jesus/prvng_platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
prvng_platform/crates/extension-registry/Dockerfile
Jesús Pérez 93b0e5225c
feat(platform): control plane — NATS JetStream + SurrealDB + SOLID enforcement 
New crates
  - platform-nats: async_nats JetStream bridge; pull/push consumers, explicit ACK,
    subject prefixing under provisioning.>, 6 stream definitions on startup
  - platform-db: SurrealDB pool (embedded RocksDB solo, Surreal<Mem> tests,
    WebSocket server multi-user); migrate() with DEFINE TABLE IF NOT EXISTS DDL

  Service integrations
  - orchestrator: NATS pub on task state transitions, execution_logs → SurrealDB,
    webhook handler (HMAC-SHA256), AuditCollector (batch INSERT, 100-event/1s flush)
  - control-center: solo_auth_middleware (intentional bypass, --mode solo only),
    NATS session events, WebSocket bridge via JetStream subscription (no polling)
  - vault-service: NATS lease flow; credentials over HTTPS only (lease_id in NATS);
    SurrealDB storage backend with MVCC retry + exponential backoff
  - secretumvault: complete SurrealDB backend replacing HashMap; 9 unit + 19 integration tests
  - extension-registry: NATS lifecycle events, vault:// credential resolver with TTL cache,
    cache invalidation via provisioning.workspace.*.deploy.done

  Clippy workspace clean
  cargo clippy --workspace -- -D warnings: 0 errors
  Patterns fixed: derivable_impls (#[default] on enum variants), excessive_nesting
  (let-else, boolean arithmetic in retain, extracted helpers), io_error_other,
  redundant_closure, iter_kv_map, manual_range_contains, pathbuf_instead_of_path
2026-02-17 23:58:14 +00:00

120 lines
3.4 KiB
Docker
Raw Blame History

# Multi-stage build for extension-registry
# Generated from Nickel template - DO NOT EDIT DIRECTLY
# Source: provisioning/schemas/platform/templates/docker/Dockerfile.chef.ncl
# ============================================================================
# Stage 1: PLANNER - Generate dependency recipe
# ============================================================================
FROM rust:1.82-trixie AS planner
WORKDIR /workspace
# Install cargo-chef
RUN cargo install cargo-chef --version 0.1.67
# Copy workspace manifests
COPY Cargo.toml Cargo.lock ./
COPY crates ./crates
COPY daemon-cli ./daemon-cli
COPY secretumvault ./secretumvault
COPY prov-ecosystem ./prov-ecosystem
COPY stratumiops ./stratumiops
# Generate recipe.json (dependency graph)
RUN cargo chef prepare --recipe-path recipe.json --bin extension-registry
# ============================================================================
# Stage 2: CACHER - Build dependencies only
# ============================================================================
FROM rust:1.82-trixie AS cacher
WORKDIR /workspace
# Install build dependencies
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
# Install cargo-chef
RUN cargo install cargo-chef --version 0.1.67
# sccache disabled
# Copy recipe from planner
COPY --from=planner /workspace/recipe.json recipe.json
# Build dependencies - This layer will be cached
RUN cargo chef cook --release --recipe-path recipe.json
# ============================================================================
# Stage 3: BUILDER - Build source code
# ============================================================================
FROM rust:1.82-trixie AS builder
WORKDIR /workspace
# Install build dependencies
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
# sccache disabled
# Copy cached dependencies from cacher stage
COPY --from=cacher /workspace/target target
COPY --from=cacher /usr/local/cargo /usr/local/cargo
# Copy source code
COPY Cargo.toml Cargo.lock ./
COPY crates ./crates
COPY daemon-cli ./daemon-cli
COPY secretumvault ./secretumvault
COPY prov-ecosystem ./prov-ecosystem
COPY stratumiops ./stratumiops
# Build release binary with parallelism
ENV CARGO_BUILD_JOBS=4
RUN cargo build --release --package extension-registry
# ============================================================================
# Stage 4: RUNTIME - Minimal runtime image
# ============================================================================
FROM debian:trixie-slim
# Install runtime dependencies
RUN apt-get update && apt-get install -y \
ca-certificates \
curl \
&& rm -rf /var/lib/apt/lists/*
# Create non-root user
RUN useradd -m -u 1000 provisioning && \
mkdir -p /data /var/log/extension-registry && \
chown -R provisioning:provisioning /data /var/log/extension-registry
# Copy binary from builder
COPY --from=builder /workspace/target/release/extension-registry /usr/local/bin/extension-registry
RUN chmod +x /usr/local/bin/extension-registry
# No config file to copy
# Switch to non-root user
USER provisioning
WORKDIR /app
# Expose service port
EXPOSE 9093
# Environment variables
ENV RUST_LOG=info
ENV DATA_DIR=/data
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \
CMD curl -f http://localhost:9093/health || exit 1
# Run the binary
CMD ["extension-registry"]
Reference in New Issue View Git Blame Copy Permalink