-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
115 lines (95 loc) · 3.83 KB
/
Dockerfile
File metadata and controls
115 lines (95 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
# =============================================================================
# Selfware Dockerfile - Multi-stage Production Build
# =============================================================================
# Build: docker build -t selfware .
# Run: docker run --rm -it selfware --help
# =============================================================================
# -----------------------------------------------------------------------------
# Stage 1: Builder
# -----------------------------------------------------------------------------
FROM rust:bookworm AS builder
# Install build dependencies
# - libssl-dev: Required for reqwest/native-tls
# - pkg-config: Required for OpenSSL discovery
# - cmake: Required for libgit2
# - libdbus-1-dev: Required for xcap (screen capture) via libdbus-sys
# - libxcb*-dev: Required for xcap X11 screen capture on Linux
RUN apt-get update && apt-get install -y --no-install-recommends \
pkg-config \
libssl-dev \
cmake \
libdbus-1-dev \
libxcb1-dev \
libxcb-randr0-dev \
libxcb-shm0-dev \
libxcb-composite0-dev \
&& rm -rf /var/lib/apt/lists/*
# Create a new empty project for dependency caching
WORKDIR /app
# Copy manifests first for better layer caching
COPY Cargo.toml Cargo.lock ./
# Create dummy source files and directories to build dependencies
RUN mkdir -p src/bin && \
echo "fn main() {}" > src/main.rs && \
echo "// dummy lib" > src/lib.rs && \
echo "fn main() {}" > src/bin/vlm_gen_fixtures.rs && \
echo "fn main() {}" > src/bin/vlm_bench_run.rs && \
mkdir -p benches && \
echo "fn main() {}" > benches/token_processing.rs && \
echo "fn main() {}" > benches/vlm_benchmark.rs && \
mkdir -p tests/unit && echo "" > tests/unit/mod.rs && \
mkdir -p tests/integration && echo "" > tests/integration/mod.rs
# Build dependencies only (this layer will be cached)
RUN cargo build --release 2>/dev/null || true && rm -rf src benches tests
# Copy the actual source code
COPY src ./src
COPY tests ./tests
COPY benches ./benches
COPY examples ./examples
COPY templates ./templates
COPY selfware-qa-schema.yaml ./selfware-qa-schema.yaml
# Touch source files to ensure cargo rebuilds with actual code
RUN touch src/main.rs src/lib.rs
# Build the release binary
RUN cargo build --release --bin selfware
# Strip debug symbols for smaller binary
RUN strip /app/target/release/selfware
# -----------------------------------------------------------------------------
# Stage 2: Runtime
# -----------------------------------------------------------------------------
FROM debian:bookworm-slim AS runtime
# Install runtime dependencies
# - ca-certificates: Required for HTTPS connections
# - libssl3: Required for TLS/SSL
# - libgcc-s1: Required for Rust binaries
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
libssl3 \
libgcc-s1 \
curl \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Create non-root user for security
RUN groupadd --gid 1000 selfware && \
useradd --uid 1000 --gid selfware --shell /bin/bash --create-home selfware
# Create necessary directories
RUN mkdir -p /home/selfware/.config/selfware && \
mkdir -p /home/selfware/.local/share/selfware && \
chown -R selfware:selfware /home/selfware
# Copy the binary from builder
COPY --from=builder /app/target/release/selfware /usr/local/bin/selfware
# Ensure binary is executable
RUN chmod +x /usr/local/bin/selfware
# Switch to non-root user
USER selfware
WORKDIR /home/selfware
# Set environment variables
ENV RUST_LOG=info
ENV HOME=/home/selfware
ENV SELFWARE_HEALTH_PORT=9091
# Health check using HTTP endpoint with fallback to version check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD curl -sf http://127.0.0.1:9091/ || selfware --version || exit 1
# Default entrypoint
ENTRYPOINT ["selfware"]
CMD ["--help"]