Added Docker file (#117)
* Added Docker file * Added docker files * Updated docker Added icarus_auth and second db * Cleanup * Docker changes * Saving changes Still running into issues with icarus_auth starting in docker. Must be related to credentials or url * Changes to docker * Got auth_api working * Cleanup * Docker cleanup * Updated gitignore * Added README * Updated gitignore * Added directory to ignore to dockerignore * File name change
This commit was merged in pull request #117.
This commit is contained in:
@@ -0,0 +1,21 @@
|
||||
# Ignore build artifacts
|
||||
target/
|
||||
pkg/
|
||||
|
||||
# Ignore git directory
|
||||
.git/
|
||||
|
||||
.github/
|
||||
|
||||
# Ignore environment files (configure via docker-compose instead)
|
||||
.env*
|
||||
|
||||
# Ignore IDE/editor specific files
|
||||
.idea/
|
||||
.vscode/
|
||||
|
||||
# Ignore OS specific files
|
||||
*.DS_Store
|
||||
|
||||
# Add any other files/directories you don't need in the image
|
||||
# e.g., logs/, tmp/
|
||||
@@ -2,3 +2,6 @@
|
||||
|
||||
/target
|
||||
Cargo.lock
|
||||
.env
|
||||
|
||||
.DS_STORE
|
||||
|
||||
+69
@@ -0,0 +1,69 @@
|
||||
# Stage 1: Build the application
|
||||
# Use a specific Rust version for reproducibility. Choose one that matches your development environment.
|
||||
# Using slim variant for smaller base image
|
||||
FROM rust:1.86 as builder
|
||||
|
||||
# Set the working directory inside the container
|
||||
WORKDIR /usr/src/app
|
||||
|
||||
# Install build dependencies if needed (e.g., for certain crates like sqlx with native TLS)
|
||||
# RUN apt-get update && apt-get install -y pkg-config libssl-dev
|
||||
|
||||
# Install build dependencies if needed (e.g., git for cloning)
|
||||
RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
pkg-config libssl3 \
|
||||
ca-certificates \
|
||||
openssh-client git \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# << --- ADD HOST KEY HERE --- >>
|
||||
# Replace 'yourgithost.com' with the actual hostname (e.g., github.com)
|
||||
RUN mkdir -p -m 0700 ~/.ssh && \
|
||||
ssh-keyscan git.kundeng.us >> ~/.ssh/known_hosts
|
||||
|
||||
# Copy Cargo manifests
|
||||
COPY Cargo.toml Cargo.lock ./
|
||||
|
||||
# Build *only* dependencies to leverage Docker cache
|
||||
# This dummy build caches dependencies as a separate layer
|
||||
RUN --mount=type=ssh mkdir src && \
|
||||
echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs && \
|
||||
cargo build --release --quiet && \
|
||||
rm -rf src target/release/deps/icarus* # Clean up dummy build artifacts (replace icarus)
|
||||
|
||||
# Copy the actual source code
|
||||
COPY src ./src
|
||||
# If you have other directories like `templates` or `static`, copy them too
|
||||
COPY .env ./.env
|
||||
|
||||
# << --- SSH MOUNT ADDED HERE --- >>
|
||||
# Build *only* dependencies to leverage Docker cache
|
||||
# This dummy build caches dependencies as a separate layer
|
||||
# Mount the SSH agent socket for this command
|
||||
RUN --mount=type=ssh \
|
||||
cargo build --release --quiet
|
||||
|
||||
# Stage 2: Create the final, smaller runtime image
|
||||
# Use a minimal base image like debian-slim or even distroless for security/size
|
||||
FROM ubuntu:24.04
|
||||
|
||||
# Install runtime dependencies if needed (e.g., SSL certificates)
|
||||
RUN apt-get update && apt-get install -y ca-certificates libssl-dev libssl3 && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Set the working directory
|
||||
WORKDIR /usr/local/bin
|
||||
|
||||
# Copy the compiled binary from the builder stage
|
||||
# Replace 'icarus' with the actual name of your binary (usually the crate name)
|
||||
COPY --from=builder /usr/src/app/target/release/icarus .
|
||||
|
||||
# Copy other necessary files like .env (if used for runtime config) or static assets
|
||||
# It's generally better to configure via environment variables in Docker though
|
||||
COPY --from=builder /usr/src/app/.env .
|
||||
|
||||
# Expose the port your Axum app listens on (e.g., 3000 or 8000)
|
||||
EXPOSE 3000
|
||||
|
||||
# Set the command to run your application
|
||||
# Ensure this matches the binary name copied above
|
||||
CMD ["./icarus"]
|
||||
@@ -0,0 +1,15 @@
|
||||
|
||||
|
||||
# Getting Started
|
||||
## Docker
|
||||
Make sure `icarus_auth` is located in the root of the parent directory if using docker.
