greentic-start-dev 1.1.27285499481

Greentic lifecycle runner for start/restart/stop orchestration
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

# syntax=docker/dockerfile:1.7

FROM rust:1.95-bookworm AS build

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
    musl-tools \
    build-essential \
    cmake \
    perl \
    pkg-config \
    && rm -rf /var/lib/apt/lists/*

RUN rustup target add x86_64-unknown-linux-musl

ENV CC_x86_64_unknown_linux_musl=musl-gcc
ENV CXX_x86_64_unknown_linux_musl=g++
ENV CARGO_TARGET_DIR=/tmp/target

COPY Cargo.toml Cargo.lock ./
COPY src ./src
COPY i18n ./i18n
# Manifest declares a `perf` bench; cargo validates the path at parse time even
# for a `--bin` build, so the file must exist (it is not compiled here).
COPY benches ./benches

RUN --mount=type=cache,target=/usr/local/cargo/registry \
    --mount=type=cache,target=/usr/local/cargo/git \
    --mount=type=cache,target=/tmp/target \
    cargo build --release --target x86_64-unknown-linux-musl \
    --config 'profile.release.strip=true' --bin greentic-start \
    && mkdir -p /out \
    && cp /tmp/target/x86_64-unknown-linux-musl/release/greentic-start /out/greentic-start

# static-debian12:nonroot ships ca-certificates + a uid-65532 nonroot user and
# no shell. The musl-static binary needs no runtime apt layer; squashfs-tools is
# gone because bundle_ref.rs reads SquashFS in-process via `backhand` (P0.4).
FROM gcr.io/distroless/static-debian12:nonroot

COPY --from=build /out/greentic-start /usr/local/bin/greentic-start

USER 65532:65532
ENTRYPOINT ["/usr/local/bin/greentic-start"]