-
Notifications
You must be signed in to change notification settings - Fork 35
Expand file tree
/
Copy pathDockerfile.prebuilt
More file actions
58 lines (45 loc) · 1.93 KB
/
Dockerfile.prebuilt
File metadata and controls
58 lines (45 loc) · 1.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Dockerfile.prebuilt
#
# This Dockerfile is designed for pre-built binaries (built outside Docker).
# It bypasses the Zig HTTP connection pool bug by copying pre-built artifacts.
#
# Usage:
# 1. Build natively: zig build -Doptimize=ReleaseFast -Dgit_version="$(git rev-parse --short HEAD)"
# 2. Build image: docker build -f Dockerfile.prebuilt -t zeam:latest .
#
# This approach is used for multi-arch builds on CI/VMs to avoid intermittent
# Zig HTTP failures during dependency fetching.
# Runtime prep stage - get the necessary libraries
FROM ubuntu:24.04 AS runtime-prep
ARG TARGETARCH
# Install SSL certificates
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
&& rm -rf /var/lib/apt/lists/*
# Copy pre-built binaries and resources
COPY zig-out/ /app/zig-out/
COPY resources/ /app/resources/
# Create a script to copy the right libraries based on architecture
RUN mkdir -p /runtime-libs && \
for lib in `ldd /app/zig-out/bin/zeam | grep -oP '(\/lib[^\s]+)'`; do \
[ -f $lib ] && cp --parents -L $lib /runtime-libs/ || true; \
done;
# Runtime stage - using scratch for minimal size
FROM scratch AS runtime
ARG GIT_COMMIT=unknown
ARG GIT_BRANCH=unknown
LABEL org.opencontainers.image.revision=$GIT_COMMIT
LABEL org.opencontainers.image.ref.name=$GIT_BRANCH
# Copy the architecture-specific libraries and loader
COPY --from=runtime-prep /runtime-libs/ /
# Copy SSL certificates for HTTPS
COPY --from=runtime-prep /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
# Copy pre-built binaries
COPY --from=runtime-prep /app/zig-out/ /app/zig-out/
# Copy runtime resources
COPY --from=runtime-prep /app/resources/ /app/resources/
# Set the zeam binary as the entrypoint
ENTRYPOINT ["/app/zig-out/bin/zeam"]
# NOTE: The xev event loop used by zeam may require running with:
# --security-opt seccomp=unconfined
# This is necessary for certain container environments to avoid PermissionDenied errors.