chore: improve Dockerfile and compose — dep caching, TLS libs, healthchecks, worker, liquid templates

2026-05-18 00:56:25 +02:00
parent 6183262ed5
commit 6dc9b26dfc
5 changed files with 185 additions and 9 deletions
--- a/55
+++ b/55
@@ -1,11 +1,54 @@
-FROM rust:1.85-slim AS builder
-WORKDIR /app
-COPY . .
-RUN cargo build --release -p bootstrap
+# ----- build -----
+FROM rust:slim-bookworm AS builder

+WORKDIR /build
+
+# Copy manifests + lockfile first so cargo can fetch deps as a cached layer.
+# Source changes below won't invalidate this layer.
+COPY Cargo.toml Cargo.lock ./
+COPY crates/domain/Cargo.toml              crates/domain/Cargo.toml
+COPY crates/application/Cargo.toml         crates/application/Cargo.toml
+COPY crates/api-types/Cargo.toml           crates/api-types/Cargo.toml
+COPY crates/adapters/sqlite/Cargo.toml     crates/adapters/sqlite/Cargo.toml
+COPY crates/adapters/postgres/Cargo.toml   crates/adapters/postgres/Cargo.toml
+COPY crates/adapters/auth/Cargo.toml       crates/adapters/auth/Cargo.toml
+COPY crates/presentation/Cargo.toml        crates/presentation/Cargo.toml
+COPY crates/bootstrap/Cargo.toml           crates/bootstrap/Cargo.toml
+COPY crates/worker/Cargo.toml              crates/worker/Cargo.toml
+
+# Stub every crate so cargo can resolve and fetch deps without real source
+RUN find crates -name "Cargo.toml" | sed 's|/Cargo.toml||' | \
+    xargs -I{} sh -c 'mkdir -p {}/src && echo "fn main(){}" > {}/src/main.rs && printf "" > {}/src/lib.rs'
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config libssl-dev \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN cargo fetch
+
+# Copy sqlx offline query cache — no live database needed at compile time
+COPY crates/adapters/sqlite/.sqlx ./crates/adapters/sqlite/.sqlx
+
+# Now copy real source — only invalidates cache on source changes
+COPY crates ./crates
+
+ENV SQLX_OFFLINE=true
+RUN cargo build --release -p bootstrap -p worker
+
+# ----- runtime -----
 FROM debian:bookworm-slim
-RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates libssl3 wget \
+ && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /app
-COPY --from=builder /app/target/release/server ./server
+
+COPY --from=builder /build/target/release/server  ./server
+COPY --from=builder /build/target/release/worker  ./worker
+
 EXPOSE 3000
+
+ENV RUST_LOG=bootstrap=info,tower_http=info
+
 CMD ["./server"]
--- a/Dockerfile.liquid
+++ b/Dockerfile.liquid
@@ -0,0 +1,56 @@
+# ----- build -----
+FROM rust:slim-bookworm AS builder
+
+WORKDIR /build
+
+# Copy manifests + lockfile first so cargo can fetch deps as a cached layer.
+COPY Cargo.toml Cargo.lock ./
+COPY crates/domain/Cargo.toml              crates/domain/Cargo.toml
+COPY crates/application/Cargo.toml         crates/application/Cargo.toml
+COPY crates/api-types/Cargo.toml           crates/api-types/Cargo.toml
+{% if database == "sqlite" %}COPY crates/adapters/sqlite/Cargo.toml     crates/adapters/sqlite/Cargo.toml
+{% endif %}{% if database == "postgres" %}COPY crates/adapters/postgres/Cargo.toml   crates/adapters/postgres/Cargo.toml
+{% endif %}COPY crates/adapters/auth/Cargo.toml       crates/adapters/auth/Cargo.toml
+COPY crates/presentation/Cargo.toml        crates/presentation/Cargo.toml
+COPY crates/bootstrap/Cargo.toml           crates/bootstrap/Cargo.toml
+{% if worker %}COPY crates/worker/Cargo.toml              crates/worker/Cargo.toml
+{% endif %}
+# Stub every crate so cargo can resolve and fetch deps without real source
+RUN find crates -name "Cargo.toml" | sed 's|/Cargo.toml||' | \
+    xargs -I{} sh -c 'mkdir -p {}/src && echo "fn main(){}" > {}/src/main.rs && printf "" > {}/src/lib.rs'
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config libssl-dev \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN cargo fetch
+
+# For sqlx compile-time query verification run `cargo sqlx prepare` locally first,
+# then commit the .sqlx/ cache. Or pass DATABASE_URL as a build arg:
+#   docker build --build-arg DATABASE_URL=<url> .
+ARG DATABASE_URL
+ENV SQLX_OFFLINE=${DATABASE_URL:+false}
+ENV SQLX_OFFLINE=${SQLX_OFFLINE:-true}
+
+# Now copy real source — only invalidates cache on source changes
+COPY crates ./crates
+
+RUN cargo build --release -p bootstrap{% if worker %} -p worker{% endif %}
+
+# ----- runtime -----
+FROM debian:bookworm-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates libssl3 wget \
+ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY --from=builder /build/target/release/{{project_name}} ./server
+{% if worker %}COPY --from=builder /build/target/release/{{project_name}}-worker ./worker
+{% endif %}
+EXPOSE 3000
+
+ENV RUST_LOG={{project_name}}=info,tower_http=info
+
+CMD ["./server"]
--- a/cargo-generate.toml
+++ b/cargo-generate.toml
@@ -1,6 +1,6 @@
 [template]
 cargo_generate_version = ">=0.21.0"
-ignore = [".git", "target", ".idea", ".vscode", "data.db", "*.liquid", "**/.sqlx", "**/dev.db"]
+ignore = [".git", "target", ".idea", ".vscode", "data.db", "*.liquid", "**/.sqlx", "**/dev.db", "Dockerfile", "compose.yml"]

