Created
May 10, 2025 21:10
-
-
Save storopoli/eb87a85ac5ca36d65dd63e041a9f4df4 to your computer and use it in GitHub Desktop.
Fuck Docker! But if you need it use this. From https://kerkour.com/rust-docker-from-scratch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #################################################################################################### | |
| ## Build | |
| #################################################################################################### | |
| # rust:alpine3.21 | |
| FROM rust@sha256:661d708cc863ce32007cf46807a72062a80d2944a6fae9e0d83742d2e04d5375 AS build | |
| RUN apk update && \ | |
| apk upgrade --no-cache && \ | |
| apk add --no-cache lld mold musl musl-dev libc-dev cmake clang clang-dev openssl file \ | |
| libressl-dev git make build-base bash curl wget zip gnupg coreutils gcc g++ zstd binutils ca-certificates upx | |
| WORKDIR /myproject | |
| COPY . ./ | |
| # or make build | |
| RUN cargo build --release | |
| #################################################################################################### | |
| ## This stage is used to get the correct files into the final image | |
| #################################################################################################### | |
| # alpine:3.21 | |
| FROM alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c AS files | |
| # mailcap is used for content type (MIME type) detection | |
| # tzdata is used for timezones info | |
| RUN apk update && \ | |
| apk upgrade --no-cache && \ | |
| apk add --no-cache ca-certificates mailcap tzdata | |
| RUN update-ca-certificates | |
| ENV USER=myproject | |
| ENV UID=10001 | |
| RUN adduser \ | |
| --disabled-password \ | |
| --gecos "" \ | |
| --home "/nonexistent" \ | |
| --shell "/sbin/nologin" \ | |
| --no-create-home \ | |
| --uid "${UID}" \ | |
| "${USER}" | |
| #################################################################################################### | |
| ## Final image | |
| #################################################################################################### | |
| FROM scratch | |
| # /etc/nsswitch.conf may be used by some DNS resolvers | |
| # /etc/mime.types may be used to detect the MIME type of files | |
| COPY --from=files \ | |
| /etc/passwd \ | |
| /etc/group \ | |
| /etc/nsswitch.conf \ | |
| /etc/mime.types \ | |
| /etc/ | |
| COPY --from=files /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ | |
| COPY --from=files /usr/share/zoneinfo /usr/share/zoneinfo | |
| # Copy our build | |
| COPY --from=build /myproject/target/release/myproject /bin/myproject | |
| # Use an unprivileged user. | |
| USER myproject:myproject | |
| # the scratch image doesn't have a /tmp folder, you may need it | |
| WORKDIR /tmp | |
| WORKDIR /myproject | |
| ENTRYPOINT ["/bin/myproject"] | |
| # EXPOSE 8080 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment