|
| 1 | +# Copyright (c) Microsoft Corporation. |
| 2 | +# Licensed under the MIT license. |
| 3 | +# SPDX-License-Identifier: MIT |
| 4 | + |
| 5 | +# Comments are provided throughout this file to help you get started. |
| 6 | +# If you need more help, visit the Dockerfile reference guide at |
| 7 | +# https://docs.docker.com/engine/reference/builder/ |
| 8 | + |
| 9 | +# This Dockerfile builds an "integrated" version of Ibeji. Specifically, it builds |
| 10 | +# Ibeji with the managed_subscribe feature to integrate with Eclipse Agemo and |
| 11 | +# the "integrated" configuration to work with Eclipse Chariott Service Discovery |
| 12 | +# and Agemo managed subscribe. |
| 13 | + |
| 14 | +################################################################################ |
| 15 | +# Create a stage for building the application. |
| 16 | + |
| 17 | +ARG RUST_VERSION=1.72.1 |
| 18 | +ARG APP_NAME=invehicle-digital-twin |
| 19 | +ARG FEATURES=managed_subscribe |
| 20 | +ARG UID=10001 |
| 21 | + |
| 22 | +FROM --platform=$BUILDPLATFORM docker.io/library/rust:${RUST_VERSION}-slim-bullseye AS build |
| 23 | + |
| 24 | +# Target architecture to cross-compile |
| 25 | +ARG TARGETARCH |
| 26 | + |
| 27 | +ARG APP_NAME |
| 28 | +ARG FEATURES |
| 29 | +WORKDIR /sdv |
| 30 | + |
| 31 | +COPY ./ . |
| 32 | + |
| 33 | +# Check that APP_NAME argument is valid. |
| 34 | +RUN /sdv/container/scripts/argument_sanitizer.sh \ |
| 35 | + --arg-value "${APP_NAME}" \ |
| 36 | + --regex "^[a-zA-Z_0-9-]+$" || \ |
| 37 | + ( echo "Argument sanitizer failed for ARG 'APP_NAME'"; exit 1 ) |
| 38 | + |
| 39 | +# Check that TARGETARCH argument is valid. |
| 40 | +RUN /sdv/container/scripts/argument_sanitizer.sh \ |
| 41 | + --arg-value "${TARGETARCH}" \ |
| 42 | + --regex "^[a-zA-Z_0-9-]+$" || \ |
| 43 | + ( echo "Argument sanitizer failed for ARG 'TARGETARCH'"; exit 1 ) |
| 44 | + |
| 45 | +# Check that FEATURES argument is valid if the argument is not empty. |
| 46 | +# The regex checks if there is one or more features separated by a single space. |
| 47 | +RUN if [ -n "${FEATURES}" ]; then \ |
| 48 | + /sdv/container/scripts/argument_sanitizer.sh \ |
| 49 | + --arg-value "${FEATURES}" \ |
| 50 | + --regex "^[a-zA-Z_0-9-]+(?: [a-zA-Z_0-9-]+)*$" || \ |
| 51 | + ( echo "Argument sanitizer failed for ARG 'FEATURES'"; exit 1 ) \ |
| 52 | + fi |
| 53 | + |
| 54 | +# Add Build dependencies. |
| 55 | +RUN apt update && apt upgrade -y && apt install -y \ |
| 56 | + protobuf-compiler |
| 57 | + |
| 58 | +# Based on the target architecture, add the appropriate build target and build service. |
| 59 | +RUN if [ "$TARGETARCH" = "amd64" ]; then \ |
| 60 | + CARGOARCH="x86_64-unknown-linux-gnu"; \ |
| 61 | + elif [ "$TARGETARCH" = "arm64" ]; then \ |
| 62 | + apt install -y gcc-aarch64-linux-gnu; \ |
| 63 | + CARGOARCH="aarch64-unknown-linux-gnu"; \ |
| 64 | + else \ |
| 65 | + echo "Unsupported cross-compile architecture"; \ |
| 66 | + exit 1; \ |
| 67 | + fi; \ |
| 68 | + rustup target add ${CARGOARCH}; \ |
| 69 | + cargo build --release --target=${CARGOARCH} -p "${APP_NAME}" --features "${FEATURES}"; \ |
| 70 | + cp /sdv/target/${CARGOARCH}/release/"${APP_NAME}" /sdv/service |
| 71 | + |
| 72 | +################################################################################ |
| 73 | +# Create a new stage for running the application that contains the minimal |
| 74 | +# runtime dependencies for the application. This often uses a different base |
| 75 | +# image from the build stage where the necessary files are copied from the build |
| 76 | +# stage. |
| 77 | +# |
| 78 | +# The example below uses the debian bullseye image as the foundation for running the app. |
| 79 | +# By specifying the "bullseye-slim" tag, it will also use whatever happens to be the |
| 80 | +# most recent version of that tag when you build your Dockerfile. If |
| 81 | +# reproducibility is important, consider using a digest |
| 82 | +# (e.g., debian@sha256:ac707220fbd7b67fc19b112cee8170b41a9e97f703f588b2cdbbcdcecdd8af57). |
| 83 | +FROM --platform=$TARGETPLATFORM docker.io/library/debian:bullseye-slim AS final |
| 84 | +ARG UID |
| 85 | + |
| 86 | +# Copy container scripts. |
| 87 | +COPY ./container/scripts/*.sh /sdv/scripts/ |
| 88 | + |
| 89 | +# Check that UID argument is valid. |
| 90 | +RUN /sdv/scripts/argument_sanitizer.sh \ |
| 91 | + --arg-value "${UID}" \ |
| 92 | + --regex "^[0-9]+$" || \ |
| 93 | + ( echo "Argument sanitizer failed for ARG 'UID'"; exit 1 ) |
| 94 | + |
| 95 | +# Create a non-privileged user that the app will run under. |
| 96 | +# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user |
| 97 | +ARG UID=10001 |
| 98 | +RUN adduser \ |
| 99 | + --disabled-password \ |
| 100 | + --gecos "" \ |
| 101 | + --home "/nonexistent" \ |
| 102 | + --shell "/sbin/nologin" \ |
| 103 | + --no-create-home \ |
| 104 | + --uid "${UID}" \ |
| 105 | + appuser |
| 106 | + |
| 107 | +# Create and add user ownership to config directory. |
| 108 | +RUN mkdir -p /sdv/config |
| 109 | +RUN chown appuser /sdv/config |
| 110 | + |
| 111 | +# Create mnt directory to copy override configs into. |
| 112 | +RUN mkdir -p /mnt/config |
| 113 | + |
| 114 | +USER appuser |
| 115 | + |
| 116 | +WORKDIR /sdv |
| 117 | + |
| 118 | +# Set home environment variable. |
| 119 | +ENV IBEJI_HOME=/sdv/config |
| 120 | + |
| 121 | +# Copy the executable from the "build" stage. |
| 122 | +COPY --from=build /sdv/service /sdv/ |
| 123 | + |
| 124 | +# Copy configuration for service. |
| 125 | +COPY --from=build /sdv/container/config/integrated/ /sdv/config |
| 126 | + |
| 127 | +# Expose the port that the in-vehicle digital twin service listens on. |
| 128 | +EXPOSE 5010 |
| 129 | + |
| 130 | +# What the container should run when it is started. |
| 131 | +CMD ["/sdv/scripts/container_startup.sh"] |
0 commit comments