2025-12-03 19:36:56 +00:00
|
|
|
# Production Dockerfile for Stream Server
|
|
|
|
|
# Optimized for smaller size and security
|
|
|
|
|
|
|
|
|
|
# Build stage
|
chore: consolidate CI, E2E, backend and frontend updates
- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates
2026-02-17 15:43:21 +00:00
|
|
|
FROM rust:1.84-alpine AS builder
|
2025-12-03 19:36:56 +00:00
|
|
|
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
|
|
|
|
# Install build dependencies
|
|
|
|
|
RUN apk add --no-cache musl-dev ca-certificates
|
|
|
|
|
|
|
|
|
|
# Copy Cargo files first for better caching
|
|
|
|
|
COPY Cargo.toml Cargo.lock ./
|
|
|
|
|
|
|
|
|
|
# Fetch dependencies (this layer will be cached if Cargo.toml/Cargo.lock don't change)
|
|
|
|
|
RUN cargo fetch --locked
|
|
|
|
|
|
|
|
|
|
# Copy source code
|
|
|
|
|
COPY src ./src
|
|
|
|
|
COPY migrations ./migrations 2>/dev/null || true
|
|
|
|
|
COPY build.rs ./
|
|
|
|
|
|
|
|
|
|
# Build the application with optimizations
|
|
|
|
|
# - --locked: ensures reproducible builds
|
|
|
|
|
# - --target x86_64-unknown-linux-musl: static binary for alpine
|
|
|
|
|
# - Strip symbols in release profile (configured in Cargo.toml)
|
|
|
|
|
RUN cargo build --release --locked --target x86_64-unknown-linux-musl && \
|
|
|
|
|
# Strip the binary to reduce size
|
|
|
|
|
strip /app/target/x86_64-unknown-linux-musl/release/stream_server
|
|
|
|
|
|
|
|
|
|
# Runtime stage - minimal alpine
|
chore: consolidate CI, E2E, backend and frontend updates
- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates
2026-02-17 15:43:21 +00:00
|
|
|
FROM alpine:3.21
|
2025-12-03 19:36:56 +00:00
|
|
|
|
|
|
|
|
# Install only runtime dependencies
|
|
|
|
|
RUN apk --no-cache add ca-certificates tzdata && \
|
|
|
|
|
# Add wget for health checks
|
|
|
|
|
apk --no-cache add wget && \
|
|
|
|
|
# Clean up apk cache
|
|
|
|
|
rm -rf /var/cache/apk/*
|
|
|
|
|
|
|
|
|
|
# Create non-root user for security
|
|
|
|
|
RUN addgroup -g 1001 -S app && \
|
|
|
|
|
adduser -S app -u 1001 -G app -h /app -s /bin/sh
|
|
|
|
|
|
|
|
|
|
# Set working directory
|
|
|
|
|
WORKDIR /app
|
|
|
|
|
|
|
|
|
|
# Copy binary from builder
|
|
|
|
|
COPY --from=builder --chown=app:app /app/target/x86_64-unknown-linux-musl/release/stream_server /app/stream_server
|
|
|
|
|
|
|
|
|
|
# Copy migrations if they exist
|
|
|
|
|
COPY --from=builder --chown=app:app /app/migrations ./migrations 2>/dev/null || true
|
|
|
|
|
|
|
|
|
|
# Switch to app user
|
|
|
|
|
USER app
|
|
|
|
|
|
|
|
|
|
# Expose port
|
|
|
|
|
EXPOSE 8082
|
|
|
|
|
|
|
|
|
|
# Health check
|
|
|
|
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
|
|
|
|
|
CMD wget --no-verbose --tries=1 --spider http://localhost:8082/health || exit 1
|
|
|
|
|
|
|
|
|
|
# Run the application
|
|
|
|
|
ENTRYPOINT ["./stream_server"]
|
