Skip to content

chore: Use cargo-chef for simplifying Dockerfile #650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gtema merged 1 commit into from
Mar 31, 2026
Merged

chore: Use cargo-chef for simplifying Dockerfile #650

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
114 changes: 23 additions & 91 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,102 +1,34 @@
################
##### Builder
FROM rust:1.94.1-slim-trixie AS builder
FROM rust:1.94.1-slim-trixie AS base

#RUN rustup target add x86_64-unknown-linux-gnu &&\
RUN apt update &&\
apt install -y openssl libssl-dev libssl3 pkg-config musl-tools musl-dev \
protobuf-compiler &&\
update-ca-certificates

WORKDIR /usr/src

# Create blank project
RUN USER=root cargo new keystone
RUN cargo install --locked cargo-chef
WORKDIR app

Check warning on line 6 in Dockerfile

View workflow job for this annotation

GitHub Actions / build-image

Relative workdir without an absolute workdir declared within the build can have unexpected results if the base image changes 

WorkdirRelativePath: Relative workdir "app" can have unexpected results if the base image changes
More info: https://docs.docker.com/go/dockerfile/rule/workdir-relative-path/

WORKDIR /usr/src/keystone
################
##### Plan
FROM base AS planner

RUN USER=root cargo new --name core --lib crates/core
RUN USER=root cargo new --name core-types --lib crates/core-types
RUN USER=root cargo new --name api-types --lib crates/api-types
COPY . .
RUN cargo chef prepare --recipe-path recipe.json

RUN USER=root cargo new --name appcred-sql --lib crates/appcred-sql
RUN USER=root cargo new --name assignment-sql --lib crates/assignment-sql
RUN USER=root cargo new --name catalog-sql --lib crates/catalog-sql
RUN USER=root cargo new --name federation-sql --lib crates/federation-sql
RUN USER=root cargo new --name identity-sql --lib crates/identity-sql
RUN USER=root cargo new --name idmaping-sql --lib crates/idmapping-sql
RUN USER=root cargo new --name k8s-auth-sql --lib crates/k8s-auth-sql
RUN USER=root cargo new --name resource-sql --lib crates/resource-sql
RUN USER=root cargo new --name revoke-sql --lib crates/revoke-sql
RUN USER=root cargo new --name role-sql --lib crates/role-sql
RUN USER=root cargo new --name token-restriction-sql --lib crates/token-restriction-sql
RUN USER=root cargo new --name trust-sql --lib crates/trust-sql
################
##### Build
FROM base AS builder

# We want dependencies cached, so copy those first.
COPY Cargo.toml Cargo.lock /usr/src/keystone/
COPY crates/api-types/Cargo.toml /usr/src/keystone/crates/api-types/
COPY crates/appcred-sql/Cargo.toml /usr/src/keystone/crates/appcred-sql/
COPY crates/assignment-sql/Cargo.toml /usr/src/keystone/crates/assignment-sql/
COPY crates/config/Cargo.toml /usr/src/keystone/crates/config/
COPY crates/core/Cargo.toml /usr/src/keystone/crates/core/
COPY crates/core-types/Cargo.toml /usr/src/keystone/crates/core-types/
COPY crates/catalog-sql/Cargo.toml /usr/src/keystone/crates/catalog-sql/
COPY crates/federation-sql/Cargo.toml /usr/src/keystone/crates/federation-sql/
COPY crates/identity-sql/Cargo.toml /usr/src/keystone/crates/identity-sql/
COPY crates/idmapping-sql/Cargo.toml /usr/src/keystone/crates/idmapping-sql/
COPY crates/k8s-auth-sql/Cargo.toml /usr/src/keystone/crates/k8s-auth-sql/
COPY crates/keystone/Cargo.toml /usr/src/keystone/crates/keystone/
COPY crates/resource-sql/Cargo.toml /usr/src/keystone/crates/resource-sql/
COPY crates/revoke-sql/Cargo.toml /usr/src/keystone/crates/revoke-sql/
COPY crates/role-sql/Cargo.toml /usr/src/keystone/crates/role-sql/
COPY crates/storage/Cargo.toml /usr/src/keystone/crates/storage/
COPY crates/token-fernet/Cargo.toml /usr/src/keystone/crates/token-fernet/
COPY crates/token-restriction-sql/Cargo.toml /usr/src/keystone/crates/token-restriction-sql/
COPY crates/trust-sql/Cargo.toml /usr/src/keystone/crates/trust-sql/
COPY crates/webauthn/Cargo.toml /usr/src/keystone/crates/webauthn/
COPY tests/federation/Cargo.toml /usr/src/keystone/tests/federation/
COPY tests/integration/Cargo.toml /usr/src/keystone/tests/integration/
COPY tests/api/Cargo.toml /usr/src/keystone/tests/api/
COPY tests/loadtest/Cargo.toml /usr/src/keystone/tests/loadtest/
RUN mkdir -p crates/keystone/src/bin && touch crates/keystone/src/lib.rs &&\
cp src/main.rs crates/keystone/src/bin/keystone.rs &&\
cp src/main.rs crates/keystone/src/bin/keystone_db.rs &&\
mkdir -p tests/loadtest/src &&\
cp src/main.rs tests/loadtest/src/main.rs &&\
mkdir -p crates/config/src && touch crates/config/src/lib.rs &&\
mkdir -p crates/storage/src && touch crates/storage/src/lib.rs &&\
mkdir -p crates/token-fernet/src && touch crates/token-fernet/src/lib.rs &&\
mkdir -p crates/token-fernet/benches && touch crates/token-fernet/benches/fernet_token.rs &&\
mkdir -p crates/webauthn/src && touch crates/webauthn/src/lib.rs
#RUN rustup target add x86_64-unknown-linux-gnu &&\
RUN apt update &&\
apt install -y openssl libssl-dev libssl3 pkg-config \
protobuf-compiler &&\
update-ca-certificates

