astraly-labs · EvolveArt · Jun 29, 2024 · Jun 28, 2024
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -19,31 +19,25 @@ env:
   REGISTRY_IMAGE: ghcr.io/${{ github.repository }}
 
 jobs:
-  build:
+  build-amd64:
     runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        platform:
-          - linux/amd64
-          - linux/arm64
+
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY_IMAGE }}
           tags: |
             type=raw,value=${{ inputs.release_tag_name }}
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to GitHub Container Registry
         uses: docker/#-action@v2
@@ -52,38 +46,80 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Cache Docker layers
-        uses: actions/cache@v4
-        with:
-          path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
-          restore-keys: |
-            ${{ runner.os }}-buildx-
-
-      - name: Build and push by digest
-        id: build
-        uses: docker/build-push-action@v4
+      - name: Build and push
+        id: build-amd64
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile
-          platforms: ${{ matrix.platform }}
           labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=local,src=/tmp/.buildx-cache
-          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+          cache-from: type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-amd64
+          cache-to: type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-amd64,mode=max
           outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
 
-      - # Temp fix
-        # https://github.com/docker/build-push-action/issues/252
-        # https://github.com/moby/buildkit/issues/1896
-        name: Move cache
+      - name: Export digests
         run: |
-          rm -rf /tmp/.buildx-cache
-          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+          mkdir -p /tmp/digests
+          digest="${{ steps.build-amd64.outputs.digest }}"
+          touch "/tmp/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v3
+        with:
+          name: digests
+          path: /tmp/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  build-arm64:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY_IMAGE }}
+          tags: |
+            type=raw,value=${{ inputs.release_tag_name }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          image: tonistiigi/binfmt:latest
+          platforms: linux/amd64,linux/arm64
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/#-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push
+        id: build-arm64
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          platforms: linux/amd64
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-amd64
+          cache-to: type=registry,ref=${{ env.REGISTRY_IMAGE }}:cache-amd64,mode=max
+          outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true
 
       - name: Export digest
         run: |
           mkdir -p /tmp/digests
-          digest="${{ steps.build.outputs.digest }}"
+          digest="${{ steps.build-arm64.outputs.digest }}"
           touch "/tmp/digests/${digest#sha256:}"
 
       - name: Upload digest
@@ -97,7 +133,8 @@ jobs:
   merge:
     runs-on: ubuntu-latest
     needs:
-      - build
+      - build-amd64
+      - build-arm64
     steps:
       - name: Download digests
         uses: actions/download-artifact@v3
@@ -106,11 +143,11 @@ jobs:
           path: /tmp/digests
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v4
+        uses: docker/metadata-action@v5
         with:
           images: ${{ env.REGISTRY_IMAGE }}
           tags: |

diff --git a/Dockerfile b/Dockerfile
@@ -1,90 +1,53 @@
-# syntax=docker/dockerfile:1
-
-# Comments are provided throughout this file to help you get started.
-# If you need more help, visit the Dockerfile reference guide at
-# https://docs.docker.com/engine/reference/builder/
-
-################################################################################
-# Create a stage for building the application.
+ # syntax=docker/dockerfile-upstream:master
 
 ARG RUST_VERSION=1.72.0
-ARG APP_NAME=pragma-monitoring
-FROM rust:${RUST_VERSION}-slim-bullseye AS build
-ARG APP_NAME
+FROM lukemathwalker/cargo-chef:latest-rust-${RUST_VERSION}-slim-bullseye AS cargo-chef
 WORKDIR /app
 
+FROM cargo-chef AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
 
+FROM cargo-chef AS builder
+COPY --from=planner /app/recipe.json recipe.json
 
-RUN apt update
-RUN apt install -y libpq-dev pkg-config libssl-dev
-
-# Install ca-certificates needed for AWS sdk
-RUN apt-get install -y --no-install-recommends ca-certificates
-RUN apt-get install -y --no-install-recommends wget
-
-
-
-# Build the application.
-# Leverage a cache mount to /usr/local/cargo/registry/
-# for downloaded dependencies and a cache mount to /app/target/ for
-# compiled dependencies which will speed up subsequent builds.
-# Leverage a bind mount to the src directory to avoid having to copy the
-# source code into the container. Once built, copy the executable to an
-# output directory before the cache mounted /app/target is unmounted.
-RUN --mount=type=bind,source=src,target=src \
-    --mount=type=bind,source=Cargo.toml,target=Cargo.toml \
-    --mount=type=bind,source=Cargo.lock,target=Cargo.lock \
-    --mount=type=cache,target=/app/target/ \
-    --mount=type=cache,target=/usr/local/cargo/registry/ \
-    <<EOF
-set -e
-ls -la
-cargo build --locked --release
-cp ./target/release/$APP_NAME /bin/server
-EOF
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
+    libpq-dev \
+    pkg-config \
+    libssl-dev \ 
+    ca-certificates \
+    wget \
+    && rm -rf /var/lib/apt/lists/*
 
+RUN cargo chef cook --profile release --recipe-path recipe.json 
+COPY . .
+RUN cargo build --locked --release
+ARG APP_NAME=pragma-monitoring
+ENV APP_NAME $APP_NAME
+RUN cp /app/target/release/$APP_NAME /bin/server
 
-################################################################################
-# Create a new stage for running the application that contains the minimal
-# runtime dependencies for the application. This often uses a different base
-# image from the build stage where the necessary files are copied from the build
-# stage.
-#
-# The example below uses the debian bullseye image as the foundation for running the app.
-# By specifying the "bullseye-slim" tag, it will also use whatever happens to be the
-# most recent version of that tag when you build your Dockerfile. If
-# reproducability is important, consider using a digest
-# (e.g., debian@sha256:ac707220fbd7b67fc19b112cee8170b41a9e97f703f588b2cdbbcdcecdd8af57).
 FROM debian:bullseye-slim AS final
+RUN apt-get update && DEBIEN_FRONTEND=noninteractive apt-get install -y \ 
+    libpq-dev \
+    libssl1.1 \
+    procps \
+    && rm -rf /var/lib/apt/lists/*
 
-# Create a non-privileged user that the app will run under.
-# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
-ARG UID=10001
-RUN apt-get update
-RUN apt-get install -y libpq-dev libssl1.1 procps
-RUN apt-get clean
-RUN rm -rf /var/lib/apt/lists/*
-
-# Copy the executable from the "build" stage.
-COPY --from=build /bin/server /bin/
-# Copy all the app binaries
-COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /bin/server /bin/
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
 
 RUN adduser \
     --disabled-password \
     --gecos "" \
     --home "/nonexistent" \
     --shell "/sbin/nologin" \
     --no-create-home \
-    --uid "${UID}" \
+    --uid 10001 \
     appuser
 USER appuser
 
-# Expose the port that the application listens on.
 EXPOSE 8080
 
-# Set the log level for the application.
 ENV RUST_LOG=info
 
-# What the container should run when it is started.
 CMD ["/bin/server"]