' > server/src/main.rs
|
|
RUN cargo build --release --target aarch64-unknown-linux-musl -p hiy-server 2>/dev/null || true
|
|
RUN rm -f server/src/main.rs
|
|
|
|
# Build actual source.
|
|
COPY server/src ./server/src
|
|
RUN touch server/src/main.rs && cargo build --release --target aarch64-unknown-linux-musl -p hiy-server
|
|
|
|
# ── Runtime stage ─────────────────────────────────────────────────────────────
|
|
FROM debian:bookworm-slim
|
|
|
|
RUN apt-get update && apt-get install -y \
|
|
ca-certificates \
|
|
git \
|
|
curl \
|
|
bash \
|
|
python3 \
|
|
# Docker CLI (no daemon — uses host socket)
|
|
docker.io \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
COPY --from=builder /build/target/aarch64-unknown-linux-musl/release/hiy-server /usr/local/bin/hiy-server
|
|
|
|
WORKDIR /app
|
|
|
|
CMD ["hiy-server"]
|