Add Docker support with Dockerfile and Compose

aeTunga · aeTunga · commit e355bd4feeb0 · 2026-01-12T15:06:37.000+03:00
Introduces .dockerignore, Dockerfile, and docker-compose.yml to enable containerized builds and deployment for the project. The Dockerfile builds the Rust application and sets up a secure runtime environment, while docker-compose.yml configures service parameters, environment variables, volumes, and resource limits for local development and deployment.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,4 @@
+target/
+.git/
+.env
+.DS_Store
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,52 @@
+FROM docker.io/library/rust:1.85-slim-bookworm AS builder
+
+WORKDIR /usr/src/app
+
+RUN apt-get update && apt-get install -y \
+    pkg-config \
+    libssl-dev \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+
+# Cache dependencies by building a dummy project first
+COPY Cargo.toml Cargo.lock ./
+RUN mkdir src && \
+    echo "fn main() {}" > src/main.rs && \
+    mkdir -p src/bin && \
+    echo "fn main() {}" > src/bin/seed.rs && \
+    echo "fn main() {}" > src/bin/compress.rs && \
+    cargo build --release && \
+    rm -rf src
+
+COPY . .
+
+RUN cargo build --release
+
+FROM docker.io/library/debian:bookworm-slim
+
+WORKDIR /app
+
+RUN apt-get update && apt-get install -y \
+    ca-certificates \
+    libssl3 \
+    sqlite3 \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /usr/src/app/target/release/tulpar-api /usr/local/bin/
+COPY --from=builder /usr/src/app/target/release/seed /usr/local/bin/
+COPY --from=builder /usr/src/app/target/release/compress /usr/local/bin/
+
+# Create non-root user (UID 10001) for rootless Podman compatibility
+RUN useradd -r -u 10001 -g root tulpar && \
+    mkdir -p /app/data /app/storage && \
+    chown -R tulpar:root /app
+
+ENV RUST_LOG=info \
+    DATABASE_URL=sqlite:/app/data/data.db \
+    STORAGE_PATH=/app/storage
+
+USER tulpar
+
+EXPOSE 3000
+
+CMD ["tulpar-api"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,30 @@
+services:
+  api:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    image: tulpar-api:latest
+    container_name: tulpar_api
+    restart: always
+    ports:
+      # Bind to localhost ONLY (security requirement)
+      - "127.0.0.1:3000:3000"
+    env_file:
+      - .env
+    environment:
+      - DATABASE_URL=sqlite:/app/data/data.db
+      - STORAGE_PATH=/app/storage
+      - RUST_LOG=info
+      - HOST=0.0.0.0
+      - PORT=3000
+    volumes:
+      # :Z flag is critical for Podman SELinux support
+      # Map the data and storage directories
+      - ./data:/app/data:Z
+      - ./storage:/app/storage:Z
+    security_opt:
+      - no-new-privileges:true
+    deploy:
+      resources:
+        limits:
+          memory: 512M

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +target/
 +.git/
 +.env
 +.DS_Store