feat: docker image setup

SuteraVR · Apr 1, 2024 · b428caf · b428caf
1 parent 2e1586f
commit b428caf
Show file tree

Hide file tree

Showing 4 changed files with 125 additions and 37 deletions.
diff --git a/.github/workflows/build-docker-image.yaml b/.github/workflows/build-docker-image.yaml
@@ -0,0 +1,47 @@
+name: Build Docker Image
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+      with:
+        platforms: linux/amd64,linux/arm64
+        buildkitd-config: ./buildkitd.toml
+
+    - name: Login to Harbor 
+      uses: docker/login-action@v3
+      with:
+        registry: harbor.aspulse.dev
+        username: ${{ secrets.HARBOR_ASPULSE_SUTERAVR_USERNAME }}
+        password: ${{ secrets.HARBOR_ASPULSE_SUTERAVR_PASSWORD }}
+
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: harbor.aspulse.dev/suteravr/suterobot
+        tags: |
+          type=sha,prefix=commit-,format=long
+
+    - name: Build and push Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        platforms: linux/amd64,linux/arm64
+        labels: ${{ steps.meta.outputs.labels }}
+        secrets: |
+          SCCACHE_ENDPOINT=${{ secrets.SCCACHE_ENDPOINT }}
+          SCCACHE_AWS_ACCESS_KEY_ID=${{ secrets.SCCACHE_AWS_ACCESS_KEY_ID }}
+          SCCACHE_AWS_SECRET_ACCESS_KEY=${{ secrets.SCCACHE_AWS_SECRET_ACCESS_KEY }}
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,39 @@
+# syntax=docker/dockerfile:1
+
+FROM rust:1.76.0-alpine3.19 as builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /app
+RUN apk add --no-cache \
+  build-base libressl-dev ca-certificates sccache mold \
+  && update-ca-certificates
+
+COPY Cargo.toml Cargo.lock ./
+COPY src/ ./src/
+RUN  --mount=type=secret,id=SCCACHE_ENDPOINT \
+     --mount=type=secret,id=SCCACHE_AWS_ACCESS_KEY_ID \
+     --mount=type=secret,id=SCCACHE_AWS_SECRET_ACCESS_KEY \
+     <<EOF
+set -e
+SCCACHE_BUCKET=suterobot \
+SCCACHE_REGION=auto \
+SCCACHE_S3_KEY_PREFIX=${TARGETOS}_${TARGETARCH} \
+SCCACHE_S3_USE_SSL=true \
+SCCACHE_IDLE_TIMEOUT=3600 \
+SCCACHE_S3_NO_CREDENTIALS=false \
+SCCACHE_S3_SERVER_SIDE_ENCRYPTION=false \
+SCCACHE_ENDPOINT=$(cat /run/secrets/SCCACHE_ENDPOINT) \
+AWS_ACCESS_KEY_ID=$(cat /run/secrets/SCCACHE_AWS_ACCESS_KEY_ID) \
+AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/SCCACHE_AWS_SECRET_ACCESS_KEY) \
+sccache --start-server
+CARGO_INCREMENTAL=0 \
+RUSTC_WRAPPER=sccache \
+mold -run cargo build --locked --release
+cp ./target/release/suterobot /bin/server
+sccache --stop-server
+EOF
+
+FROM alpine:3.19 as final
+COPY --from=builder /bin/server /bin/
+CMD ["/bin/server"]
diff --git a/buildkitd.toml b/buildkitd.toml
@@ -0,0 +1,2 @@
+[worker.oci]
+  max-parallelism = 1