# Multi-stage build for extension-registry # Generated from Nickel template - DO NOT EDIT DIRECTLY # Source: provisioning/schemas/platform/templates/docker/Dockerfile.chef.ncl # ============================================================================ # Stage 1: PLANNER - Generate dependency recipe # ============================================================================ FROM rust:1.82-trixie AS planner WORKDIR /workspace # Install cargo-chef RUN cargo install cargo-chef --version 0.1.67 # Copy workspace manifests COPY Cargo.toml Cargo.lock ./ COPY crates ./crates COPY daemon-cli ./daemon-cli COPY secretumvault ./secretumvault COPY prov-ecosystem ./prov-ecosystem COPY stratumiops ./stratumiops # Generate recipe.json (dependency graph) RUN cargo chef prepare --recipe-path recipe.json --bin extension-registry # ============================================================================ # Stage 2: CACHER - Build dependencies only # ============================================================================ FROM rust:1.82-trixie AS cacher WORKDIR /workspace # Install build dependencies RUN apt-get update && apt-get install -y \ pkg-config \ libssl-dev \ && rm -rf /var/lib/apt/lists/* # Install cargo-chef RUN cargo install cargo-chef --version 0.1.67 # sccache disabled # Copy recipe from planner COPY --from=planner /workspace/recipe.json recipe.json # Build dependencies - This layer will be cached RUN cargo chef cook --release --recipe-path recipe.json # ============================================================================ # Stage 3: BUILDER - Build source code # ============================================================================ FROM rust:1.82-trixie AS builder WORKDIR /workspace # Install build dependencies RUN apt-get update && apt-get install -y \ pkg-config \ libssl-dev \ && rm -rf /var/lib/apt/lists/* # sccache disabled # Copy cached dependencies from cacher stage COPY --from=cacher /workspace/target target COPY --from=cacher /usr/local/cargo /usr/local/cargo # Copy source code COPY Cargo.toml Cargo.lock ./ COPY crates ./crates COPY daemon-cli ./daemon-cli COPY secretumvault ./secretumvault COPY prov-ecosystem ./prov-ecosystem COPY stratumiops ./stratumiops # Build release binary with parallelism ENV CARGO_BUILD_JOBS=4 RUN cargo build --release --package extension-registry # ============================================================================ # Stage 4: RUNTIME - Minimal runtime image # ============================================================================ FROM debian:trixie-slim # Install runtime dependencies RUN apt-get update && apt-get install -y \ ca-certificates \ curl \ && rm -rf /var/lib/apt/lists/* # Create non-root user RUN useradd -m -u 1000 provisioning && \ mkdir -p /data /var/log/extension-registry && \ chown -R provisioning:provisioning /data /var/log/extension-registry # Copy binary from builder COPY --from=builder /workspace/target/release/extension-registry /usr/local/bin/extension-registry RUN chmod +x /usr/local/bin/extension-registry # No config file to copy # Switch to non-root user USER provisioning WORKDIR /app # Expose service port EXPOSE 9093 # Environment variables ENV RUST_LOG=info ENV DATA_DIR=/data # Health check HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \ CMD curl -f http://localhost:9093/health || exit 1 # Run the binary CMD ["extension-registry"]