# Build stage
FROM rust:1.84-slim AS builder
WORKDIR /app
# Install build dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
pkg-config \
&& rm -rf /var/lib/apt/lists/*
# Copy manifests
COPY Cargo.toml Cargo.lock ./
# Create dummy main.rs to build dependencies
RUN mkdir src && echo "fn main() {}" > src/main.rs
# Build dependencies (this layer will be cached)
RUN cargo build --release && rm -rf src
# Copy actual source code
COPY src ./src
# Build the actual application
RUN touch src/main.rs && cargo build --release
# Runtime stage
FROM debian:bookworm-slim
# Install runtime dependencies
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Copy the binary
COPY --from=builder /app/target/release/cc-audit /usr/local/bin/cc-audit
# Create non-root user
RUN useradd -m -s /bin/bash ccaudit
USER ccaudit
WORKDIR /home/ccaudit
# Set entrypoint
ENTRYPOINT ["cc-audit"]
CMD ["--help"]