From 29756b957888543049a6708665b587f0b3254e50 Mon Sep 17 00:00:00 2001
From: aleidk <ale.navarro.parra@gmail.com>
Date: Fri, 14 Mar 2025 16:54:38 -0300
Subject: [PATCH] build: update dockerfile

support rootless and cache cargo build for faster builds
---
 Dockerfile | 43 ++++++++++++++++++++++++++++++++-----------
 1 file changed, 32 insertions(+), 11 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 03fab47..2bb1d67 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,19 +1,19 @@
 
 # ── Javascript ──────────────────────────────────────────────────────────
 
-FROM oven/bun:1 AS base-js
+FROM oven/bun:1 AS bun
 WORKDIR /usr/src/app
 
 # install dependencies into temp directory
 # this will cache them and speed up future builds
-FROM base-js AS install
+FROM bun AS js-deps
 COPY package.json bun.lock /temp/dev/
 RUN cd /temp/dev && bun install --frozen-lockfile
 
 # copy node_modules from temp directory
 # then copy all (non-ignored) project files into the image
-FROM base-js AS prerelease
-COPY --from=install /temp/dev/node_modules node_modules
+FROM bun AS js-bundler
+COPY --from=js-deps /temp/dev/node_modules node_modules
 COPY frontend frontend
 COPY .devfiles/scripts/build-frontend.ts .devfiles/scripts/build-frontend.ts
 
@@ -22,22 +22,43 @@ RUN bun ./.devfiles/scripts/build-frontend.ts
 
 # ── Rust ────────────────────────────────────────────────────────────────
 
-FROM rust:slim AS base-rust
+FROM rust:slim AS builder
 
 WORKDIR /app
 
+# Create appuser in builder as the scratch image can't do it
+RUN adduser \
+  --disabled-password \
+  --gecos "" \
+  --home "/nonexistent" \
+  --shell "/sbin/nologin" \
+  --no-create-home \
+  --uid 10001 \
+  appuser
+
+COPY --from=js-bundler /usr/src/app/dist dist
+
 COPY . .
-COPY --from=prerelease /usr/src/app/dist dist
 
-RUN cargo build --locked --release
+RUN --mount=type=cache,target=/app/target/ \
+  --mount=type=cache,target=/usr/local/cargo/git/db \
+  --mount=type=cache,target=/usr/local/cargo/registry/ \
+  cargo build --locked --release \
+  && mv target/release/compendium /tmp/compendium
 
-FROM scratch AS runner
+FROM gcr.io/distroless/cc AS runner
+
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
 
 ENV RUST_LOG="compendium=debug,info"
 
-COPY --from=base-rust /app/target/release/compendium /
+WORKDIR /app
+
+COPY --from=builder --chown=appuser:appuser /tmp/compendium /app/compendium 
 
 EXPOSE 3000
 
-ENTRYPOINT ["./compendium"]
-CMD ["./compendium"]
+USER appuser:appuser
+
+CMD ["/app/compendium"]