-
Notifications
You must be signed in to change notification settings - Fork 3
/
Dockerfile
77 lines (61 loc) · 2.15 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
############
# Metadata #
############
FROM scratch
LABEL maintainer="mkoppmann <dev@mkoppmann.at>"
###############
# Build image #
###############
FROM haskell:9.8-slim@sha256:0875140e7fbcdf71702a5f12457be551cf90e07da7241fd07476b5e61f9d1662 AS build
# Create the data folder for the deployment stage here, because there is no
# shell in distroless images available.
# Also create a new user so we don’t run the build process as root and create
# the folder for the files.
RUN mkdir -p /data \
&& adduser --system --group builder \
&& mkdir -p /build \
&& chown -R builder:builder /build
USER builder
WORKDIR /build
# Update cabal package database
RUN cabal update
# Copy files required for building all dependencies and build them
COPY *.cabal cabal.project ./
RUN cabal build \
--dependencies-only \
--disable-documentation \
--disable-tests \
-O2 \
all
# Copy the rest of the source files and build the executable.
COPY . .
RUN cabal install \
--disable-documentation \
--disable-tests \
--install-method=copy \
-O2
####################
# Deployment image #
####################
FROM gcr.io/distroless/base:nonroot@sha256:c3584d9160af7bbc6a0a6089dc954d0938bb7f755465bb4ef4265aad0221343e
# Copy missing shared libraries from build stage
COPY --from=build /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1
COPY --from=build /usr/lib/x86_64-linux-gnu/libgmp.so.10 /usr/lib/x86_64-linux-gnu/libgmp.so.10
# Copy executable from build stage
COPY --from=build /home/builder/.local/bin/eselsohr-exe /app/eselsohr
# Copy static folder from build stage
COPY --from=build --chown=nonroot:nonroot /build/static /app/static
# Copy data folder from build stage with correct permissions
COPY --from=build --chown=nonroot:nonroot /data /data
WORKDIR /app
EXPOSE 6979
# Set Eselsohr’s data folder to /data
ENV DATA_FOLDER=/data
# Set Eselsohr’s listen address to all interfaces, so it can be used outside the
# container.
ENV LISTEN_ADDR=0.0.0.0
# Set Eselsohr’s static folder path
ENV STATIC_FOLDER_PATH=/app/static
# Mark /data as volume for persistence
VOLUME ["/data"]
ENTRYPOINT ["./eselsohr"]