prvng_platform/crates/orchestrator/Dockerfile

# Multi-stage build for provisioning-orchestrator
# Generated from Nickel template - DO NOT EDIT DIRECTLY
# Source: provisioning/schemas/platform/templates/docker/Dockerfile.chef.ncl

# ============================================================================
# Stage 1: PLANNER - Generate dependency recipe
# ============================================================================
FROM rust:1.82-trixie AS planner

WORKDIR /workspace

# Install cargo-chef
RUN cargo install cargo-chef --version 0.1.67

# Copy workspace manifests
COPY Cargo.toml Cargo.lock ./
COPY crates ./crates
COPY daemon-cli ./daemon-cli
COPY secretumvault ./secretumvault
COPY prov-ecosystem ./prov-ecosystem
COPY stratumiops ./stratumiops

# Generate recipe.json (dependency graph)
RUN cargo chef prepare --recipe-path recipe.json --bin provisioning-orchestrator

# ============================================================================
# Stage 2: CACHER - Build dependencies only
# ============================================================================
FROM rust:1.82-trixie AS cacher

WORKDIR /workspace

# Install build dependencies
RUN apt-get update && apt-get install -y \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

# Install cargo-chef
RUN cargo install cargo-chef --version 0.1.67

# sccache disabled

# Copy recipe from planner
COPY --from=planner /workspace/recipe.json recipe.json

# Build dependencies - This layer will be cached
RUN cargo chef cook --release --recipe-path recipe.json 

# ============================================================================
# Stage 3: BUILDER - Build source code
# ============================================================================
FROM rust:1.82-trixie AS builder

WORKDIR /workspace

# Install build dependencies
RUN apt-get update && apt-get install -y \
    pkg-config \
    libssl-dev \
    && rm -rf /var/lib/apt/lists/*

# sccache disabled

# Copy cached dependencies from cacher stage
COPY --from=cacher /workspace/target target
COPY --from=cacher /usr/local/cargo /usr/local/cargo

# Copy source code
COPY Cargo.toml Cargo.lock ./
COPY crates ./crates
COPY daemon-cli ./daemon-cli
COPY secretumvault ./secretumvault
COPY prov-ecosystem ./prov-ecosystem
COPY stratumiops ./stratumiops

# Build release binary with parallelism
ENV CARGO_BUILD_JOBS=4
RUN cargo build --release --package provisioning-orchestrator 

# ============================================================================
# Stage 4: RUNTIME - Minimal runtime image
# ============================================================================
FROM debian:trixie-slim

# Install runtime dependencies
RUN apt-get update && apt-get install -y \
    ca-certificates \
    curl \
    && rm -rf /var/lib/apt/lists/*

# Create non-root user
RUN useradd -m -u 1000 provisioning && \
    mkdir -p /data /var/log/provisioning-orchestrator && \
    chown -R provisioning:provisioning /data /var/log/provisioning-orchestrator

# Copy binary from builder
COPY --from=builder /workspace/target/release/provisioning-orchestrator /usr/local/bin/provisioning-orchestrator
RUN chmod +x /usr/local/bin/provisioning-orchestrator

COPY crates/provisioning-orchestrator/config.defaults.toml /etc/provisioning/config.defaults.toml

# Switch to non-root user
USER provisioning
WORKDIR /app

# Expose service port
EXPOSE 9090

# Environment variables
ENV RUST_LOG=info
ENV DATA_DIR=/data

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
    CMD curl -f http://localhost:9090/health || exit 1

# Run the binary
CMD ["provisioning-orchestrator"]
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`# Multi-stage build for provisioning-orchestrator`
			`# Generated from Nickel template - DO NOT EDIT DIRECTLY`
			`# Source: provisioning/schemas/platform/templates/docker/Dockerfile.chef.ncl`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`# ============================================================================`
			`# Stage 1: PLANNER - Generate dependency recipe`
			`# ============================================================================`
			`FROM rust:1.82-trixie AS planner`

