# Stage 1: Build the application # Use a specific Rust version for reproducibility. Choose one that matches your development environment. # Using slim variant for smaller base image FROM rust:1.88 as builder # Set the working directory inside the container WORKDIR /usr/src/app # Install build dependencies if needed (e.g., git for cloning) RUN apt-get update && apt-get install -y --no-install-recommends \ pkg-config libssl3 \ ca-certificates \ openssh-client git \ && rm -rf /var/lib/apt/lists/* # << --- ADD HOST KEY HERE --- >> # Replace 'yourgithost.com' with the actual hostname (e.g., github.com) RUN mkdir -p -m 0700 ~/.ssh && \ ssh-keyscan git.kundeng.us >> ~/.ssh/known_hosts # Copy Cargo manifests COPY Cargo.toml Cargo.lock ./ # Build *only* dependencies to leverage Docker cache # This dummy build caches dependencies as a separate layer RUN --mount=type=ssh mkdir src && \ echo "fn main() {println!(\"if you see this, the build broke\")}" > src/main.rs && \ cargo build --release --quiet && \ rm -rf src target/release/deps/songparser* # Clean up dummy build artifacts (replace songparser) # Copy the actual source code COPY src ./src # If you have other directories like `templates` or `static`, copy them too COPY .env ./.env # << --- SSH MOUNT ADDED HERE --- >> # Build *only* dependencies to leverage Docker cache # This dummy build caches dependencies as a separate layer # Mount the SSH agent socket for this command RUN --mount=type=ssh \ cargo build --release --quiet # Stage 2: Create the final, smaller runtime image # Use a minimal base image like debian-slim or even distroless for security/size FROM ubuntu:24.04 # Install runtime dependencies if needed (e.g., SSL certificates) RUN apt-get update && apt-get install -y ca-certificates libssl-dev libssl3 && rm -rf /var/lib/apt/lists/* # Set the working directory WORKDIR /usr/local/bin # Copy the compiled binary from the builder stage # Replace 'songparser' with the actual name of your binary (usually the crate name) COPY --from=builder /usr/src/app/target/release/songparser . # Copy other necessary files like .env (if used for runtime config) or static assets # It's generally better to configure via environment variables in Docker though COPY --from=builder /usr/src/app/.env . # Set the command to run your application # Ensure this matches the binary name copied above CMD ["./songparser"]