diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb4d4f6..5c743b9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,23 +45,19 @@ jobs: needs: check if: github.ref == 'refs/heads/master' steps: - - uses: actions/checkout@v4 - - name: Build image - run: docker build . --file Dockerfile --tag $IMAGE_NAME - - name: Log into registry - run: echo ${{ secrets.PACKAGES_ACCESS_TOKEN }} | docker login ghcr.io -u $GITHUB_ACTOR --password-stdin - - name: Push image - run: | - IMAGE_ID=ghcr.io/${{ github.repository }} - # Change all uppercase to lowercase - IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - docker tag $IMAGE_NAME $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.PACKAGES_ACCESS_TOKEN }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ghcr.io/jakewmeyer/sandbox:latest + cache-from: type=registry,ref=ghcr.io/jakewmeyer/sandbox:latest + cache-to: type=inline diff --git a/Dockerfile b/Dockerfile index 3e3894c..9122dd9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,8 @@ -FROM rust:1.72.0-alpine AS chef +FROM rust:1.72.0-alpine AS base RUN apk add musl-dev musl-utils RUN cargo install cargo-chef + +FROM base AS chef COPY . . RUN cargo chef prepare --recipe-path recipe.json @@ -8,8 +10,10 @@ FROM chef AS builder COPY --from=chef /recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json COPY . . -RUN cargo build --target x86_64-unknown-linux-musl --release +RUN cargo build --target x86_64-unknown-linux-musl --release --bin sandbox-api -FROM alpine:latest -COPY --from=builder /target/x86_64-unknown-linux-musl/release/sandbox-api . -ENTRYPOINT ["/sandbox-api"] +FROM alpine AS runtime +RUN addgroup -S app && adduser -S app -G app +COPY --from=builder /target/x86_64-unknown-linux-musl/release/sandbox-api /usr/local/bin/ +USER app +CMD ["/usr/local/bin/sandbox-api"]