From 5738d27bae33122544f389922b855cff5d375334 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 25 Jun 2025 16:55:35 -0600
Subject: chore: build optimized docker image

---
 .dockerignore | 10 ++++++++++
 Dockerfile    | 13 +++++++------
 2 files changed, 17 insertions(+), 6 deletions(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..e8da7cb4
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,10 @@
+target/
+.git/
+.gitignore
+*.md
+tests/
+.env*
+Dockerfile*
+.dockerignore
+tags
+mise.toml
diff --git a/Dockerfile b/Dockerfile
index 0c0bf256..0faffb8e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,14 @@
 # syntax=docker/dockerfile:1
-FROM rust:latest AS builder
+FROM rust:alpine AS builder
+RUN apk add --no-cache musl-dev
 WORKDIR /app
-RUN apt-get update && apt-get install -y musl-tools musl-dev
-RUN rustup target add x86_64-unknown-linux-musl
 COPY . ./
 RUN cargo build --release --target x86_64-unknown-linux-musl
+RUN strip /app/target/x86_64-unknown-linux-musl/release/authzd
 
-FROM scratch
+FROM gcr.io/distroless/static-debian12:nonroot
 EXPOSE 50051
-WORKDIR /var/www/
+WORKDIR /var/www
 COPY --from=builder /app/target/x86_64-unknown-linux-musl/release/authzd /bin/authzd
-CMD ["/bin/authzd"]
+COPY --from=builder /app/policies /etc/authzd/policies
+ENTRYPOINT ["/bin/authzd"]
-- 
cgit v1.2.3