FROM clux/muslrust:stable AS chef
USER root
RUN cargo install cargo-chef
RUN mkdir -p -m 0600 ~/.ssh && ssh-keyscan github.com >> ~/.ssh/known_hosts
WORKDIR /app

FROM chef AS planner
#COPY ./.cargo/ ./.cargo/
COPY ./Cargo.lock ./
COPY ./Cargo.toml ./
COPY ./src/ ./src/
COPY ./defaults.toml ./defaults.toml
RUN cargo chef prepare --recipe-path recipe.json

FROM chef AS builder
COPY --from=planner /app/recipe.json recipe.json
RUN --mount=type=ssh cargo chef cook --release --target x86_64-unknown-linux-musl --recipe-path recipe.json
COPY --from=planner /app/ ./
RUN cargo build --release --target x86_64-unknown-linux-musl --bin sprigbot

FROM alpine AS runtime
COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/sprigbot /usr/local/bin/sprigbot
# AWS Fargate requires the container to expose port 80 matching with host port
# 80, so we will forgo running this as a user and instead run as root.
# Alternatively, it's possible to use CAP_NET_BIND_SERVICE or authbind to allow
# non-root users to bind to port 80, but these approaches add complexity
# without much security benefit because this application the only thing running
# in the container.
USER root
EXPOSE 80
CMD ["sprigbot"]
LABEL org.opencontainers.image.source https://github.com/wyc/sprigbot