backend/seckelapi/Containerfile


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

# Multi-stage build for SeckelAPI
FROM docker.io/library/rust:1.92-slim-trixie AS builder

WORKDIR /build

# Install build dependencies
RUN apt-get update && \
    apt-get install -y pkg-config libssl-dev && \
    rm -rf /var/lib/apt/lists/*

# Copy source code
COPY sources/ .

# Build release binary
RUN cargo build --release

# Runtime stage - minimal Debian image
FROM docker.io/library/debian:trixie-slim

WORKDIR /app

# Install runtime dependencies
RUN apt-get update && \
    apt-get install -y ca-certificates libssl3 && \
    rm -rf /var/lib/apt/lists/*

# Copy binary and config from builder
COPY --from=builder /build/target/release/seckelapi /app/seckelapi
COPY sources/config/ /app/config/

# Expose API port
EXPOSE 5777

# Run as non-root user
RUN useradd -r -u 1000 seckelapi && \
    chown -R seckelapi:seckelapi /app
USER seckelapi

CMD ["/app/seckelapi"]