diff --git a/Dockerfile b/Dockerfile index 536efe69..bc5bf63c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,42 @@ -FROM rust:1.81.0-slim-bookworm AS builder +FROM rust:1.88.0-slim-trixie AS builder RUN apt-get update && \ - apt-get install -y build-essential + apt-get install -y --no-install-recommends build-essential && \ + rm -rf /var/lib/apt/lists/* -COPY . /app WORKDIR /app + +# Cache Rust dependencies separately, +# avoiding rebuilding the layer on every source code change +# This layer is only rebuilt when Cargo.toml or Cargo.lock changes. +COPY Cargo.toml Cargo.lock ./ +RUN cargo fetch + +COPY . . RUN cargo build --release -FROM debian:bookworm-slim -RUN apt-get update && apt-get install -o Dpkg::Options::=--force-confdef -yq --no-install-recommends \ - postgresql-client \ - # Clean up layer - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ - && truncate -s 0 /var/log/*log -COPY --from=builder /app/target/release/pgcat /usr/bin/pgcat -COPY --from=builder /app/pgcat.toml /etc/pgcat/pgcat.toml +################################################################################ + +FROM debian:trixie-slim + +RUN apt-get update && \ + apt-get install -y --no-install-recommends postgresql-client && \ + # Create a non-root user for security + groupadd --system --gid 1001 appgroup && \ + useradd --system --uid 1001 --gid appgroup appuser && \ + # Clean up layer to reduce size + apt-get clean && \ + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ + truncate -s 0 /var/log/*log + WORKDIR /etc/pgcat +RUN chown appuser:appgroup /etc/pgcat + +USER appuser + +COPY --from=builder --chown=appuser:appgroup /app/target/release/pgcat /usr/bin/pgcat +COPY --from=builder --chown=appuser:appgroup /app/pgcat.toml /etc/pgcat/pgcat.toml + ENV RUST_LOG=info CMD ["pgcat"] STOPSIGNAL SIGINT diff --git a/Dockerfile.ci b/Dockerfile.ci index b8a7180f..c53d848b 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -1,11 +1,11 @@ -FROM cimg/rust:1.81.0 +FROM cimg/rust:1.88.0 COPY --from=sclevine/yj /bin/yj /bin/yj RUN /bin/yj -h RUN sudo apt-get update && \ sudo apt-get install -y \ psmisc postgresql-contrib-14 postgresql-client-14 libpq-dev \ ruby ruby-dev python3 python3-pip \ - lcov llvm-11 iproute2 && \ + lcov llvm-19 iproute2 && \ sudo apt-get upgrade curl && \ cargo install cargo-binutils rustfilt && \ rustup component add llvm-tools-preview && \ diff --git a/Dockerfile.dev b/Dockerfile.dev index a4b8d0ed..1ead4406 100644 --- a/Dockerfile.dev +++ b/Dockerfile.dev @@ -9,7 +9,7 @@ FROM chef AS planner COPY . . RUN cargo chef prepare --recipe-path recipe.json -FROM chef AS builder +FROM chef AS builder COPY --from=planner /app/recipe.json recipe.json # Build dependencies - this is the caching Docker layer! RUN cargo chef cook --release --recipe-path recipe.json @@ -17,7 +17,7 @@ RUN cargo chef cook --release --recipe-path recipe.json COPY . . RUN cargo build -FROM debian:bookworm-slim +FROM debian:trixie-slim COPY --from=builder /app/target/release/pgcat /usr/bin/pgcat COPY --from=builder /app/pgcat.toml /etc/pgcat/pgcat.toml WORKDIR /etc/pgcat diff --git a/dev/Dockerfile b/dev/Dockerfile index dc038673..45ff2957 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -1,11 +1,11 @@ -FROM rust:bullseye +FROM rust:trixie # Dependencies COPY --from=sclevine/yj /bin/yj /bin/yj RUN /bin/yj -h RUN apt-get update -y \ && apt-get install -y \ - llvm-11 psmisc postgresql-contrib postgresql-client \ + wget llvm-19 psmisc postgresql-contrib postgresql-client \ ruby ruby-dev libpq-dev python3 python3-pip lcov curl sudo iproute2 \ strace ngrep iproute2 dnsutils lsof net-tools telnet diff --git a/tests/docker/Dockerfile b/tests/docker/Dockerfile index ec77a2e1..6b53de9c 100644 --- a/tests/docker/Dockerfile +++ b/tests/docker/Dockerfile @@ -1,8 +1,8 @@ -FROM rust:1.81.0-slim-bookworm +FROM rust:1.88.0-slim-trixie COPY --from=sclevine/yj /bin/yj /bin/yj RUN /bin/yj -h -RUN apt-get update && apt-get install llvm-11 psmisc postgresql-contrib postgresql-client ruby ruby-dev libpq-dev python3 python3-pip lcov curl sudo iproute2 -y +RUN apt-get update && apt-get install wget llvm-19 psmisc postgresql-contrib postgresql-client ruby ruby-dev libpq-dev python3 python3-pip lcov curl sudo iproute2 -y RUN cargo install cargo-binutils rustfilt RUN rustup component add llvm-tools-preview RUN sudo gem install bundler