From 846760cdf696609986b35a6c3157152eaf41d484 Mon Sep 17 00:00:00 2001 From: Oliver Azevedo Barnes Date: Thu, 20 Mar 2025 21:50:18 +0000 Subject: [PATCH 1/8] Copy over Pavex starter Dockerfile --- blueprint/Dockerfile | 38 +++++++++++++++++++++++++++++++++++ blueprint/rust-toolchain.toml | 4 ++++ 2 files changed, 42 insertions(+) create mode 100644 blueprint/Dockerfile create mode 100644 blueprint/rust-toolchain.toml diff --git a/blueprint/Dockerfile b/blueprint/Dockerfile new file mode 100644 index 00000000..a801ef37 --- /dev/null +++ b/blueprint/Dockerfile @@ -0,0 +1,38 @@ +# `cargo-chef` is a cargo-subcommand that provides +# enhanced Docker layer caching for Rust projects. +FROM lukemathwalker/cargo-chef:latest AS chef +WORKDIR /app +# Force `rustup` to sync the toolchain in the base `chef` layer +# so that it doesn't happen more than once +COPY rust-toolchain.toml . +RUN rustup show active-toolchain + +FROM chef AS planner +COPY . . +# Compute a lock-like file for our project +RUN cargo chef prepare --recipe-path recipe.json + +FROM chef AS builder +COPY --from=planner /app/recipe.json recipe.json +# Build our project's dependencies, not our application! +RUN cargo chef cook --release --recipe-path recipe.json +COPY . . +# Build our project +RUN cargo build --release --package server --bin server + +FROM debian:bookworm-slim AS runtime +WORKDIR /app +COPY --from=builder /app/target/release/server bin +# COPY server/config config +# ENV PX_PROFILE=production +# Enable backtraces to simplify debugging +# production panics. +ENV RUST_BACKTRACE=1 +# We don't want `anyhow` to capture backtraces for +# "routine" errors. Just panics. +ENV RUST_LIB_BACKTRACE=0 +ENV APP_ENVIRONMENT=production +ENV APP_SERVER__PORT=3000 +ENV APP_SERVER__IP="0.0.0.0" +ENTRYPOINT ["./bin"] +EXPOSE 3000 diff --git a/blueprint/rust-toolchain.toml b/blueprint/rust-toolchain.toml new file mode 100644 index 00000000..b50665c2 --- /dev/null +++ b/blueprint/rust-toolchain.toml @@ -0,0 +1,4 @@ +# If you're making changes here. +# Change the Dockerfile to also use a matching version. +[toolchain] +channel = "1.85" From c003ca2e4d79dd7739498f04b5c334dfb7f99d0a Mon Sep 17 00:00:00 2001 From: Oliver Azevedo Barnes Date: Thu, 20 Mar 2025 22:29:19 +0000 Subject: [PATCH 2/8] Remove --package arg in cargo build --- blueprint/Dockerfile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/blueprint/Dockerfile b/blueprint/Dockerfile index a801ef37..4bd7d900 100644 --- a/blueprint/Dockerfile +++ b/blueprint/Dockerfile @@ -18,13 +18,15 @@ COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json COPY . . # Build our project -RUN cargo build --release --package server --bin server +# TODO - make Dockerfile a template and pass it the app name +RUN cargo build --release --bin my-app-web FROM debian:bookworm-slim AS runtime WORKDIR /app -COPY --from=builder /app/target/release/server bin +# TODO pass the app name instead once Dockerfile is a template +COPY --from=builder /app/target/release/my-app-web bin # COPY server/config config -# ENV PX_PROFILE=production + # Enable backtraces to simplify debugging # production panics. ENV RUST_BACKTRACE=1 From c2117bccc4c8435a063fe1eb7e96575ce85a4f1e Mon Sep 17 00:00:00 2001 From: Oliver Azevedo Barnes Date: Mon, 31 Mar 2025 11:59:21 +0100 Subject: [PATCH 3/8] Fix the Dockerfile and make it a template --- blueprint/{Dockerfile => Dockerfile.liquid} | 24 +++++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) rename blueprint/{Dockerfile => Dockerfile.liquid} (70%) diff --git a/blueprint/Dockerfile b/blueprint/Dockerfile.liquid similarity index 70% rename from blueprint/Dockerfile rename to blueprint/Dockerfile.liquid index 4bd7d900..8d21c01c 100644 --- a/blueprint/Dockerfile +++ b/blueprint/Dockerfile.liquid @@ -5,7 +5,7 @@ WORKDIR /app # Force `rustup` to sync the toolchain in the base `chef` layer # so that it doesn't happen more than once COPY rust-toolchain.toml . -RUN rustup show active-toolchain +RUN rustup toolchain install FROM chef AS planner COPY . . @@ -15,17 +15,26 @@ RUN cargo chef prepare --recipe-path recipe.json FROM chef AS builder COPY --from=planner /app/recipe.json recipe.json # Build our project's dependencies, not our application! +# this is the caching Docker layer. RUN cargo chef cook --release --recipe-path recipe.json COPY . . # Build our project -# TODO - make Dockerfile a template and pass it the app name -RUN cargo build --release --bin my-app-web +RUN cargo build --release --bin {{project-name}}-web FROM debian:bookworm-slim AS runtime -WORKDIR /app -# TODO pass the app name instead once Dockerfile is a template -COPY --from=builder /app/target/release/my-app-web bin -# COPY server/config config + +RUN adduser \ + --disabled-password \ + --gecos "" \ + --home "/nonexistent" \ + --shell "/sbin/nologin" \ + --no-create-home \ + --uid 10001 \ + "{{project-name}}" + +USER {{project-name}}:{{project-name}} + +COPY --from=builder /app/target/release/{{project-name}}-web bin # Enable backtraces to simplify debugging # production panics. @@ -33,6 +42,7 @@ ENV RUST_BACKTRACE=1 # We don't want `anyhow` to capture backtraces for # "routine" errors. Just panics. ENV RUST_LIB_BACKTRACE=0 + ENV APP_ENVIRONMENT=production ENV APP_SERVER__PORT=3000 ENV APP_SERVER__IP="0.0.0.0" From 28b9fbcdb3c5b4cf4a14786f300d2b71c346488c Mon Sep 17 00:00:00 2001 From: Oliver Azevedo Barnes Date: Mon, 31 Mar 2025 11:59:47 +0100 Subject: [PATCH 4/8] Update README with Dockerfile info --- blueprint/README.md.liquid | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/blueprint/README.md.liquid b/blueprint/README.md.liquid index 2ce87eee..504eceb1 100644 --- a/blueprint/README.md.liquid +++ b/blueprint/README.md.liquid @@ -75,3 +75,20 @@ Build the project's documentation with: ``` cargo doc --workspace --all-features ``` + +## Building the project's starter Docker image + +The generated project includes a production-ready Dockerfile + +In order to build it, follow these steps: + +``` +docker compose up +cargo db migrate +cargo db prepare +docker build . --tag {{project-name}} +``` + +The db steps are needed to generate query metadata that sqlx will use during compilation. + +Note that the first build can take a few minutes, but subsequent ones should be fast thanks to docker layer caching. From 950f39c2dedf429d19ffdbc8b0a911f1d026e811 Mon Sep 17 00:00:00 2001 From: Oliver Azevedo Barnes Date: Mon, 31 Mar 2025 12:34:43 +0100 Subject: [PATCH 5/8] SQLX_OFFLINE=true --- blueprint/Dockerfile.liquid | 1 + 1 file changed, 1 insertion(+) diff --git a/blueprint/Dockerfile.liquid b/blueprint/Dockerfile.liquid index 8d21c01c..74f72cd2 100644 --- a/blueprint/Dockerfile.liquid +++ b/blueprint/Dockerfile.liquid @@ -19,6 +19,7 @@ COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json COPY . . # Build our project +ENV SQLX_OFFLINE=true RUN cargo build --release --bin {{project-name}}-web FROM debian:bookworm-slim AS runtime From c8b67652c0230bd6a2af35ac1cf474ce5b32f097 Mon Sep 17 00:00:00 2001 From: Oliver Azevedo Barnes Date: Mon, 31 Mar 2025 12:38:08 +0100 Subject: [PATCH 6/8] Fix release ownership --- blueprint/Dockerfile.liquid | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blueprint/Dockerfile.liquid b/blueprint/Dockerfile.liquid index 74f72cd2..73ee6058 100644 --- a/blueprint/Dockerfile.liquid +++ b/blueprint/Dockerfile.liquid @@ -35,7 +35,7 @@ RUN adduser \ USER {{project-name}}:{{project-name}} -COPY --from=builder /app/target/release/{{project-name}}-web bin +COPY --from=builder --chown={{project-name}}:{{project-name}} /app/target/release/{{project-name}}-web bin # Enable backtraces to simplify debugging # production panics. From 343c23e811ff7b37de398973b8ffe2867f9f6e94 Mon Sep 17 00:00:00 2001 From: Oliver Azevedo Barnes Date: Mon, 31 Mar 2025 17:46:33 +0100 Subject: [PATCH 7/8] Remove user permissions --- blueprint/Dockerfile.liquid | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/blueprint/Dockerfile.liquid b/blueprint/Dockerfile.liquid index 73ee6058..05601f15 100644 --- a/blueprint/Dockerfile.liquid +++ b/blueprint/Dockerfile.liquid @@ -24,18 +24,7 @@ RUN cargo build --release --bin {{project-name}}-web FROM debian:bookworm-slim AS runtime -RUN adduser \ - --disabled-password \ - --gecos "" \ - --home "/nonexistent" \ - --shell "/sbin/nologin" \ - --no-create-home \ - --uid 10001 \ - "{{project-name}}" - -USER {{project-name}}:{{project-name}} - -COPY --from=builder --chown={{project-name}}:{{project-name}} /app/target/release/{{project-name}}-web bin +COPY --from=builder /app/target/release/{{project-name}}-web bin # Enable backtraces to simplify debugging # production panics. From d37d4db90bdd15c729aa51d501b63ee4153aaa31 Mon Sep 17 00:00:00 2001 From: Oliver Azevedo Barnes Date: Mon, 31 Mar 2025 19:59:13 +0100 Subject: [PATCH 8/8] Rename final binary --- blueprint/Dockerfile.liquid | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/blueprint/Dockerfile.liquid b/blueprint/Dockerfile.liquid index 05601f15..95df1ada 100644 --- a/blueprint/Dockerfile.liquid +++ b/blueprint/Dockerfile.liquid @@ -24,7 +24,7 @@ RUN cargo build --release --bin {{project-name}}-web FROM debian:bookworm-slim AS runtime -COPY --from=builder /app/target/release/{{project-name}}-web bin +COPY --from=builder /app/target/release/{{project-name}}-web {{project-name}}-web # Enable backtraces to simplify debugging # production panics. @@ -36,5 +36,5 @@ ENV RUST_LIB_BACKTRACE=0 ENV APP_ENVIRONMENT=production ENV APP_SERVER__PORT=3000 ENV APP_SERVER__IP="0.0.0.0" -ENTRYPOINT ["./bin"] +ENTRYPOINT ["./{{project-name}}-web"] EXPOSE 3000