## This is a dummy build to get the dependencies cached.
#RUN cargo build --target x86_64-unknown-linux-musl --release
RUN cargo build -p openstack-keystone --release
COPY --from=planner /app/recipe.json recipe.json

# Now copy in the rest of the sources
COPY crates/keystone/ /usr/src/keystone/crates/keystone
COPY crates/config/ /usr/src/keystone/crates/config
COPY crates/core/ /usr/src/keystone/crates/core
COPY crates/core-types/ /usr/src/keystone/crates/core-types
COPY crates/api-types/ /usr/src/keystone/crates/api-types
COPY crates/storage/ /usr/src/keystone/crates/storage
COPY crates/token-fernet/ /usr/src/keystone/crates/token-fernet
COPY crates/webauthn/ /usr/src/keystone/crates/webauthn
COPY crates/appcred-sql/ /usr/src/keystone/crates/appcred-sql
COPY crates/assignment-sql/ /usr/src/keystone/crates/assignment-sql
COPY crates/catalog-sql/ /usr/src/keystone/crates/catalog-sql
COPY crates/federation-sql/ /usr/src/keystone/crates/federation-sql
COPY crates/identity-sql/ /usr/src/keystone/crates/identity-sql
COPY crates/idmapping-sql/ /usr/src/keystone/crates/idmapping-sql
COPY crates/k8s-auth-sql/ /usr/src/keystone/crates/k8s-auth-sql
COPY crates/resource-sql/ /usr/src/keystone/crates/resource-sql
COPY crates/revoke-sql/ /usr/src/keystone/crates/revoke-sql
COPY crates/role-sql/ /usr/src/keystone/crates/role-sql
COPY crates/token-restriction-sql/ /usr/src/keystone/crates/token-restriction-sql
COPY crates/trust-sql/ /usr/src/keystone/crates/trust-sql
# Build dependencies - this is the caching Docker layer!
RUN cargo chef cook --release --recipe-path recipe.json

## Touch main.rs to prevent cached release build
RUN touch crates/keystone/src/lib.rs && touch crates/keystone/src/bin/keystone.rs
# Copy the actual sources
COPY . .

# This is the actual application build.
RUN cargo build --release --bins
Expand All @@ -111,7 +43,7 @@
RUN apt update && apt install -y ca-certificates libssl3 && update-ca-certificates

# Copy application binary from builder image
COPY --from=builder /usr/src/keystone/target/release/keystone /usr/local/bin
COPY --from=builder /usr/src/keystone/target/release/keystone-db /usr/local/bin
COPY --from=builder /app/target/release/keystone /usr/local/bin
COPY --from=builder /app/target/release/keystone-db /usr/local/bin

CMD ["/usr/local/bin/keystone"]
94 changes: 19 additions & 75 deletions tools/Dockerfile.functest
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,82 +1,27 @@
# Stage 1: Build
FROM rust:1.94.1-slim-trixie AS builder
# Stage 1: Base
FROM rust:1.94.1-slim-trixie AS base

RUN apt update &&\
apt install -y openssl libssl-dev libssl3 pkg-config &&\
update-ca-certificates

WORKDIR /usr/src

RUN mkdir /app

# Create blank project
RUN USER=root cargo new keystone
RUN cargo install --locked cargo-chef
WORKDIR app

WORKDIR /usr/src/keystone
# Stage 2: Plan
FROM base AS planner

RUN USER=root cargo new --name core --lib crates/core
RUN USER=root cargo new --name core-types --lib crates/core-types
RUN USER=root cargo new --name api-types --lib crates/api-types
COPY . .
RUN cargo chef prepare --recipe-path recipe.json

RUN USER=root cargo new --name appcred-sql --lib crates/appcred-sql
RUN USER=root cargo new --name assignment-sql --lib crates/assignment-sql
RUN USER=root cargo new --name catalog-sql --lib crates/catalog-sql
RUN USER=root cargo new --name federation-sql --lib crates/federation-sql
RUN USER=root cargo new --name identity-sql --lib crates/identity-sql
RUN USER=root cargo new --name idmaping-sql --lib crates/idmapping-sql
RUN USER=root cargo new --name k8s-auth-sql --lib crates/k8s-auth-sql
RUN USER=root cargo new --name resource-sql --lib crates/resource-sql
RUN USER=root cargo new --name revoke-sql --lib crates/revoke-sql
RUN USER=root cargo new --name role-sql --lib crates/role-sql
RUN USER=root cargo new --name token-restriction-sql --lib crates/token-restriction-sql
RUN USER=root cargo new --name trust-sql --lib crates/trust-sql

