senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-stream-server/Dockerfile.production
senke b103a09a25 chore: consolidate CI, E2E, backend and frontend updates 
- CI: workflows updates (cd, ci), remove playwright.yml
- E2E: global-setup, auth/playlists/profile specs
- Remove playwright-report and test-results artifacts from tracking
- Backend: auth, handlers, services, workers, migrations
- Frontend: components, features, vite config
- Add e2e-results.json to gitignore
- Docs: REMEDIATION_PROGRESS, audit archive
- Rust: chat-server, stream-server updates
2026-02-17 16:43:21 +01:00

65 lines
1.8 KiB
Text
Raw Blame History

# Production Dockerfile for Stream Server
# Optimized for smaller size and security
# Build stage
FROM rust:1.84-alpine AS builder
WORKDIR /app
# Install build dependencies
RUN apk add --no-cache musl-dev ca-certificates
# Copy Cargo files first for better caching
COPY Cargo.toml Cargo.lock ./
# Fetch dependencies (this layer will be cached if Cargo.toml/Cargo.lock don't change)
RUN cargo fetch --locked
# Copy source code
COPY src ./src
COPY migrations ./migrations 2>/dev/null || true
COPY build.rs ./
# Build the application with optimizations
# - --locked: ensures reproducible builds
# - --target x86_64-unknown-linux-musl: static binary for alpine
# - Strip symbols in release profile (configured in Cargo.toml)
RUN cargo build --release --locked --target x86_64-unknown-linux-musl && \
# Strip the binary to reduce size
strip /app/target/x86_64-unknown-linux-musl/release/stream_server
# Runtime stage - minimal alpine
FROM alpine:3.21
# Install only runtime dependencies
RUN apk --no-cache add ca-certificates tzdata && \
# Add wget for health checks
apk --no-cache add wget && \
# Clean up apk cache
rm -rf /var/cache/apk/*
# Create non-root user for security
RUN addgroup -g 1001 -S app && \
adduser -S app -u 1001 -G app -h /app -s /bin/sh
# Set working directory
WORKDIR /app
# Copy binary from builder
COPY --from=builder --chown=app:app /app/target/x86_64-unknown-linux-musl/release/stream_server /app/stream_server
# Copy migrations if they exist
COPY --from=builder --chown=app:app /app/migrations ./migrations 2>/dev/null || true
# Switch to app user
USER app
# Expose port
EXPOSE 8082
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:8082/health || exit 1
# Run the application
ENTRYPOINT ["./stream_server"]
Reference in a new issue View git blame Copy permalink