From 224afb35474d3d7c185c0d58a046de263cb4612f Mon Sep 17 00:00:00 2001
From: JMARyA <jmarya@hydrar.de>
Date: Sat, 12 Nov 2022 01:06:21 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7=20drone?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile | 46 +++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 39 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 48bbc2a..3cd1346 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,47 @@
-FROM rust:buster as builder
+####################################################################################################
+## Builder
+####################################################################################################
+FROM rust:latest AS builder
+
+RUN rustup target add x86_64-unknown-linux-musl
+RUN apt update && apt install -y musl-tools musl-dev
+RUN update-ca-certificates
+
+# Create appuser
+ENV USER=actix
+ENV UID=10001
+
+RUN adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "/nonexistent" \
+    --shell "/sbin/nologin" \
+    --no-create-home \
+    --uid "${UID}" \
+    "${USER}"
 
-COPY . /app
 
 WORKDIR /app
 
-RUN cargo build --release
+COPY ./ .
 
-FROM debian
+RUN cargo build --target x86_64-unknown-linux-musl --release
 
-COPY --from=builder /app/target/release/me-site /bin/me-site
+####################################################################################################
+## Final image
+####################################################################################################
+FROM alpine
 
-VOLUME /config
+# Import from builder.
+COPY --from=builder /etc/passwd /etc/passwd
+COPY --from=builder /etc/group /etc/group
 
-CMD [ "./bin/me-site" ]
+WORKDIR /app
+
+# Copy our build
+COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/me-site ./
+
+# Use an unprivileged user.
+USER actix:actix
+
+CMD ["/me-site"]