# We want dependencies cached, so copy those first.
COPY Cargo.toml Cargo.lock /usr/src/keystone/
COPY crates/api-types/Cargo.toml /usr/src/keystone/crates/api-types/
COPY crates/appcred-sql/Cargo.toml /usr/src/keystone/crates/appcred-sql/
COPY crates/assignment-sql/Cargo.toml /usr/src/keystone/crates/assignment-sql/
COPY crates/config/Cargo.toml /usr/src/keystone/crates/config/
COPY crates/core/Cargo.toml /usr/src/keystone/crates/core/
COPY crates/core-types/Cargo.toml /usr/src/keystone/crates/core-types/
COPY crates/catalog-sql/Cargo.toml /usr/src/keystone/crates/catalog-sql/
COPY crates/federation-sql/Cargo.toml /usr/src/keystone/crates/federation-sql/
COPY crates/identity-sql/Cargo.toml /usr/src/keystone/crates/identity-sql/
COPY crates/idmapping-sql/Cargo.toml /usr/src/keystone/crates/idmapping-sql/
COPY crates/k8s-auth-sql/Cargo.toml /usr/src/keystone/crates/k8s-auth-sql/
COPY crates/keystone/Cargo.toml /usr/src/keystone/crates/keystone/
COPY crates/resource-sql/Cargo.toml /usr/src/keystone/crates/resource-sql/
COPY crates/revoke-sql/Cargo.toml /usr/src/keystone/crates/revoke-sql/
COPY crates/role-sql/Cargo.toml /usr/src/keystone/crates/role-sql/
COPY crates/storage/Cargo.toml /usr/src/keystone/crates/storage/
COPY crates/token-fernet/Cargo.toml /usr/src/keystone/crates/token-fernet/
COPY crates/token-restriction-sql/Cargo.toml /usr/src/keystone/crates/token-restriction-sql/
COPY crates/trust-sql/Cargo.toml /usr/src/keystone/crates/trust-sql/
COPY crates/webauthn/Cargo.toml /usr/src/keystone/crates/webauthn/
COPY tests/federation/Cargo.toml /usr/src/keystone/tests/federation/
COPY tests/integration/Cargo.toml /usr/src/keystone/tests/integration/
COPY tests/api/Cargo.toml /usr/src/keystone/tests/api/
COPY tests/loadtest/Cargo.toml /usr/src/keystone/tests/loadtest/
RUN mkdir -p crates/keystone/src/bin && touch crates/keystone/src/lib.rs &&\
cp src/main.rs crates/keystone/src/bin/keystone.rs &&\
cp src/main.rs crates/keystone/src/bin/keystone_db.rs &&\
mkdir -p tests/loadtest/src &&\
cp src/main.rs tests/loadtest/src/main.rs &&\
mkdir -p crates/assignment-sql/src && touch crates/assignment-sql/src/lib.rs &&\
mkdir -p crates/config/src && touch crates/config/src/lib.rs &&\
mkdir -p crates/storage/src && touch crates/storage/src/lib.rs &&\
mkdir -p crates/token-fernet/src && touch crates/token-fernet/src/lib.rs &&\
mkdir -p crates/token-fernet/benches && touch crates/token-fernet/benches/fernet_token.rs &&\
mkdir -p crates/webauthn/src && touch crates/webauthn/src/lib.rs
# Stage 3: Build
FROM base AS builder
RUN apt update &&\
apt install -y openssl libssl-dev libssl3 pkg-config &&\
update-ca-certificates

## This is a dummy build to get the dependencies cached.
RUN cargo build
COPY --from=planner /app/recipe.json recipe.json

COPY crates/core-types/ /usr/src/keystone/crates/core-types
COPY crates/api-types/ /usr/src/keystone/crates/api-types
COPY tests ./tests
# Build dependencies - this is the caching Docker layer!
RUN cargo chef cook --release --recipe-path recipe.json

# RUN touch tests/api/k8s_auth.rs
COPY . .

# Compile the specific functional test file
RUN cargo test --test api --no-run && \
Expand All @@ -88,15 +33,14 @@ RUN cargo test --test keycloak --no-run && \
RUN cargo test --test dex --no-run && \
cp $(find target/debug/deps -name "dex-*" -type f -executable) /app/test-dex


# Stage 2: Package
# Stage 4: Package
FROM debian:trixie-slim AS runtime

LABEL org.opencontainers.image.authors="Artem Goncharov"
LABEL description="Keystone-rs tests"

RUN apt update &&\
apt install -y ca-certificates openssl libssl-dev libssl3 pkg-config &&\
apt install -y ca-certificates libssl-dev libssl3 pkg-config &&\
update-ca-certificates

WORKDIR /tests
Expand Down
Loading