chore: build optimized docker image

author: mo khan <mo@mokhan.ca> 2025-06-25 16:55:35 -0600
committer: mo khan <mo@mokhan.ca> 2025-06-25 16:55:35 -0600
commit: 5738d27bae33122544f389922b855cff5d375334 (patch)
tree: 468f76ad62258fd5ce3e912a0bdab5118e6ff78b
parent: 145ec6d9d497985d53e0b6a40858b4ac2cb12f8a (diff)
2 files changed, 17 insertions, 6 deletions
diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..e8da7cb4
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,10 @@
+target/
+.git/
+.gitignore
+*.md
+tests/
+.env*
+Dockerfile*
+.dockerignore
+tags
+mise.toml
diff --git a/Dockerfile b/Dockerfile
index 0c0bf256..0faffb8e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,14 @@
 # syntax=docker/dockerfile:1
-FROM rust:latest AS builder
+FROM rust:alpine AS builder
+RUN apk add --no-cache musl-dev
 WORKDIR /app
-RUN apt-get update && apt-get install -y musl-tools musl-dev
-RUN rustup target add x86_64-unknown-linux-musl
 COPY . ./
 RUN cargo build --release --target x86_64-unknown-linux-musl
+RUN strip /app/target/x86_64-unknown-linux-musl/release/authzd
 
-FROM scratch
+FROM gcr.io/distroless/static-debian12:nonroot
 EXPOSE 50051
-WORKDIR /var/www/
+WORKDIR /var/www
 COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/authzd /bin/authzd
-CMD ["/bin/authzd"]
+COPY --from=builder /app/policies /etc/authzd/policies
+ENTRYPOINT ["/bin/authzd"]
author	mo khan <mo@mokhan.ca>	2025-06-25 16:55:35 -0600
committer	mo khan <mo@mokhan.ca>	2025-06-25 16:55:35 -0600
commit	5738d27bae33122544f389922b855cff5d375334 (patch)
tree	468f76ad62258fd5ce3e912a0bdab5118e6ff78b
parent	145ec6d9d497985d53e0b6a40858b4ac2cb12f8a (diff)