# Build stage - context: repo root (for veza-common path dep) FROM rust:alpine AS builder WORKDIR /build # Copy veza-common (path dependency) and stream-server COPY veza-common ./veza-common COPY veza-stream-server/Cargo.toml veza-stream-server/Cargo.lock ./veza-stream-server/ COPY veza-stream-server/benches ./veza-stream-server/benches # Install build dependencies RUN apk add --no-cache musl-dev ca-certificates perl make pkgconfig openssl-dev protobuf-dev openssl-libs-static WORKDIR /build/veza-stream-server # Fetch dependencies (this layer will be cached if Cargo.toml/Cargo.lock don't change) RUN cargo fetch --locked # Copy source code COPY veza-stream-server/src ./src COPY veza-stream-server/migrations ./migrations COPY veza-stream-server/proto ./proto COPY veza-stream-server/build.rs ./ # Build the application (runtime queries only, no SQLX_OFFLINE needed) RUN cargo build --release --locked --target x86_64-unknown-linux-musl # Runtime stage FROM alpine:3.21 # Install runtime dependencies RUN apk --no-cache add ca-certificates tzdata && \ # Add wget for health checks apk --no-cache add wget && \ # Clean up apk cache rm -rf /var/cache/apk/* # Create non-root user for security RUN addgroup -g 1001 -S app && \ adduser -S app -u 1001 -G app -h /app -s /bin/sh && \ mkdir -p /var/log/veza && chown app:app /var/log/veza # Set working directory WORKDIR /app # Copy binary from builder COPY --from=builder --chown=app:app /build/veza-stream-server/target/x86_64-unknown-linux-musl/release/stream_server /app/stream_server # Copy migrations if they exist (Removed as directory does not exist) # COPY --from=builder --chown=app:app /app/migrations ./migrations # Switch to app user USER app # Expose port (matches VITE_STREAM_PORT and docker-compose mapping) EXPOSE 18082 # Health check HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=5 \ CMD wget --no-verbose --tries=1 --spider http://localhost:${PORT:-18082}/health || exit 1 # Run the application CMD ["./stream_server"]