# Multi-stage production-optimized Dockerfile for AuthFramework v0.4.0
# This Dockerfile implements security hardening, size optimization, and performance tuning
#############################################################################
# Stage 1: Build Environment
#############################################################################
FROM rust:1.75-slim AS builder
# Set build arguments for optimization
ARG RUST_BACKTRACE=1
ARG CARGO_TERM_COLOR=never
# Install only essential build dependencies
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
libpq-dev \
ca-certificates \
--no-install-recommends && \
rm -rf /var/lib/apt/lists/* && \
apt-get clean
# Set optimal build environment
ENV CARGO_NET_RETRY=10
ENV CARGO_IO_TIMEOUT=600
ENV CARGO_TARGET_DIR=/tmp/target
WORKDIR /app
# Copy dependency manifests first for better layer caching
COPY Cargo.toml Cargo.lock ./
# Create dummy source to build dependencies
RUN mkdir -p src && \
echo "fn main() {}" > src/main.rs && \
echo 'pub fn main() {}' > src/lib.rs
# Build dependencies only - this layer will be cached unless dependencies change
RUN cargo build --release --locked && \
rm -rf src/
# Copy actual source code
COPY src/ ./src/
COPY examples/ ./examples/
COPY benches/ ./benches/
# Build the optimized production binary
RUN cargo build --release --locked --bin auth-framework-cli && \
strip /tmp/target/release/auth-framework-cli
#############################################################################
# Stage 2: Runtime Environment
#############################################################################
FROM debian:bookworm-slim AS runtime
# Install only runtime dependencies
RUN apt-get update && apt-get install -y \
ca-certificates \
libpq5 \
libssl3 \
curl \
--no-install-recommends && \
rm -rf /var/lib/apt/lists/* && \
apt-get clean
# Create non-root user for security
RUN groupadd -r -g 1000 authfw && \
useradd -r -g authfw -u 1000 -m -d /app authfw
# Set up application directory structure
WORKDIR /app
RUN mkdir -p /app/{config,logs,data,ssl} && \
chown -R authfw:authfw /app
# Copy optimized binary from builder
COPY --from=builder /tmp/target/release/auth-framework-cli /usr/local/bin/auth-framework-cli
RUN chmod +x /usr/local/bin/auth-framework-cli
# Copy configuration templates and migrations
COPY --chown=authfw:authfw config/ ./config/
COPY --chown=authfw:authfw scripts/ ./scripts/
# Switch to non-root user
USER authfw
# Health check for container orchestration
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD auth-framework-cli system health || exit 1
# Default command with production settings
CMD ["auth-framework-cli", "server", "--config", "/app/config/production.toml"]
# Security and metadata labels
LABEL org.opencontainers.image.title="AuthFramework"
LABEL org.opencontainers.image.description="Production-ready authentication and authorization framework"
LABEL org.opencontainers.image.version="0.4.0"
LABEL org.opencontainers.image.vendor="AuthFramework Team"
LABEL org.opencontainers.image.licenses="MIT"
LABEL org.opencontainers.image.documentation="https://github.com/auth-framework/auth-framework"
LABEL org.opencontainers.image.source="https://github.com/auth-framework/auth-framework"
# Expose default port (should be configurable via environment)
EXPOSE 8080
#############################################################################
# Stage 3: Development Environment (optional)
#############################################################################
FROM builder AS development
# Install development tools
RUN cargo install cargo-watch cargo-edit
# Set development environment variables
ENV RUST_LOG=debug
ENV RUST_BACKTRACE=full
# Development command with hot reload
CMD ["cargo", "watch", "-x", "run --bin auth-framework-cli"]
#############################################################################
# Stage 4: Testing Environment (optional)
#############################################################################
FROM builder AS testing
# Install testing dependencies
RUN apt-get update && apt-get install -y \
postgresql-client \
redis-tools \
--no-install-recommends && \
rm -rf /var/lib/apt/lists/*
# Copy test configurations
COPY tests/ ./tests/
# Run comprehensive test suite
CMD ["cargo", "test", "--all-features", "--release"]