Skip to content

Commit 30b476a

Browse files
cristi-claude
cristi-
and
claude
authored
docker: switch to distroless runtime (#47)
Switch to `gcr.io/distroless/cc-debian13` for smaller images. Ubuntu debug target available via `--target debug`. ## Test plan - [x] Built distroless and debug targets - [x] Smoke tested both images 🤖 Generated with [Claude Code](https://claude.ai/code) --------- Co-authored-by: Claude Opus 4.5 <[email protected]>
1 parent 3773d97 commit 30b476a

File tree

2 files changed

+59
-12
lines changed

2 files changed

+59
-12
lines changed

.github/workflows/release.yml

Lines changed: 47 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,29 @@ env:
1515

1616
jobs:
1717
build-images:
18-
name: Build ${{ matrix.arch }} image
18+
name: Build ${{ matrix.arch }} ${{ matrix.target }} image
1919
runs-on: ${{ matrix.runner }}
2020
strategy:
2121
fail-fast: false
2222
matrix:
23+
arch:
24+
- name: x86-64
25+
runner: ubuntu-latest
26+
- name: arm64
27+
runner: ubuntu-24.04-arm
28+
target:
29+
- name: runtime
30+
suffix: ""
31+
- name: debug
32+
suffix: "-debug"
2333
include:
24-
- arch: x86-64
34+
- arch:
35+
name: x86-64
36+
runner: ubuntu-latest
2537
runner: ubuntu-latest
26-
- arch: arm64
38+
- arch:
39+
name: arm64
40+
runner: ubuntu-24.04-arm
2741
runner: ubuntu-24.04-arm
2842
steps:
2943
- name: Checkout repository
@@ -47,11 +61,14 @@ jobs:
4761
4862
- name: Build and push architecture-specific image
4963
run: |
50-
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-${{ matrix.arch }} .
51-
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-${{ matrix.arch }}
64+
docker build \
65+
--target ${{ matrix.target.name }} \
66+
-t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}${{ matrix.target.suffix }}-${{ matrix.arch.name }} \
67+
.
68+
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}${{ matrix.target.suffix }}-${{ matrix.arch.name }}
5269
5370
create-manifest:
54-
name: Create multi-arch manifest
71+
name: Create multi-arch manifests
5572
needs: build-images
5673
runs-on: ubuntu-latest
5774
steps:
@@ -71,14 +88,36 @@ jobs:
7188
echo "version=dev-$(date +%s)" >> $GITHUB_OUTPUT
7289
fi
7390
74-
- name: Create and push multi-arch manifest
91+
- name: Create and push versioned manifest
7592
run: |
7693
docker manifest create ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }} \
7794
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-x86-64 \
7895
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-arm64
79-
8096
docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}
8197
98+
- name: Create and push debug versioned manifest
99+
run: |
100+
docker manifest create ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-debug \
101+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-debug-x86-64 \
102+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-debug-arm64
103+
docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-debug
104+
105+
- name: Tag debug as latest
106+
if: github.event_name != 'workflow_dispatch'
107+
run: |
108+
docker manifest create ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:debug \
109+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-debug-x86-64 \
110+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-debug-arm64
111+
docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:debug
112+
113+
- name: Tag as latest (pushed last to appear at top)
114+
if: github.event_name != 'workflow_dispatch'
115+
run: |
116+
docker manifest create ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest \
117+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-x86-64 \
118+
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.version.outputs.version }}-arm64
119+
docker manifest push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
120+
82121
create-release:
83122
name: Create GitHub release
84123
needs: [build-images, create-manifest]

Dockerfile

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,18 +17,26 @@ RUN --mount=type=cache,id=cachey-rust,sharing=locked,target=/cache \
1717
mkdir -p /build/target/release/ && \
1818
cp /cache/release/server /build/target/release/server
1919

20-
# Runtime stage
21-
FROM ubuntu:latest
20+
# Debug runtime - ubuntu with shell access
21+
# Build with: docker build --target debug .
22+
FROM ubuntu:latest AS debug
2223

23-
# Install ca-certificates for HTTPS requests
2424
RUN apt-get update && \
2525
apt-get install -y ca-certificates && \
2626
rm -rf /var/lib/apt/lists/*
2727

2828
WORKDIR /app
2929

30+
COPY --from=builder /build/target/release/server /app/cachey
31+
32+
ENTRYPOINT ["./cachey"]
33+
34+
# Production runtime (default) - minimal distroless image
35+
FROM gcr.io/distroless/cc-debian13 AS runtime
36+
37+
WORKDIR /app
38+
3039
# Copy the binary from builder stage
3140
COPY --from=builder /build/target/release/server /app/cachey
3241

33-
# Run the server
3442
ENTRYPOINT ["./cachey"]

0 commit comments

Comments
 (0)