diff --git a/services/backup/Dockerfile b/services/backup/Dockerfile index f11e484a1..85ab82706 100644 --- a/services/backup/Dockerfile +++ b/services/backup/Dockerfile @@ -1,39 +1,39 @@ -FROM rust:1.70-bullseye as builder +FROM rust:1.75-bullseye as builder RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ build-essential cmake git libgtest-dev libssl-dev zlib1g-dev \ && rm -rf /var/lib/apt/lists/* WORKDIR /home/root/app/backup # Install more recent version of protobuf, must be ran as root COPY scripts/install_protobuf.sh ../../scripts/install_protobuf.sh RUN ../../scripts/install_protobuf.sh ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse # Copy actual application sources COPY shared ../../shared/ COPY services/backup ./ RUN cargo install --locked --path . # Runner stage FROM debian:bullseye-slim as runner # Update dependencies, install ca-certificates which are required for TLS RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ ca-certificates \ && rm -rf /var/lib/apt/lists/* # Only copy built binary from builder stage COPY --from=builder /usr/local/cargo/bin/backup /usr/local/bin/backup WORKDIR /home/comm/app/backup # Create a new user comm and use it to run subsequent commands RUN useradd -m comm USER comm ENV RUST_LOG=info CMD ["backup"] diff --git a/services/blob/Dockerfile b/services/blob/Dockerfile index 7f188e9e2..e8856d760 100644 --- a/services/blob/Dockerfile +++ b/services/blob/Dockerfile @@ -1,41 +1,40 @@ -FROM rust:1.70-bullseye as builder +FROM rust:1.75-bullseye as builder RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ build-essential cmake git libgtest-dev libssl-dev zlib1g-dev \ && rm -rf /var/lib/apt/lists/* WORKDIR /home/root/app/blob # Install more recent version of protobuf, must be ran as root COPY scripts/install_protobuf.sh ../../scripts/install_protobuf.sh RUN ../../scripts/install_protobuf.sh ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse # Copy actual application sources COPY shared ../../shared/ COPY services/blob ./ RUN cargo install --locked --path . # Runner stage FROM debian:bullseye-slim as runner # Update dependencies, install ca-certificates which are required for TLS RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ ca-certificates \ && rm -rf /var/lib/apt/lists/* # Only copy built binary from builder stage COPY --from=builder /usr/local/cargo/bin/blob /usr/local/bin/blob WORKDIR /home/comm/app/blob # Create a new user comm and use it to run subsequent commands RUN useradd -m comm USER comm ENV RUST_LOG=info CMD ["blob", "server"] - diff --git a/services/commtest/Dockerfile b/services/commtest/Dockerfile index 02808eb50..e52e6e1b2 100644 --- a/services/commtest/Dockerfile +++ b/services/commtest/Dockerfile @@ -1,45 +1,45 @@ -FROM rust:1.70-bullseye +FROM rust:1.75-bullseye RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ build-essential cmake git libgtest-dev libssl-dev zlib1g-dev \ gnupg software-properties-common python3-pip # These steps are required to install terraform RUN wget -O- https://apt.releases.hashicorp.com/gpg | \ gpg --dearmor | \ tee /usr/share/keyrings/hashicorp-archive-keyring.gpg \ && echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \ tee /etc/apt/sources.list.d/hashicorp.list \ && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ terraform && rm -rf /var/lib/apt/lists/* # install aws-cli v2, we must do this manually and per-platform ARG TARGETPLATFORM RUN if [ $(echo $TARGETPLATFORM | cut -d / -f2) = "arm64" ]; then \ curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o "awscliv2.zip"; \ else \ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"; \ fi RUN unzip -q awscliv2.zip && ./aws/install \ && rm -rf awscliv2.zip aws WORKDIR /home/root/app/commtest # Install cargo lambda RUN pip3 install cargo-lambda # Install more recent version of protobuf, must be ran as root COPY scripts/install_protobuf.sh ../../scripts/install_protobuf.sh RUN ../../scripts/install_protobuf.sh ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse # Copy actual application sources COPY shared ../../shared/ COPY services/terraform/dev ../terraform/dev COPY services/terraform/modules ../terraform/modules COPY services/commtest ./ COPY services/search-index-lambda ../search-index-lambda CMD ["bash", "./run-tests-ci.sh"] diff --git a/services/feature-flags/Dockerfile b/services/feature-flags/Dockerfile index 67c20325f..bc4487582 100644 --- a/services/feature-flags/Dockerfile +++ b/services/feature-flags/Dockerfile @@ -1,35 +1,35 @@ -FROM rust:1.70-bullseye as builder +FROM rust:1.75-bullseye as builder RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ build-essential cmake git libgtest-dev libssl-dev zlib1g-dev \ && rm -rf /var/lib/apt/lists/* WORKDIR /home/root/app/feature-flags ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse # Copy actual application sources COPY shared ../../shared/ COPY services/feature-flags ./ RUN cargo install --locked --path . # Runner stage FROM debian:bullseye-slim as runner # Update dependencies, install ca-certificates which are required for TLS RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ ca-certificates \ && rm -rf /var/lib/apt/lists/* # Only copy built binary from builder stage COPY --from=builder /usr/local/cargo/bin/feature-flags /usr/local/bin/feature-flags WORKDIR /home/comm/app/feature-flags # Create a new user comm and use it to run subsequent commands RUN useradd -m comm USER comm ENV RUST_LOG=info CMD ["feature-flags"] diff --git a/services/identity/Dockerfile b/services/identity/Dockerfile index 1b364c9bc..0b2f6ae49 100644 --- a/services/identity/Dockerfile +++ b/services/identity/Dockerfile @@ -1,47 +1,47 @@ -FROM rust:1.70-bullseye as builder +FROM rust:1.75-bullseye as builder RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ build-essential cmake git libgtest-dev libssl-dev zlib1g-dev \ && rm -rf /var/lib/apt/lists/* \ && mkdir -p /home/root/app/ WORKDIR /home/root/app # Install more recent version of protobuf, must be ran as root COPY scripts/install_protobuf.sh ../../scripts/install_protobuf.sh RUN ../../scripts/install_protobuf.sh RUN mkdir -p /home/comm/app/identity WORKDIR /home/comm/app/identity RUN cargo init --bin COPY services/identity/Cargo.toml services/identity/Cargo.lock ./ COPY shared/ ../../shared/ # Cache build dependencies in a new layer RUN cargo build --release RUN rm src/*.rs COPY services/identity . RUN cargo install --locked --path . FROM debian:bullseye-slim RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ ca-certificates \ && rm -rf /var/lib/apt/lists/* \ && useradd -m comm WORKDIR /home/comm/app/identity COPY --from=builder /usr/local/cargo/bin/identity \ /usr/local/bin/identity # For test/debug builds, optionally generate OPAQUE keypair file ARG generate_keypair RUN if [ "$generate_keypair" = "true" ]; then identity keygen; fi USER comm CMD ["identity", "server"] diff --git a/services/reports/Dockerfile b/services/reports/Dockerfile index 652062cf9..636f88099 100644 --- a/services/reports/Dockerfile +++ b/services/reports/Dockerfile @@ -1,39 +1,39 @@ -FROM rust:1.70-bullseye as builder +FROM rust:1.75-bullseye as builder RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ build-essential cmake git libgtest-dev libssl-dev zlib1g-dev \ && rm -rf /var/lib/apt/lists/* WORKDIR /home/root/app/reports # Install more recent version of protobuf, must be ran as root COPY scripts/install_protobuf.sh ../../scripts/install_protobuf.sh RUN ../../scripts/install_protobuf.sh ENV CARGO_REGISTRIES_CRATES_IO_PROTOCOL=sparse # Copy actual application sources COPY shared ../../shared/ COPY services/reports ./ RUN cargo install --locked --path . # Runner stage FROM debian:bullseye-slim as runner # Update dependencies, install ca-certificates which are required for TLS RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ ca-certificates \ && rm -rf /var/lib/apt/lists/* # Only copy built binary from builder stage COPY --from=builder /usr/local/cargo/bin/reports /usr/local/bin/reports WORKDIR /home/comm/app/reports # Create a new user comm and use it to run subsequent commands RUN useradd -m comm USER comm ENV RUST_LOG=info CMD ["reports"] diff --git a/services/tunnelbroker/Dockerfile b/services/tunnelbroker/Dockerfile index b7c475987..eddc03b8f 100644 --- a/services/tunnelbroker/Dockerfile +++ b/services/tunnelbroker/Dockerfile @@ -1,35 +1,35 @@ -FROM rust:1.70-bullseye as builder +FROM rust:1.75-bullseye as builder RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ build-essential cmake git libgtest-dev libssl-dev zlib1g-dev \ && rm -rf /var/lib/apt/lists/* \ && mkdir -p /home/root/app/ WORKDIR /home/root/app # Install more recent version of protobuf, must be ran as root COPY scripts/install_protobuf.sh ../../scripts/install_protobuf.sh RUN ../../scripts/install_protobuf.sh COPY services/tunnelbroker . COPY shared ../../shared/ RUN cargo install --locked --path . FROM debian:bullseye-slim as runner RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \ ca-certificates \ && rm -rf /var/lib/apt/lists/* \ && useradd -m comm \ && mkdir -p /home/comm/app/tunnelbroker WORKDIR /home/comm/app/tunnelbroker COPY --from=builder /usr/local/cargo/bin/tunnelbroker \ /usr/local/bin/tunnelbroker USER comm CMD ["tunnelbroker"]