chore(ci+cd): improve docker build

.github/workflows/ci.yml

@@ -10,7 +10,7 @@ env:
   CARGO_TERM_COLOR: always
 
 jobs:
-  build:
+  build-and-test:
     runs-on: ubuntu-latest
 
     steps:
@@ -23,3 +23,51 @@ jobs:
         run: cargo build --verbose
       - name: Run tests
         run: cargo test --verbose
+
+  build:
+    needs: build-and-test
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to the GitHub Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: docker-metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: |
+            ghcr.io/traceloop/hub # GitHub
+            traceloop/hub # Docker Hub
+          tags: |
+            type=sha
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          push: false
+          tags: ${{ steps.docker-metadata.outputs.tags }}
+          labels: ${{ steps.docker-metadata.outputs.labels }}
+          platforms: |
+            linux/amd64, linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/docker.yml

@@ -57,6 +57,8 @@ jobs:
           labels: ${{ steps.docker-metadata.outputs.labels }}
           platforms: |
             linux/amd64, linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
   deploy:
     name: Deploy to Traceloop
     runs-on: ubuntu-latest

Dockerfile

@@ -1,16 +1,39 @@
-FROM rust:1.82-bookworm AS builder
-
+FROM lukemathwalker/cargo-chef:latest-rust-1.82 AS chef
 WORKDIR /app
+
+# Planner stage - analyze dependencies
+FROM chef AS planner
+COPY . .
+RUN cargo chef prepare --recipe-path recipe.json
+
+# Builder stage with dependency caching
+FROM chef AS builder
+COPY --from=planner /app/recipe.json recipe.json
+# Build dependencies - this is the key caching layer
+RUN cargo chef cook --release --recipe-path recipe.json
+# Now build application code
 COPY . .
 RUN cargo build --release --bin hub
 
-FROM debian:bookworm-slim AS runtime
-RUN apt-get update && apt-get install -y openssl ca-certificates
+# Runtime stage - using Alpine for smaller image
+FROM alpine:3.19 AS runtime
+# Install SSL certificates and minimal dependencies
+RUN apk add --no-cache ca-certificates openssl libgcc
+
+# Create a non-root user to run the application
+RUN addgroup -S app && adduser -S app -G app
 WORKDIR /app
-COPY --from=builder /app/target/release/hub /usr/local/bin
-WORKDIR /etc
 
-ENV PORT 3000
+# Only copy the built binary
+COPY --from=builder /app/target/release/hub /usr/local/bin/
+RUN chmod +x /usr/local/bin/hub
+
+# Set environment variables
+ENV PORT=3000
 EXPOSE 3000
 
-ENTRYPOINT ["/usr/local/bin/hub"]
+# Use non-root user for better security
+USER app
+
+# Set the entrypoint
+ENTRYPOINT ["/usr/local/bin/hub"]