FROM docker.io/library/rust:1-bookworm as builder ARG CARGO_LOG RUN apt-get update \ && apt-get install -y cmake protobuf-compiler \ && rm -rf /var/lib/apt/lists/* RUN USER=root cargo install cargo-auditable RUN USER=root cargo new --bin floonet-rs WORKDIR ./floonet-rs COPY ./Cargo.toml ./Cargo.toml COPY ./Cargo.lock ./Cargo.lock # build dependencies only (caching) RUN cargo auditable build --release --locked # get rid of starter project code RUN rm src/*.rs # copy project source code COPY ./src ./src COPY ./proto ./proto COPY ./assets ./assets COPY ./build.rs ./build.rs # build auditable release using locked deps RUN rm ./target/release/deps/floonet* RUN cargo auditable build --release --locked FROM docker.io/library/debian:bookworm-slim ARG APP=/usr/src/app ARG APP_DATA=/usr/src/app/db RUN apt-get update \ && apt-get install -y ca-certificates tzdata sqlite3 libc6 \ && rm -rf /var/lib/apt/lists/* EXPOSE 8080 ENV TZ=Etc/UTC \ APP_USER=appuser RUN groupadd $APP_USER \ && useradd -g $APP_USER $APP_USER \ && mkdir -p ${APP} \ && mkdir -p ${APP_DATA} COPY --from=builder /floonet-rs/target/release/floonet-rs ${APP}/floonet-rs RUN chown -R $APP_USER:$APP_USER ${APP} USER $APP_USER WORKDIR ${APP} ENV RUST_LOG=info,floonet_rs=info ENV APP_DATA=${APP_DATA} CMD ./floonet-rs --db ${APP_DATA}