From 8498348fcf1aad531c790e638b244c1cc4b5f980 Mon Sep 17 00:00:00 2001 From: Pratik Tripathy Date: Tue, 28 Oct 2025 21:45:27 +0530 Subject: [PATCH] feat(snippet): Snippet for Dockerfile for rust app - With sccache & cargo-chef for faster builds - Docker cache-mount - Auto copy required shared-libraries to final image - Use debian 13 base image to use glibc & NOT musl - CA certs, zoneinfo, nsswitch copied to final image --- .../nvim/custom-snippets/dockerfile.json | 72 ++++++++++++++++++- 1 file changed, 70 insertions(+), 2 deletions(-) diff --git a/common/.config/nvim/custom-snippets/dockerfile.json b/common/.config/nvim/custom-snippets/dockerfile.json index 14b2657..617112f 100644 --- a/common/.config/nvim/custom-snippets/dockerfile.json +++ b/common/.config/nvim/custom-snippets/dockerfile.json @@ -1,6 +1,6 @@ { "Add User in Debian": { - "prefix": "userd", + "prefix": "adduser-debian", "description": "Add User to Debian Container", "body": [ "RUN groupadd -r ${1:username} && useradd -m -r -g ${1:username} ${1:username}", @@ -10,7 +10,7 @@ ] }, "Add User in Alpine": { - "prefix": "usera", + "prefix": "adduser-alpine", "description": "Add User to Alpine Container", "body": [ "RUN addgroup -S ${1:username} && adduser -S ${1} -G ${1}", @@ -18,5 +18,73 @@ "WORKDIR \/${2:workdir}", "RUN chown ${1}:${1} \/${2}" ] + }, + "Scratch Based Optimized Rust": { + "prefix": "rust-scratch", + "description": "Template for a Rust binary served from Docker", + "body": [ + "# syntax=docker/dockerfile:1", + "ARG RUST_VERSION=1.90.0", + "FROM rust:\\${RUST_VERSION\\}-slim-trixie as builder", + "", + "# Install sccache & its dependencies", + "# hadolint ignore=DL3008", + "RUN apt-get update && apt-get install --no-install-recommends -y \\\\", + " pkg-config \\\\", + " libssl-dev \\\\", + " && rm -rf /var/lib/apt/list/* \\\\", + " && cargo install sccache cargo-chef --locked", + "", + "# Configure sccache", + "ENV RUSTC_WRAPPER=sccache \\\\", + " SCCACHE_DIR=/sccache \\\\", + " CARGO_HOME=/usr/local/cargo", + "", + "WORKDIR /app", + "", + "# Copy dependency files first for better layer caching", + "COPY Cargo.toml Cargo.lock ./", + "RUN cargo chef prepare --recipe-path recipe.json", + "", + "# Build dependencies with cache mounts", + "RUN --mount=type=cache,target=${CARGO_HOME}/registry,sharing=locked \\\\", + " --mount=type=cache,target=${CARGO_HOME}/git,sharing=locked \\\\", + " --mount=type=cache,target=${SCCACHE_DIR},sharing=locked \\\\", + " cargo chef cook --release --recipe-path recipe.json", + "", + "# Copy source code and build application", + "COPY . .", + "RUN --mount=type=cache,target=${CARGO_HOME}/registry,sharing=locked \\\\", + " --mount=type=cache,target=${CARGO_HOME}/git,sharing=locked \\\\", + " --mount=type=cache,target=${SCCACHE_DIR},sharing=locked \\\\", + " cargo build --release", + "", + "# Find & extract library dependency tree using \"ldd\"", + "# hadolint ignore=DL4006,SC2016", + "RUN mkdir -p /app/deps && \\\\", + " find target/release -maxdepth 1 -type f -executable -exec ldd {} \\\\; | \\\\", + " awk '/\\\\//{print $(NF-1)}' | \\\\", + " xargs -I % sh -c 'mkdir -p /app/deps$(dirname %); cp % /app/deps%;'", + "", + "####### Target Image", + "FROM scratch", + "", + "# Copy the library dependency tree", + "COPY --from=builder /app/deps /", + "", + "# System essentials", + "COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/", + "COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo", + "COPY --from=builder --chmod=1777 /tmp /tmp", + "COPY --from=builder /etc/nsswitch.conf /etc", + "COPY --from=builder /etc/group /etc", + "COPY --from=builder /etc/passwd /etc", + "", + "USER nobody", + "", + "WORKDIR /app", + "COPY --from=builder --chown=nobody:nogroup /app/target/release/${1:appname} /app", + "CMD [\"/app/${1}\"]" + ] } }