add enable_federated_downvotes site option

[lemmy.git] / docker / Dockerfile

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 6f793d4215326b72fbbe54b763dc80b32b3e4f8c..02c2e572c9e7c69f4744ca7b3836c3eec1ba191e 100644 (file)
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,55 +1,45 @@
-# FIXME: use "--platform=$BUILDPLATFORM" and solve openssl cross-compile issue
-FROM rust:1.67.0-alpine as builder
-
-# Install build dependencies
-RUN apk add --no-cache git openssl-dev libpq-dev musl-dev
-
-# Set the working directory to /app and copy the source code
+FROM clux/muslrust:1.70.0 as builder
 WORKDIR /app
-COPY . .
+ARG CARGO_BUILD_TARGET=x86_64-unknown-linux-musl
 
-# Set the target architecture (can be set using --build-arg), buildx set it automatically
-ARG TARGETARCH
+# comma-seperated list of features to enable
+ARG CARGO_BUILD_FEATURES=default
 
 # This can be set to release using --build-arg
 ARG RUST_RELEASE_MODE="debug"
 
-# Prepare toolchain
-# Docker and Rust use different architecture naming schemas, so we have to convert them
-RUN case $TARGETARCH in \
-      arm64) RUSTARCH=aarch64 ;; \
-      amd64) RUSTARCH=x86_64 ;; \
-      *) echo "unsupported architecture: $TARGETARCH"; exit 3 ;; \
-    esac \
- && echo "RUSTARCH=$RUSTARCH" >> .buildenv
+COPY . .
 
+# Build the project
+    
 # Debug mode build
 RUN --mount=type=cache,target=/app/target \
-    if [ "$RUST_RELEASE_MODE" = "debug" ]; then \
-      source .buildenv \
-      && echo "pub const VERSION: &str = \"$(git describe --tag)\";" > "crates/utils/src/version.rs" \
-      && rustup target add ${RUSTARCH}-unknown-linux-musl \
-      && cargo build --target ${RUSTARCH}-unknown-linux-musl \
-      && cp ./target/${RUSTARCH}-unknown-linux-musl/${RUST_RELEASE_MODE}/lemmy_server /app/lemmy_server; \
+    if [ "$RUST_RELEASE_MODE" = "debug" ] ; then \
+      echo "pub const VERSION: &str = \"$(git describe --tag)\";" > "crates/utils/src/version.rs" \
+      && cargo build --target ${CARGO_BUILD_TARGET} --features ${CARGO_BUILD_FEATURES} \
+      && cp ./target/$CARGO_BUILD_TARGET/$RUST_RELEASE_MODE/lemmy_server /app/lemmy_server; \
     fi
 
 # Release mode build
 RUN \
-    if [ "$RUST_RELEASE_MODE" = "release" ]; then \
-      source .buildenv \
-      && rustup target add ${RUSTARCH}-unknown-linux-musl \
-      && cargo build --target ${RUSTARCH}-unknown-linux-musl --release \
-      && cp ./target/${RUSTARCH}-unknown-linux-musl/${RUST_RELEASE_MODE}/lemmy_server /app/lemmy_server; \
+    if [ "$RUST_RELEASE_MODE" = "release" ] ; then \
+      echo "pub const VERSION: &str = \"$(git describe --tag)\";" > "crates/utils/src/version.rs" \
+      && cargo build --target ${CARGO_BUILD_TARGET} --features ${CARGO_BUILD_FEATURES} --release \
+      && cp ./target/$CARGO_BUILD_TARGET/$RUST_RELEASE_MODE/lemmy_server /app/lemmy_server; \
     fi
 
-# The Alpine runner
+# The alpine runner
 FROM alpine:3 as lemmy
 
-# Install libpq for Postgres
-RUN apk add --no-cache ca-certificates libpq
+# Install libpq for postgres
+RUN apk add --no-cache libpq
 
 # Copy resources
 COPY --from=builder /app/lemmy_server /app/lemmy
 
-EXPOSE 8536
+# Create non-privileged user
+RUN adduser -h /app -s sh -S -u 1000 lemmy
+RUN chown -R lemmy /app
+USER lemmy
+
 CMD ["/app/lemmy"]