committing to insanit

author: UMTS at Teleco <crt@teleco.ch> 2025-12-13 02:59:39 +0100
committer: UMTS at Teleco <crt@teleco.ch> 2025-12-13 02:59:39 +0100
commit: b51d33cb373e591d16892bde492616655ac9ec51 (patch)
tree: 465d110a023857309806da5fc821de52573e2593 /backend/seckelapi/Containerfile
1 files changed, 39 insertions, 0 deletions
diff --git a/backend/seckelapi/Containerfile b/backend/seckelapi/Containerfile
new file mode 100644
index 0000000..d36a165
--- /dev/null
+++ b/backend/seckelapi/Containerfile
@@ -0,0 +1,39 @@
+# Multi-stage build for SeckelAPI
+FROM docker.io/library/rust:1.92-slim-trixie AS builder
+
+WORKDIR /build
+
+# Install build dependencies
+RUN apt-get update && \
+    apt-get install -y pkg-config libssl-dev && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy source code
+COPY sources/ .
+
+# Build release binary
+RUN cargo build --release
+
+# Runtime stage - minimal Debian image
+FROM docker.io/library/debian:trixie-slim
+
+WORKDIR /app
+
+# Install runtime dependencies
+RUN apt-get update && \
+    apt-get install -y ca-certificates libssl3 && \
+    rm -rf /var/lib/apt/lists/*
+
+# Copy binary and config from builder
+COPY --from=builder /build/target/release/seckelapi /app/seckelapi
+COPY sources/config/ /app/config/
+
+# Expose API port
+EXPOSE 5777
+
+# Run as non-root user
+RUN useradd -r -u 1000 seckelapi && \
+    chown -R seckelapi:seckelapi /app
+USER seckelapi
+
+CMD ["/app/seckelapi"]
author	UMTS at Teleco <crt@teleco.ch>	2025-12-13 02:59:39 +0100
committer	UMTS at Teleco <crt@teleco.ch>	2025-12-13 02:59:39 +0100
commit	b51d33cb373e591d16892bde492616655ac9ec51 (patch)
tree	465d110a023857309806da5fc821de52573e2593 /backend/seckelapi/Containerfile