			`WORKDIR /workspace`

			`# Install cargo-chef`
			`RUN cargo install cargo-chef --version 0.1.67`

			`# Copy workspace manifests`
			`COPY Cargo.toml Cargo.lock ./`
			`COPY crates ./crates`
			`COPY daemon-cli ./daemon-cli`
			`COPY secretumvault ./secretumvault`
			`COPY prov-ecosystem ./prov-ecosystem`
			`COPY stratumiops ./stratumiops`

			`# Generate recipe.json (dependency graph)`
			`RUN cargo chef prepare --recipe-path recipe.json --bin provisioning-orchestrator`

			`# ============================================================================`
			`# Stage 2: CACHER - Build dependencies only`
			`# ============================================================================`
			`FROM rust:1.82-trixie AS cacher`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00
			`WORKDIR /workspace`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
			`# Install build dependencies`
			`RUN apt-get update && apt-get install -y \`
			`pkg-config \`
			`libssl-dev \`
			`&& rm -rf /var/lib/apt/lists/*`

chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`# Install cargo-chef`
			`RUN cargo install cargo-chef --version 0.1.67`

			`# sccache disabled`

			`# Copy recipe from planner`
			`COPY --from=planner /workspace/recipe.json recipe.json`

			`# Build dependencies - This layer will be cached`
			`RUN cargo chef cook --release --recipe-path recipe.json`

			`# ============================================================================`
			`# Stage 3: BUILDER - Build source code`
			`# ============================================================================`
			`FROM rust:1.82-trixie AS builder`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`WORKDIR /workspace`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`# Install build dependencies`
			`RUN apt-get update && apt-get install -y \`
			`pkg-config \`
			`libssl-dev \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# sccache disabled`

			`# Copy cached dependencies from cacher stage`
			`COPY --from=cacher /workspace/target target`
			`COPY --from=cacher /usr/local/cargo /usr/local/cargo`

			`# Copy source code`
			`COPY Cargo.toml Cargo.lock ./`
			`COPY crates ./crates`
			`COPY daemon-cli ./daemon-cli`
			`COPY secretumvault ./secretumvault`
			`COPY prov-ecosystem ./prov-ecosystem`
			`COPY stratumiops ./stratumiops`

			`# Build release binary with parallelism`
			`ENV CARGO_BUILD_JOBS=4`
			`RUN cargo build --release --package provisioning-orchestrator`

			`# ============================================================================`
			`# Stage 4: RUNTIME - Minimal runtime image`
			`# ============================================================================`
			`FROM debian:trixie-slim`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
			`# Install runtime dependencies`
			`RUN apt-get update && apt-get install -y \`
			`ca-certificates \`
			`curl \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# Create non-root user`
			`RUN useradd -m -u 1000 provisioning && \`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`mkdir -p /data /var/log/provisioning-orchestrator && \`
			`chown -R provisioning:provisioning /data /var/log/provisioning-orchestrator`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
			`# Copy binary from builder`
chore: update platform submodule to monorepo crates structure Platform restructured into crates/, added AI service and detector, migrated control-center-ui to Leptos 0.8 2026-01-08 21:32:59 +00:00			`COPY --from=builder /workspace/target/release/provisioning-orchestrator /usr/local/bin/provisioning-orchestrator`
			`RUN chmod +x /usr/local/bin/provisioning-orchestrator`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`COPY crates/provisioning-orchestrator/config.defaults.toml /etc/provisioning/config.defaults.toml`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
			`# Switch to non-root user`
			`USER provisioning`
			`WORKDIR /app`

chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`# Expose service port`
			`EXPOSE 9090`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`# Environment variables`
core: init repo and codebase 2025-10-07 10:59:52 +01:00			`ENV RUST_LOG=info`
			`ENV DATA_DIR=/data`

			`# Health check`
			`HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \`
chore: update crates, names and clippy fixes 2026-02-04 01:02:18 +00:00			`CMD curl -f http://localhost:9090/health \|\| exit 1`
core: init repo and codebase 2025-10-07 10:59:52 +01:00
			`# Run the binary`
			`CMD ["provisioning-orchestrator"]`