-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathContainerfile
103 lines (78 loc) · 2.8 KB
/
Containerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# syntax=docker/dockerfile:1.9
ARG DEBIAN_VERSION=bookworm
ARG DEBIAN_VERSION_NUMBER=12
ARG PROJECT=dragonfly-client-rs
ARG RUST_VERSION=1
ARG RUSTFLAGS="-L/usr/local/lib"
ARG YARA_VERSION=4.5.1
# ====================================================================================================
# Base
FROM rust:${RUST_VERSION}-${DEBIAN_VERSION} AS build-base
ARG PROJECT
ARG RUSTFLAGS
ARG YARA_VERSION
RUN <<EOT
#!/usr/bin/env bash
set -e
apt-get -q update
apt-get -qy --no-install-recommends install curl libclang-dev
rm -rf /var/lib/apt/lists/*
EOT
RUN <<EOT
#!/usr/bin/env bash
set -euo pipefail
archive_filename="yara-${YARA_VERSION}.tar.gz"
curl -sL "https://github.com/VirusTotal/yara/archive/refs/tags/v${YARA_VERSION}.tar.gz" -o "${archive_filename}"
tar -xzf "${archive_filename}" && cd "yara-${YARA_VERSION}" && ./bootstrap.sh && ./configure && make && make install
EOT
WORKDIR /app
COPY .cargo Cargo.toml ./
COPY Cargo.lock Cargo.lock
# ====================================================================================================
# Debug
FROM build-base AS build-debug
ARG PROJECT
RUN --mount=type=cache,id=cargo-registry,target=/usr/local/cargo/registry \
--mount=type=cache,id=rust-target-debug,target=/app/target \
<<EOT
#!/usr/bin/env bash
set -eu
mkdir src
echo 'fn main() {}' > src/main.rs
cargo build --locked
rm src/main.rs target/debug/deps/${PROJECT//-/_}*
EOT
COPY src src
RUN --mount=type=cache,id=cargo-registry,target=/usr/local/cargo/registry \
--mount=type=cache,id=rust-target-debug,target=/app/target \
cargo build --locked && cp /app/target/debug/${PROJECT} /app/${PROJECT}
# ==================================================
FROM gcr.io/distroless/cc-debian${DEBIAN_VERSION_NUMBER}:debug-nonroot AS debug
ARG PROJECT
WORKDIR /app
COPY --from=build-debug /app/${PROJECT} ./${PROJECT}
ENTRYPOINT ["./dragonfly-client-rs"]
# ====================================================================================================
# Release
FROM build-base AS build-release
ARG PROJECT
RUN --mount=type=cache,id=cargo-registry,target=/usr/local/cargo/registry \
--mount=type=cache,id=rust-target-release,target=/app/target \
<<EOT
#!/usr/bin/env bash
set -eu
mkdir src
echo 'fn main() {}' > src/main.rs
cargo build --locked --release
rm src/main.rs target/release/deps/${PROJECT//-/_}*
EOT
COPY src src
RUN --mount=type=cache,id=cargo-registry,target=/usr/local/cargo/registry \
--mount=type=cache,id=rust-target-release,target=/app/target \
cargo build --locked --release && cp /app/target/release/${PROJECT} /app/${PROJECT}
# ==================================================
FROM gcr.io/distroless/cc-debian${DEBIAN_VERSION_NUMBER}:nonroot AS release
ARG PROJECT
WORKDIR /app
COPY --from=build-release /app/${PROJECT} ./${PROJECT}
ENTRYPOINT ["./dragonfly-client-rs"]