Compare commits
2 commits
29d7c283e5
...
120e9b0b46
| Author | SHA1 | Date | |
|---|---|---|---|
 D. Scott Boggs
|
120e9b0b46 | ||
|
D. Scott Boggs
|
b496c86f18 |
1765
api/Cargo.lock
generated
1765
api/Cargo.lock
generated
File diff suppressed because it is too large
Load diff
|
|
@ -1,6 +1,8 @@
|
|||
# This dockerfile builds the API and runs it on a minimal container with the Datastore adaptor
|
||||
|
||||
FROM rust:latest as builder
|
||||
ARG adaptor=sql-adaptor
|
||||
|
||||
|
||||
# Install CA Certs for Hyper
|
||||
RUN apt-get install -y --no-install-recommends ca-certificates
|
||||
|
|
@ -11,7 +13,7 @@ COPY . .
|
|||
# Will build and cache the binary and dependent crates in release mode
|
||||
RUN --mount=type=cache,target=/usr/local/cargo,from=rust:latest,source=/usr/local/cargo \
|
||||
--mount=type=cache,target=target \
|
||||
cargo build --release --features sql-adaptor && mv ./target/release/crabfit-api ./api
|
||||
cargo build --release --features $adaptor && mv ./target/release/crabfit-api ./api
|
||||
|
||||
# Runtime image
|
||||
FROM debian:bullseye-slim
|
||||
|
|
|
|||
|
|
@ -188,11 +188,12 @@ fn get_connection_string() -> String {
|
|||
if let Some(password_file_location) = env::var_os("DATABASE_PASSWORD_FILE") {
|
||||
// The password can be left out of the URL, we add it from the specified
|
||||
// file (presumably under /run/secrets/)
|
||||
let password = fs::read(password_file_location).unwrap_or_else(|| {
|
||||
panic!("could not read database password from {password_file_location:?}")
|
||||
let password = fs::read(&password_file_location).unwrap_or_else(|err| {
|
||||
panic!("could not read database password from {password_file_location:?}\n\t{err:?}")
|
||||
});
|
||||
let mut url = Url::parse(&connection_string).expect("invalid connection string");
|
||||
url.set_password(Some(String::from_utf8_lossy(password.as_slice()).as_ref()));
|
||||
url.set_password(Some(String::from_utf8_lossy(password.as_slice()).as_ref()))
|
||||
.unwrap_or_else(|_| panic!("invalid database URL: {connection_string:?}"));
|
||||
url.to_string()
|
||||
} else {
|
||||
connection_string
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
use std::env;
|
||||
use std::{env, fs};
|
||||
|
||||
use axum::{extract, http::HeaderMap};
|
||||
use chrono::{Duration, Utc};
|
||||
|
|
@ -28,7 +28,17 @@ pub async fn cleanup<A: Adaptor>(
|
|||
.get("X-Cron-Key")
|
||||
.map(|k| k.to_str().unwrap_or_default().into())
|
||||
.unwrap_or_default();
|
||||
let env_key = env::var("CRON_KEY").unwrap_or_default();
|
||||
let env_key = if let Ok(key) = env::var("CRON_KEY") {
|
||||
key
|
||||
} else if let Some(path) = env::var_os("CRON_KEY_FILE") {
|
||||
let Ok(key) = fs::read(&path) else {
|
||||
println!("Error reading CRON_KEY_FILE at {path:?}");
|
||||
return Err(ApiError::NotAuthorized);
|
||||
};
|
||||
String::from_utf8_lossy(key.as_slice()).into()
|
||||
} else {
|
||||
Default::default()
|
||||
};
|
||||
if !env_key.is_empty() && cron_key_header != env_key {
|
||||
return Err(ApiError::NotAuthorized);
|
||||
}
|
||||
|
|
|
|||
55
frontend/Dockerfile
Normal file
55
frontend/Dockerfile
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
# syntax=docker.io/docker/dockerfile:1
|
||||
# From https://github.com/vercel/next.js/blob/canary/examples/with-docker/Dockerfile
|
||||
|
||||
FROM node:18-alpine AS base
|
||||
|
||||
# Install dependencies only when needed
|
||||
FROM base AS deps
|
||||
# Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
|
||||
RUN apk add --no-cache libc6-compat
|
||||
WORKDIR /app
|
||||
|
||||
# Install dependencies based on the preferred package manager
|
||||
COPY package.json yarn.lock ./
|
||||
RUN yarn --frozen-lockfile
|
||||
|
||||
# Rebuild the source code only when needed
|
||||
FROM base AS builder
|
||||
WORKDIR /app
|
||||
COPY --from=deps /app/node_modules ./node_modules
|
||||
COPY . .
|
||||
|
||||
# Next.js collects completely anonymous telemetry data about general usage.
|
||||
# Learn more here: https://nextjs.org/telemetry
|
||||
# Uncomment the following line in case you want to disable telemetry during the build.
|
||||
ENV NEXT_TELEMETRY_DISABLED=1
|
||||
RUN yarn run build
|
||||
|
||||
# Production image, copy all the files and run next
|
||||
FROM base AS runner
|
||||
WORKDIR /app
|
||||
|
||||
ENV NODE_ENV=production
|
||||
# Uncomment the following line in case you want to disable telemetry during runtime.
|
||||
ENV NEXT_TELEMETRY_DISABLED=1
|
||||
|
||||
RUN addgroup --system --gid 1000 nodejs
|
||||
RUN adduser --system --uid 1000 nextjs
|
||||
|
||||
COPY --from=builder /app/public ./public
|
||||
|
||||
# Automatically leverage output traces to reduce image size
|
||||
# https://nextjs.org/docs/advanced-features/output-file-tracing
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
|
||||
COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
|
||||
|
||||
USER nextjs
|
||||
|
||||
EXPOSE 3000
|
||||
|
||||
ENV PORT=3000
|
||||
|
||||
# server.js is created by next build from the standalone output
|
||||
# https://nextjs.org/docs/pages/api-reference/config/next-config-js/output
|
||||
ENV HOSTNAME="0.0.0.0"
|
||||
CMD ["node", "server.js"]
|
||||
Loading…
Reference in a new issue