 [placeholders.project_name]
 type = "string"
--- a/compose.yml
+++ b/compose.yml
@@ -5,10 +5,30 @@ services:
      - "3000:3000"
    environment:
      DATABASE_URL: sqlite:///data/app.db
-      JWT_SECRET: change-me-in-production
-      RUST_LOG: info
+      JWT_SECRET: change-me-in-production-min-32-chars
+      HOST: 0.0.0.0
+      PORT: "3000"
+      RUST_LOG: bootstrap=info,tower_http=info
    volumes:
      - db_data:/data
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:3000/health || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+  worker:
+    build: .
+    entrypoint: ["./worker"]
+    environment:
+      DATABASE_URL: sqlite:///data/app.db
+      RUST_LOG: worker=info
+    volumes:
+      - db_data:/data
+    depends_on:
+      app:
+        condition: service_healthy

 volumes:
  db_data:
--- a/compose.yml.liquid
+++ b/compose.yml.liquid
@@ -0,0 +1,57 @@
+services:
+{% if database == "postgres" %}  postgres:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: {{project_name}}
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+{% endif %}  app:
+    build: .
+    ports:
+      - "3000:3000"
+    environment:
+{% if database == "sqlite" %}      DATABASE_URL: sqlite:///data/app.db
+{% endif %}{% if database == "postgres" %}      DATABASE_URL: postgres://postgres:postgres@postgres:5432/{{project_name}}
+{% endif %}      JWT_SECRET: change-me-in-production-min-32-chars
+      HOST: 0.0.0.0
+      PORT: "3000"
+      RUST_LOG: {{project_name}}=info,tower_http=info
+{% if database == "sqlite" %}    volumes:
+      - db_data:/data
+{% endif %}{% if database == "postgres" %}    depends_on:
+      postgres:
+        condition: service_healthy
+{% endif %}    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:3000/health || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+{% if worker %}
+  worker:
+    build: .
+    entrypoint: ["./worker"]
+    environment:
+{% if database == "sqlite" %}      DATABASE_URL: sqlite:///data/app.db
+{% endif %}{% if database == "postgres" %}      DATABASE_URL: postgres://postgres:postgres@postgres:5432/{{project_name}}
+{% endif %}      RUST_LOG: worker=info
+{% if database == "sqlite" %}    volumes:
+      - db_data:/data
+{% endif %}{% if database == "postgres" %}    depends_on:
+      postgres:
+        condition: service_healthy
+{% endif %}
+{% endif %}volumes:
+{% if database == "sqlite" %}  db_data:
+{% endif %}{% if database == "postgres" %}  postgres_data:
+{% endif %}