# Simple fast Dockerfile - no fancy caching, just builds fast # Uses local cargo cache between builds ARG SERVICE_NAME FROM registry.nxtgauge.com/rust:alpine AS builder ARG SERVICE_NAME # Install build deps + rust toolchain (Alpine-packaged Rust lacks proc-macro support) RUN apk add --no-cache curl ca-certificates bash build-base musl-dev pkgconfig openssl-dev openssl-libs-static RUN update-ca-certificates RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain stable ENV PATH="/root/.cargo/bin:${PATH}" RUN rustup target add x86_64-unknown-linux-musl WORKDIR /app # Copy manifests first for better caching COPY Cargo.toml Cargo.lock ./ COPY crates/ ./crates/ # Copy all services so we can map hyphenated service names to underscore crate/bin names. COPY apps/ ./apps/ # Restrict workspace members to the selected service + shared crates. # This avoids requiring every `apps/*` manifest while preserving workspace deps. RUN svc=$(echo "${SERVICE_NAME}" | tr '-' '_') && \ awk -v svc="${svc}" '\ BEGIN { in_members = 0 } \ /^members = \[/ { \ print "members = ["; \ print " \"apps/" svc "\","; \ print " \"crates/contracts\","; \ print " \"crates/db\","; \ print " \"crates/auth\","; \ print " \"crates/storage\","; \ print " \"crates/cache\","; \ print " \"crates/email\""; \ in_members = 1; \ next; \ } \ in_members && /^\]/ { in_members = 0; print "]"; next } \ in_members { next } \ { print }' Cargo.toml > Cargo.toml.tmp && mv Cargo.toml.tmp Cargo.toml && \ echo "${svc}" > /tmp/service_bin # Build with all optimizations ENV RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-s" ENV OPENSSL_STATIC=1 ENV OPENSSL_DIR=/usr RUN cargo build --release \ --bin $(cat /tmp/service_bin) \ --target x86_64-unknown-linux-musl && \ cp /app/target/x86_64-unknown-linux-musl/release/$(cat /tmp/service_bin) /app/service # Runtime FROM scratch COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /app/service /app/service USER 65532:65532 EXPOSE 8000 ENTRYPOINT ["/app/service"]