|
||||
|
||||
Create a `.env` file for both projects - `icarus_auth` and `icarus` - in the root of each project.
|
||||
|
||||
Build containers
|
||||
```
|
||||
docker compose build --ssh default api auth_api
|
||||
```
|
||||
|
||||
Bring it up
|
||||
docker compose up -d --force-recreate api auth_api
|
||||
@@ -0,0 +1,109 @@
|
||||
version: '3.8' # Use a recent version
|
||||
|
||||
services:
|
||||
# --- Web API ---
|
||||
api:
|
||||
build: . # Tells docker-compose to build the Dockerfile in the current directory
|
||||
container_name: icarus # Optional: Give the container a specific name
|
||||
ports:
|
||||
# Map host port 8000 to container port 3000 (adjust as needed)
|
||||
# Format: "HOST_PORT:CONTAINER_PORT"
|
||||
- "8000:3000"
|
||||
env_file:
|
||||
- .env
|
||||
depends_on:
|
||||
main_db:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- main-api-network
|
||||
restart: unless-stopped # Optional: Restart policy
|
||||
|
||||
# --- Web API auth ---
|
||||
auth_api:
|
||||
build:
|
||||
context: ../icarus_auth # IMPORTANT: Relative path to the local checkout of your web API repo (containing the Dockerfile)
|
||||
dockerfile: Dockerfile # Optional: Specify if your Dockerfile has a non-standard name
|
||||
container_name: auth_api
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "8001:3000" # Map host port 8000 to container port 8000 (adjust container port based on your app's EXPOSE in Dockerfile)
|
||||
# environment:
|
||||
# Environment variables your API needs, e.g., database connection
|
||||
# Add other necessary environment variables
|
||||
env_file:
|
||||
- ../icarus_auth/.env
|
||||
depends_on:
|
||||
auth_db:
|
||||
condition: service_healthy
|
||||
networks:
|
||||
- auth-api-network
|
||||
# Optional: Mount local code for development (live reload)
|
||||
# volumes:
|
||||
# - ./path/to/your/web-api-repo:/app
|
||||
|
||||
# PostgreSQL Database Service
|
||||
# --- icarus web api db ---
|
||||
main_db:
|
||||
image: postgres:17.4-alpine # Use an official Postgres image (Alpine variant is smaller)
|
||||
container_name: icarus_db # Optional: Give the container a specific name
|
||||
environment:
|
||||
# These MUST match the user, password, and database name in the DATABASE_URL above
|
||||
POSTGRES_USER: ${POSTGRES_USER:-icarus}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-password}
|
||||
POSTGRES_DB: ${POSTGRES_DB:-icarus_db}
|
||||
volumes:
|
||||
# Persist database data using a named volume
|
||||
- postgres_data:/var/lib/postgresql/data
|
||||
ports:
|
||||
# Optional: Expose port 5432 ONLY if you need to connect directly from your host machine (e.g., for debugging)
|
||||
- "5432:5432"
|
||||
healthcheck:
|
||||
# Checks if Postgres is ready to accept connections
|
||||
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 10s
|
||||
restart: always # Optional: Restart policy
|
||||
networks:
|
||||
- main-api-network
|
||||
|
||||
# --- icarus web auth api db ---
|
||||
auth_db:
|
||||
image: postgres:17.4-alpine # Use an official Postgres image (Alpine variant is smaller)
|
||||
container_name: icarus_auth_db # Optional: Give the container a specific name
|
||||
environment:
|
||||
# These MUST match the user, password, and database name in the DATABASE_URL above
|
||||
POSTGRES_USER: ${POSTGRES_USER:-icarus_op}
|
||||
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-password}
|
||||
POSTGRES_DB: ${POSTGRES_DB:-icarus_auth_db}
|
||||
volumes:
|
||||
# Persist database data using a named volume
|
||||
- postgres_data_auth:/var/lib/postgresql/data
|
||||
ports:
|
||||
# Optional: Expose port 5432 ONLY if you need to connect directly from your host machine (e.g., for debugging)
|
||||
- "5433:5432"
|
||||
healthcheck:
|
||||
# Checks if Postgres is ready to accept connections
|
||||
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 5
|
||||
start_period: 10s
|
||||
restart: always # Optional: Restart policy
|
||||
networks:
|
||||
- auth-api-network
|
||||
|
||||
# Define the named volume for data persistence
|
||||
volumes:
|
||||
postgres_data:
|
||||
driver: local # Use the default local driver
|
||||
postgres_data_auth:
|
||||
driver: local # Use the default local driver
|
||||
|
||||
# Define the network (optional, but good practice)
|
||||
networks:
|
||||
main-api-network:
|
||||
driver: bridge
|
||||
auth-api-network:
|
||||
driver: bridge
|
||||
Reference in New Issue
Block a user