funman300/Ferrous-Solitaire
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 29 Wiki Activity
Files
64f975ed6d95b496a0819b42d03cadde6b0bad56
Ferrous-Solitaire/solitaire_server/Dockerfile
T
funman300 44e90ff582
Build and Deploy / build-and-push (push) Successful in 4m39s
Details
fix(ci): pass Quaternions registry token as Docker build secret 
cargo fetch --locked was failing with "failed to parse manifest" because
.cargo/config.toml (which registers the Quaternions sparse index) was
never copied into the build image, and the registry's auth token was
never supplied.

Changes:
- COPY .cargo/config.toml into the builder stage so Cargo knows the
  Quaternions registry URL.
- Replace bare `cargo fetch` and `cargo build` with
  `--mount=type=secret,id=cargo_token` variants that set
  CARGO_REGISTRIES_QUATERNIONS_TOKEN from the mounted secret — token
  never appears in image layers or docker history.
- Workflow: pass CI_TOKEN as the `cargo_token` build secret.
- Add solitaire_engine/** and solitaire_server/Dockerfile to trigger
  paths so engine changes and Dockerfile edits kick off rebuilds.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-01 14:58:25 -07:00

81 lines
3.4 KiB
Docker
Raw Blame History

# --- Build stage ---
FROM rust:1.95-slim AS builder
WORKDIR /build
# Install musl tools for a fully static binary and sqlx-cli for compile-time
# query checking (SQLX_OFFLINE=true skips the live-DB check at build time).
RUN apt-get update && apt-get install -y --no-install-recommends \
pkg-config \
libssl-dev \
&& rm -rf /var/lib/apt/lists/*
# Copy only the files needed to build the server crate.
# Layer order: workspace manifests first so dependency fetches are cached.
COPY .cargo/config.toml ./.cargo/config.toml
COPY Cargo.toml Cargo.lock ./
COPY solitaire_core/Cargo.toml ./solitaire_core/Cargo.toml
COPY solitaire_sync/Cargo.toml ./solitaire_sync/Cargo.toml
COPY solitaire_data/Cargo.toml ./solitaire_data/Cargo.toml
COPY solitaire_engine/Cargo.toml ./solitaire_engine/Cargo.toml
COPY solitaire_server/Cargo.toml ./solitaire_server/Cargo.toml
COPY solitaire_app/Cargo.toml ./solitaire_app/Cargo.toml
COPY solitaire_assetgen/Cargo.toml ./solitaire_assetgen/Cargo.toml
COPY solitaire_wasm/Cargo.toml ./solitaire_wasm/Cargo.toml
COPY solitaire_web/Cargo.toml ./solitaire_web/Cargo.toml
# Stub every workspace crate so `cargo fetch --locked` resolves the full
# dependency graph without requiring source files beyond Cargo.toml.
RUN for crate in solitaire_core solitaire_sync solitaire_data solitaire_engine \
solitaire_server solitaire_app solitaire_assetgen solitaire_wasm solitaire_web; do \
mkdir -p $crate/src && echo "pub fn _stub() {}" > $crate/src/lib.rs; \
done && \
echo "fn main() {}" > solitaire_server/src/main.rs && \
echo "fn main() {}" > solitaire_app/src/main.rs && \
echo "fn main() {}" > solitaire_assetgen/src/main.rs
# The Quaternions registry requires authentication. CI passes CI_TOKEN as a
# build secret so it never appears in image layers or docker history.
RUN --mount=type=secret,id=cargo_token,required=true \
CARGO_REGISTRIES_QUATERNIONS_TOKEN="Bearer $(cat /run/secrets/cargo_token)" \
cargo fetch --locked
# Now copy real source and build in release mode.
COPY solitaire_core/src ./solitaire_core/src
COPY solitaire_sync/src ./solitaire_sync/src
COPY solitaire_server/src ./solitaire_server/src
COPY solitaire_server/web ./solitaire_server/web
COPY solitaire_server/migrations ./solitaire_server/migrations
# sqlx offline query cache — required when SQLX_OFFLINE=true so the
# compile-time macros don't need a live database.
COPY .sqlx ./.sqlx
ENV SQLX_OFFLINE=true
RUN --mount=type=secret,id=cargo_token,required=true \
CARGO_REGISTRIES_QUATERNIONS_TOKEN="Bearer $(cat /run/secrets/cargo_token)" \
cargo build --release --locked -p solitaire_server --bin solitaire_server
# --- Runtime stage ---
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
libsqlite3-0 \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY --from=builder /build/target/release/solitaire_server ./server
# Migrations are embedded via sqlx::migrate!("./migrations") at compile time.
# Static web assets are served via ServeDir at runtime from these paths:
# /app/solitaire_server/web → /web route
# /app/assets → /assets route
# Card themes (dark + classic) are embedded in the binary; no theme files needed here.
COPY solitaire_server/web ./solitaire_server/web
COPY assets ./assets
ENV SERVER_PORT=8080
EXPOSE 8080
ENTRYPOINT ["./server"]
Reference in New Issue View Git Blame Copy Permalink