From 6dc9b26dfce7f5477007c667c51753fe7c1fc3a8 Mon Sep 17 00:00:00 2001
From: Gabriel Kaszewski <gabrielkaszewski@gmail.com>
Date: Mon, 18 May 2026 00:56:25 +0200
Subject: [PATCH] =?UTF-8?q?chore:=20improve=20Dockerfile=20and=20compose?=
 =?UTF-8?q?=20=E2=80=94=20dep=20caching,=20TLS=20libs,=20healthchecks,=20w?=
 =?UTF-8?q?orker,=20liquid=20templates?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Dockerfile          | 55 ++++++++++++++++++++++++++++++++++++++-----
 Dockerfile.liquid   | 56 ++++++++++++++++++++++++++++++++++++++++++++
 cargo-generate.toml |  2 +-
 compose.yml         | 24 +++++++++++++++++--
 compose.yml.liquid  | 57 +++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 185 insertions(+), 9 deletions(-)
 create mode 100644 Dockerfile.liquid
 create mode 100644 compose.yml.liquid

diff --git a/Dockerfile b/Dockerfile
index def3d45..600e8c1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,54 @@
-FROM rust:1.85-slim AS builder
-WORKDIR /app
-COPY . .
-RUN cargo build --release -p bootstrap
+# ----- build -----
+FROM rust:slim-bookworm AS builder
 
+WORKDIR /build
+
+# Copy manifests + lockfile first so cargo can fetch deps as a cached layer.
+# Source changes below won't invalidate this layer.
+COPY Cargo.toml Cargo.lock ./
+COPY crates/domain/Cargo.toml              crates/domain/Cargo.toml
+COPY crates/application/Cargo.toml         crates/application/Cargo.toml
+COPY crates/api-types/Cargo.toml           crates/api-types/Cargo.toml
+COPY crates/adapters/sqlite/Cargo.toml     crates/adapters/sqlite/Cargo.toml
+COPY crates/adapters/postgres/Cargo.toml   crates/adapters/postgres/Cargo.toml
+COPY crates/adapters/auth/Cargo.toml       crates/adapters/auth/Cargo.toml
+COPY crates/presentation/Cargo.toml        crates/presentation/Cargo.toml
+COPY crates/bootstrap/Cargo.toml           crates/bootstrap/Cargo.toml
+COPY crates/worker/Cargo.toml              crates/worker/Cargo.toml
+
+# Stub every crate so cargo can resolve and fetch deps without real source
+RUN find crates -name "Cargo.toml" | sed 's|/Cargo.toml||' | \
+    xargs -I{} sh -c 'mkdir -p {}/src && echo "fn main(){}" > {}/src/main.rs && printf "" > {}/src/lib.rs'
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config libssl-dev \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN cargo fetch
+
+# Copy sqlx offline query cache — no live database needed at compile time
+COPY crates/adapters/sqlite/.sqlx ./crates/adapters/sqlite/.sqlx
+
+# Now copy real source — only invalidates cache on source changes
+COPY crates ./crates
+
+ENV SQLX_OFFLINE=true
+RUN cargo build --release -p bootstrap -p worker
+
+# ----- runtime -----
 FROM debian:bookworm-slim
-RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates libssl3 wget \
+ && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /app
-COPY --from=builder /app/target/release/server ./server
+
+COPY --from=builder /build/target/release/server  ./server
+COPY --from=builder /build/target/release/worker  ./worker
+
 EXPOSE 3000
+
+ENV RUST_LOG=bootstrap=info,tower_http=info
+
 CMD ["./server"]
diff --git a/Dockerfile.liquid b/Dockerfile.liquid
new file mode 100644
index 0000000..dacfe13
--- /dev/null
+++ b/Dockerfile.liquid
@@ -0,0 +1,56 @@
+# ----- build -----
+FROM rust:slim-bookworm AS builder
+
+WORKDIR /build
+
+# Copy manifests + lockfile first so cargo can fetch deps as a cached layer.
+COPY Cargo.toml Cargo.lock ./
+COPY crates/domain/Cargo.toml              crates/domain/Cargo.toml
+COPY crates/application/Cargo.toml         crates/application/Cargo.toml
+COPY crates/api-types/Cargo.toml           crates/api-types/Cargo.toml
+{% if database == "sqlite" %}COPY crates/adapters/sqlite/Cargo.toml     crates/adapters/sqlite/Cargo.toml
+{% endif %}{% if database == "postgres" %}COPY crates/adapters/postgres/Cargo.toml   crates/adapters/postgres/Cargo.toml
+{% endif %}COPY crates/adapters/auth/Cargo.toml       crates/adapters/auth/Cargo.toml
+COPY crates/presentation/Cargo.toml        crates/presentation/Cargo.toml
+COPY crates/bootstrap/Cargo.toml           crates/bootstrap/Cargo.toml
+{% if worker %}COPY crates/worker/Cargo.toml              crates/worker/Cargo.toml
+{% endif %}
+# Stub every crate so cargo can resolve and fetch deps without real source
+RUN find crates -name "Cargo.toml" | sed 's|/Cargo.toml||' | \
+    xargs -I{} sh -c 'mkdir -p {}/src && echo "fn main(){}" > {}/src/main.rs && printf "" > {}/src/lib.rs'
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    pkg-config libssl-dev \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN cargo fetch
+
+# For sqlx compile-time query verification run `cargo sqlx prepare` locally first,
+# then commit the .sqlx/ cache. Or pass DATABASE_URL as a build arg:
+#   docker build --build-arg DATABASE_URL=<url> .
+ARG DATABASE_URL
+ENV SQLX_OFFLINE=${DATABASE_URL:+false}
+ENV SQLX_OFFLINE=${SQLX_OFFLINE:-true}
+
+# Now copy real source — only invalidates cache on source changes
+COPY crates ./crates
+
+RUN cargo build --release -p bootstrap{% if worker %} -p worker{% endif %}
+
+# ----- runtime -----
+FROM debian:bookworm-slim
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    ca-certificates libssl3 wget \
+ && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+COPY --from=builder /build/target/release/{{project_name}} ./server
+{% if worker %}COPY --from=builder /build/target/release/{{project_name}}-worker ./worker
+{% endif %}
+EXPOSE 3000
+
+ENV RUST_LOG={{project_name}}=info,tower_http=info
+
+CMD ["./server"]
diff --git a/cargo-generate.toml b/cargo-generate.toml
index fd14dc3..e05fdb7 100644
--- a/cargo-generate.toml
+++ b/cargo-generate.toml
@@ -1,6 +1,6 @@
 [template]
 cargo_generate_version = ">=0.21.0"
-ignore = [".git", "target", ".idea", ".vscode", "data.db", "*.liquid", "**/.sqlx", "**/dev.db"]
+ignore = [".git", "target", ".idea", ".vscode", "data.db", "*.liquid", "**/.sqlx", "**/dev.db", "Dockerfile", "compose.yml"]
 
