diff --git a/Dockerfile b/Dockerfile index bb8b603..9048506 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,56 +1,42 @@ #################################################################################################### ## Builder #################################################################################################### -FROM --platform=$BUILDPLATFORM rust:latest AS rust-builder - -RUN rustup target add \ - x86_64-unknown-linux-gnu aarch64-unknown-linux-gnu -RUN rustup toolchain install --force-non-host \ - stable-x86_64-unknown-linux-gnu stable-aarch64-unknown-linux-gnu -RUN rustup component add rustfmt -ENV CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=x86_64-linux-gnu-gcc \ - CC_x86_64_unknown_linux_gnu=x86_64-linux-gnu-gcc \ - CXX_x86_64_unknown_linux_gnu=x86_64-linux-gnu-g++ \ - CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER=aarch64-linux-gnu-gcc \ - CC_aarch64_unknown_linux_gnu=aarch64-linux-gnu-gcc \ - CXX_aarch64_unknown_linux_gnu=aarch64-linux-gnu-g++ \ - CARGO_INCREMENTAL=0 - -# : toolchain 'stable-x86_64-unknown-linux-gnu' may not be able to run on this system. -# => => # warning: If you meant to build software to target that platform, perhaps try `rustup target add x86_64-unknown-linux-gnu` instead? -# => => # info: syncing channel updates for 'stable-x86_64-unknown-linux- - -# amd64 build ---------------------------- -FROM --platform=$BUILDPLATFORM rust-builder AS build-amd64 -WORKDIR /isotope -COPY . . -RUN cargo install --target x86_64-unknown-linux-gnu --path . -RUN mv ./target/x86_64-unknown-linux-gnu/release/isotope /usr/bin/isotope - -# arm64 build ---------------------------- -FROM --platform=$BUILDPLATFORM rust-builder AS build-arm64 -WORKDIR /isotope -COPY . . -RUN cargo install --target aarch64-unknown-linux-gnu --path . -RUN mv ./target/aarch64-unknown-linux-gnu/release/isotope /usr/bin/isotope - -# Final arch images ---------------------- - -# FROM --platform=amd64 gcr.io/distroless/cc AS final-amd64 -FROM --platform=amd64 debian:bullseye AS final-amd64 -COPY --from=build-amd64 /usr/bin/isotope /usr/bin/isotope -COPY --from=build-amd64 /lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libc.so.6 - -# FROM --platform=arm64 gcr.io/distroless/cc AS final-arm64 -FROM --platform=arm64 debian:bullseye AS final-arm64 -COPY --from=build-arm64 /usr/bin/isotope /usr/bin/isotope -COPY --from=build-arm64 /lib/aarch64-linux-gnu/libc.so.6 /lib/aarch64-linux-gnu/libc.so.6 - +# compilation is currenty failing on aarch64 for the libraries aws-sdk-ec2 and aws-sdk-rds +FROM --platform=amd64 rust:latest AS rust-builder + +COPY <<-"EOT" ./zscaler.pem +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIJANu+mC2Jt3uTMA0GCSqGSIb3DQEBCwUAMIGhMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux +FTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMMWnNjYWxlciBJbmMuMRgw +FgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRA +enNjYWxlci5jb20wHhcNMTQxMjE5MDAyNzU1WhcNNDIwNTA2MDAyNzU1WjCBoTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBK +b3NlMRUwEwYDVQQKEwxac2NhbGVyIEluYy4xFTATBgNVBAsTDFpzY2FsZXIgSW5j +LjEYMBYGA1UEAxMPWnNjYWxlciBSb290IENBMSIwIAYJKoZIhvcNAQkBFhNzdXBw +b3J0QHpzY2FsZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +qT7STSxZRTgEFFf6doHajSc1vk5jmzmM6BWuOo044EsaTc9eVEV/HjH/1DWzZtcr +fTj+ni205apMTlKBW3UYR+lyLHQ9FoZiDXYXK8poKSV5+Tm0Vls/5Kb8mkhVVqv7 +LgYEmvEY7HPY+i1nEGZCa46ZXCOohJ0mBEtB9JVlpDIO+nN0hUMAYYdZ1KZWCMNf +5J/aTZiShsorN2A38iSOhdd+mcRM4iNL3gsLu99XhKnRqKoHeH83lVdfu1XBeoQz +z5V6gA3kbRvhDwoIlTBeMa5l4yRdJAfdpkbFzqiwSgNdhbxTHnYYorDzKfr2rEFM +dsMU0DHdeAZf711+1CunuQIDAQABo4IBCjCCAQYwHQYDVR0OBBYEFLm33UrNww4M +hp1d3+wcBGnFTpjfMIHWBgNVHSMEgc4wgcuAFLm33UrNww4Mhp1d3+wcBGnFTpjf +oYGnpIGkMIGhMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G +A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMM +WnNjYWxlciBJbmMuMRgwFgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG +9w0BCQEWE3N1cHBvcnRAenNjYWxlci5jb22CCQDbvpgtibd7kzAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAw0NdJh8w3NsJu4KHuVZUrmZgIohnTm0j+ +RTmYQ9IKA/pvxAcA6K1i/LO+Bt+tCX+C0yxqB8qzuo+4vAzoY5JEBhyhBhf1uK+P +/WVWFZN/+hTgpSbZgzUEnWQG2gOVd24msex+0Sr7hyr9vn6OueH+jj+vCMiAm5+u +kd7lLvJsBu3AO3jGWVLyPkS3i6Gf+rwAp1OsRrv3WnbkYcFf9xjuaf4z0hRCrLN2 +xFNjavxrHmsH8jPHVvgc1VD0Opja0l/BRVauTrUaoW6tE+wFG5rEcPGS80jjHK4S +pB5iDj2mUZH1T8lzYtuZy0ZPirxmtsk3135+CKNa2OCAhhFjE0xd +-----END CERTIFICATE----- +EOT -#################################################################################################### -## Final image -#################################################################################################### -FROM final-${TARGETARCH} + +RUN tee -a /etc/ssl/certs/ca-certificates.crt < ./zscaler.pem ENV USER=isotope_user ENV UID=10001 @@ -65,6 +51,31 @@ RUN adduser \ "${USER}" +WORKDIR /isotope + +COPY ./ . + +# We no longer need to use the x86_64-unknown-linux-musl target +RUN cargo build --release + + +#################################################################################################### +## Final image +#################################################################################################### + +FROM --platform=amd64 gcr.io/distroless/cc AS final-amd64 +# FROM --platform=amd64 debian:bullseye AS final-amd64 +COPY --from=rust-builder /lib/x86_64-linux-gnu/libc.so.6 /lib/x86_64-linux-gnu/libc.so.6 + +# Import from builder. +COPY --from=rust-builder /etc/passwd /etc/passwd +COPY --from=rust-builder /etc/group /etc/group + +WORKDIR /isotope + +# Copy build +COPY --from=rust-builder /isotope/target/release/isotope ./ + # Use an unprivileged user. USER isotope_user:isotope_user