hadrian/Dockerfile at main · ScriptSmith/hadrian · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# syntax=docker/dockerfile:1.4

# Stage 1: Build frontend assets (UI, Storybook, Docs)
FROM node:24-slim AS frontend-builder

# Install pnpm
RUN corepack enable && corepack prepare pnpm@9 --activate

WORKDIR /app

# Copy package files for dependency caching
COPY ui/package.json ui/pnpm-lock.yaml ./ui/
COPY docs/package.json docs/pnpm-lock.yaml docs/next.config.mjs docs/source.config.ts ./docs/

# Install UI dependencies
WORKDIR /app/ui
RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store \
  pnpm install --frozen-lockfile

# Install docs dependencies
WORKDIR /app/docs
RUN --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store \
  pnpm install --frozen-lockfile

# Copy source files
WORKDIR /app
COPY Cargo.toml ./Cargo.toml
COPY ui ./ui
COPY docs ./docs
COPY openapi/hadrian.openapi.json ./openapi/hadrian.openapi.json

ENV NEXT_TELEMETRY_DISABLED=1

# Generate API client and build UI
WORKDIR /app/ui
RUN pnpm run generate-api
RUN pnpm build

# Build Storybook (needed for docs)
RUN pnpm storybook:build

# Build docs (follows symlink to storybook-static)
WORKDIR /app/docs
RUN pnpm build

# Stage 2: Build Rust application
FROM rustlang/rust:nightly-slim AS builder

# Install build dependencies
# Includes SAML libraries (libxml2, libxslt, xmlsec1) for samael crate
RUN apt-get update && apt-get install -y \
    pkg-config \
    libssl-dev \
    build-essential \
    cmake \
    curl \
    tar \
    file \
    libxml2-dev \
    libxslt1-dev \
    libxmlsec1-dev \
    libclang-dev \
    && rm -rf /var/lib/apt/lists/*

# Create app directory
WORKDIR /usr/src/hadrian

# Copy manifests first for dependency caching
COPY Cargo.toml Cargo.lock ./

# Create dummy src to build dependencies
RUN mkdir -p src/bin \
    && echo "fn main() {}" > src/main.rs \
    && echo "fn main() {}" > src/bin/record_fixtures.rs \
    && echo "" > src/lib.rs

# Build dependencies only (cached layer)
RUN --mount=type=cache,target=/usr/local/cargo/registry \
    --mount=type=cache,target=/usr/src/hadrian/target \
    cargo build --release && rm -rf src

# Copy actual source code
COPY src ./src
COPY migrations_sqlx ./migrations_sqlx

# Copy frontend assets from frontend-builder
COPY --from=frontend-builder /app/ui/dist ./ui/dist/
COPY --from=frontend-builder /app/docs/out ./docs/out/

# Fetch model catalog (embedded at compile time via include_str!)
RUN mkdir -p data && curl -sSL https://models.dev/api.json -o data/models-dev-catalog.json

# Force fresh build of the main crate by removing cached artifacts.
# The --mount=type=cache for target/ persists across builds, but fingerprints
# may not detect all source changes. Removing the crate's artifacts ensures
# a full recompile of application code (dependencies remain cached).
RUN touch src/main.rs && \
    rm -rf target/release/.fingerprint/hadrian-* \
           target/release/deps/hadrian-* \
           target/release/deps/libhadrian-* \
           target/release/hadrian

# Build the actual application
RUN --mount=type=cache,target=/usr/local/cargo/registry \
    --mount=type=cache,target=/usr/src/hadrian/target \
    cargo build --release && \
    cp target/release/hadrian /usr/src/hadrian/hadrian-bin

# Runtime stage
FROM debian:trixie-slim

# Install runtime dependencies
# Includes SAML libraries for XML signature verification
RUN apt-get update && apt-get install -y \
    ca-certificates \
    libssl3 \
    curl \
    libxml2 \
    libxslt1.1 \
    libxmlsec1 \
    libxmlsec1-openssl \
    && rm -rf /var/lib/apt/lists/*

# Create app user
RUN useradd -m -u 1000 hadrian

# Create app directory
WORKDIR /app

# Copy the binary from builder
COPY --from=builder /usr/src/hadrian/hadrian-bin /app/hadrian

# Copy migrations
COPY --from=builder /usr/src/hadrian/migrations_sqlx /app/migrations_sqlx

# Create data directory for SQLite (will be overwritten by volume mount)
RUN mkdir -p /app/data

# Create default config (can be overridden by mounting a volume at /app/config/hadrian.toml)
RUN mkdir -p /app/config && cat > /app/config/hadrian.toml <<'EOF'
[server]
host = "0.0.0.0"
port = 8080

[database]
type = "sqlite"
path = "/app/data/hadrian.db"

[cache]
type = "memory"

[ui]
enabled = true
EOF

# Expose port
EXPOSE 8080

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8080/health || exit 1

CMD ["/app/hadrian", "--config", "/app/config/hadrian.toml"]