 [placeholders.project_name]
 type = "string"
diff --git a/compose.yml b/compose.yml
index a4980f1..6518c51 100644
--- a/compose.yml
+++ b/compose.yml
@@ -5,10 +5,30 @@ services:
       - "3000:3000"
     environment:
       DATABASE_URL: sqlite:///data/app.db
-      JWT_SECRET: change-me-in-production
-      RUST_LOG: info
+      JWT_SECRET: change-me-in-production-min-32-chars
+      HOST: 0.0.0.0
+      PORT: "3000"
+      RUST_LOG: bootstrap=info,tower_http=info
     volumes:
       - db_data:/data
+    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:3000/health || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+
+  worker:
+    build: .
+    entrypoint: ["./worker"]
+    environment:
+      DATABASE_URL: sqlite:///data/app.db
+      RUST_LOG: worker=info
+    volumes:
+      - db_data:/data
+    depends_on:
+      app:
+        condition: service_healthy
 
 volumes:
   db_data:
diff --git a/compose.yml.liquid b/compose.yml.liquid
new file mode 100644
index 0000000..627e1f2
--- /dev/null
+++ b/compose.yml.liquid
@@ -0,0 +1,57 @@
+services:
+{% if database == "postgres" %}  postgres:
+    image: postgres:16-alpine
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: {{project_name}}
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 5s
+      timeout: 5s
+      retries: 5
+
+{% endif %}  app:
+    build: .
+    ports:
+      - "3000:3000"
+    environment:
+{% if database == "sqlite" %}      DATABASE_URL: sqlite:///data/app.db
+{% endif %}{% if database == "postgres" %}      DATABASE_URL: postgres://postgres:postgres@postgres:5432/{{project_name}}
+{% endif %}      JWT_SECRET: change-me-in-production-min-32-chars
+      HOST: 0.0.0.0
+      PORT: "3000"
+      RUST_LOG: {{project_name}}=info,tower_http=info
+{% if database == "sqlite" %}    volumes:
+      - db_data:/data
+{% endif %}{% if database == "postgres" %}    depends_on:
+      postgres:
+        condition: service_healthy
+{% endif %}    healthcheck:
+      test: ["CMD-SHELL", "wget -qO- http://localhost:3000/health || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 10s
+{% if worker %}
+  worker:
+    build: .
+    entrypoint: ["./worker"]
+    environment:
+{% if database == "sqlite" %}      DATABASE_URL: sqlite:///data/app.db
+{% endif %}{% if database == "postgres" %}      DATABASE_URL: postgres://postgres:postgres@postgres:5432/{{project_name}}
+{% endif %}      RUST_LOG: worker=info
+{% if database == "sqlite" %}    volumes:
+      - db_data:/data
+{% endif %}{% if database == "postgres" %}    depends_on:
+      postgres:
+        condition: service_healthy
+{% endif %}
+{% endif %}volumes:
+{% if database == "sqlite" %}  db_data:
+{% endif %}{% if database == "postgres" %}  postgres_data:
+{% endif %}