minhtrannhat/email_newsletter_api
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(docker): optimize image

Browse Source 
- updated `h2` dependency to address security alert
This commit is contained in:
minhtrannhat 2024-05-10 22:03:23 -04:00
parent daf914bb8e
commit 96a6b6a351
Signed by: minhtrannhat
GPG Key ID: E13CFA85C53F8062
3 changed files with 42 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Cargo.lock generated
View File

@ -39,7 +39,7 @@ dependencies = [
"encoding_rs", "encoding_rs",
"flate2", "flate2",
"futures-core", "futures-core",
"h2 0.3.25", "h2 0.3.26",
"http 0.2.12", "http 0.2.12",
"httparse", "httparse",
"httpdate", "httpdate",
@ -613,6 +613,7 @@ dependencies = [
"actix-web", "actix-web",
"chrono", "chrono",
"config", "config",
"h2 0.3.26",
"once_cell", "once_cell",
"reqwest", "reqwest",
"secrecy", "secrecy",
@ -843,9 +844,9 @@ checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
[[package]] [[package]]
name = "h2" name = "h2"
version = "0.3.25" version = "0.3.26"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4fbd2820c5e49886948654ab546d0688ff24530286bdcf8fca3cefb16d4618eb" checksum = "81fe527a889e1532da5c525686d96d4c2e74cdd345badf8dfef9f6b39dd5f5e8"
dependencies = [ dependencies = [
"bytes", "bytes",
"fnv", "fnv",

1
Cargo.toml
View File

@ -29,6 +29,7 @@ tracing-log = "0.2.0"
once_cell = "1.19.0" once_cell = "1.19.0"
secrecy = { version = "0.8.0", features = ["serde"] } secrecy = { version = "0.8.0", features = ["serde"] }
tracing-actix-web = "0.7.10" tracing-actix-web = "0.7.10"
h2 = "0.3.26"
[dependencies.sqlx] [dependencies.sqlx]
version = "0.7" version = "0.7"

51
Dockerfile.production
View File

@ -1,20 +1,43 @@
# We use the latest Rust stable release as base image # Using the `rust-musl-builder` as base image, instead of
FROM rust:1.78.0 # the official Rust toolchain
# Let's switch our working directory to `app` (equivalent to `cd app`) FROM clux/muslrust:stable AS chef
# The `app` folder will be created for us by Docker in case it does not USER root
# exist already.
WORKDIR /app RUN cargo install cargo-chef
# Install the required system dependencies for our linking configuration
RUN apt update && apt install lld clang -y WORKDIR /app
FROM chef AS planner
# Copy all files from our working environment to our Docker image
COPY . . COPY . .
# Let's build our binary!
# We'll use the release profile to make it faaaast RUN cargo chef prepare --recipe-path recipe.json
FROM chef AS builder
COPY --from=planner /app/recipe.json recipe.json
# Notice that we are specifying the --target flag!
RUN cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json
COPY . .
ENV SQLX_OFFLINE true ENV SQLX_OFFLINE true
RUN cargo build --release
RUN cargo build --release --target x86_64-unknown-linux-musl --bin email_newsletter_api
FROM alpine AS runtime
WORKDIR /app
RUN addgroup -S myuser && adduser -S myuser -G myuser
COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/email_newsletter_api email_newsletter_api
COPY configuration configuration
USER myuser
ENV APP_ENVIRONMENT production ENV APP_ENVIRONMENT production
# When `docker run` is executed, launch the binary! ENTRYPOINT ["./email_newsletter_api"]
ENTRYPOINT ["./target/release/email_newsletter_api"]