diff --git a/.dockerignore b/.dockerignore index a97be14..32bc0c2 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,6 +3,6 @@ example.env build dev-services -bacon.toml target +node_modules .DS_Store diff --git a/.gitignore b/.gitignore index c757e57..e9254ac 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ target +.sqlx .env .DS_Store node_modules diff --git a/Dockerfile b/Containerfile similarity index 50% rename from Dockerfile rename to Containerfile index 8b7505e..66baebd 100644 --- a/Dockerfile +++ b/Containerfile @@ -1,5 +1,6 @@ -FROM lukemathwalker/cargo-chef:latest-rust-1.87.0 AS chef +FROM docker.io/rustlang/rust:nightly AS chef WORKDIR /app +RUN cargo install cargo-chef && rm -rf $CARGO_HOME/registry/ FROM chef AS planner COPY . . @@ -11,16 +12,21 @@ COPY --from=planner /app/recipe.json recipe.json RUN cargo chef cook --release --recipe-path recipe.json # Build application COPY . . -RUN cargo build --release --bin phonograph +RUN cargo build --release --bin phono-server # We do not need the Rust toolchain to run the binary! FROM debian:bookworm-slim AS runtime -RUN apt-get update && apt-get install -y libpq-dev -WORKDIR /app -COPY --from=builder /app/target/release/phonograph /usr/local/bin +RUN apt-get update && apt-get install -y libpq-dev ca-certificates + +# User should be set by UID to make the K8s `runAsNonRoot` check's job easier. +RUN useradd -m -u 1000 app +USER 1000 + +WORKDIR /home/app +COPY --from=builder /app/target/release/phono-server /usr/local/bin COPY ./css_dist ./css_dist COPY ./js_dist ./js_dist COPY ./static ./static -ENTRYPOINT ["/usr/local/bin/phonograph"] +ENTRYPOINT ["/usr/local/bin/phono-server"] diff --git a/dev-services/docker-entrypoint-initdb.d/init-app.sql b/dev-services/docker-entrypoint-initdb.d/init-app.sql index e69de29..d441503 100644 --- a/dev-services/docker-entrypoint-initdb.d/init-app.sql +++ b/dev-services/docker-entrypoint-initdb.d/init-app.sql @@ -0,0 +1,6 @@ +create user app createdb createrole password 'guest'; +grant connect on database postgres to app; + +create schema app; +grant usage, create on schema app to app; +alter role app set search_path = app; diff --git a/mise.toml b/mise.toml index 03ed4b0..6a3bf11 100644 --- a/mise.toml +++ b/mise.toml @@ -4,6 +4,7 @@ rebar = "latest" rust = { version = "nightly", components = "rust-analyzer,clippy,rustc-codegen-cranelift-preview" } watchexec = "latest" "github:sass/dart-sass" = "1.89.2" +"cargo:sqlx-cli" = "0.8.6" [tasks.dev-services] run = "docker compose up" @@ -30,6 +31,12 @@ run = "docker compose up" [tasks.pg-container] run = "sh ./dev-services/run-pg-with-apple-container.sh" +[tasks.migrations] +dir = "./phono-models" +run = "sqlx migrate run" + +[tasks.prepare-sqlx] +run = "cargo sqlx prepare --workspace" + [env] RUST_LOG = "debug" -RUST_BACKTRACE = "1"