# Multi-stage build for atproto-identity-rs workspace # Builds and installs all 15 binaries from the workspace # Build stage - use 1.90 to support resolver = "3" and edition = "2024" FROM rust:1.90-slim-bookworm AS builder # Install system dependencies needed for building RUN apt-get update && apt-get install -y \ pkg-config \ libssl-dev \ && rm -rf /var/lib/apt/lists/* # Set working directory WORKDIR /usr/src/app # Copy the entire workspace COPY . . # Build all binaries in release mode # This will build all binaries defined in the workspace: # - atproto-identity: 4 binaries (resolve, key, sign, validate) # - atproto-attestation: 2 binaries (attestation-sign, attestation-verify) # - atproto-record: 1 binary (record-cid) # - atproto-client: 3 binaries (auth, app-password, dpop) # - atproto-oauth: 1 binary (service-token) # - atproto-oauth-axum: 1 binary (oauth-tool) # - atproto-jetstream: 1 binary (jetstream-consumer) # - atproto-xrpcs-helloworld: 1 binary (xrpcs-helloworld) # - atproto-lexicon: 1 binary (lexicon-resolve) # Note: atproto-identity-resolve and atproto-lexicon-resolve require hickory-dns feature RUN cargo build --release --bins -F clap,hickory-dns,zeroize,tokio # Runtime stage - use distroless for minimal attack surface FROM gcr.io/distroless/cc-debian12 # Create directory for binaries WORKDIR /usr/local/bin # Copy all built binaries from builder stage COPY --from=builder /usr/src/app/target/release/atproto-identity-resolve . COPY --from=builder /usr/src/app/target/release/atproto-identity-key . COPY --from=builder /usr/src/app/target/release/atproto-identity-sign . COPY --from=builder /usr/src/app/target/release/atproto-identity-validate . COPY --from=builder /usr/src/app/target/release/atproto-attestation-sign . COPY --from=builder /usr/src/app/target/release/atproto-attestation-verify . COPY --from=builder /usr/src/app/target/release/atproto-record-cid . COPY --from=builder /usr/src/app/target/release/atproto-client-auth . COPY --from=builder /usr/src/app/target/release/atproto-client-app-password . COPY --from=builder /usr/src/app/target/release/atproto-client-dpop . COPY --from=builder /usr/src/app/target/release/atproto-oauth-service-token . COPY --from=builder /usr/src/app/target/release/atproto-oauth-tool . COPY --from=builder /usr/src/app/target/release/atproto-xrpcs-helloworld . COPY --from=builder /usr/src/app/target/release/atproto-jetstream-consumer . COPY --from=builder /usr/src/app/target/release/atproto-lexicon-resolve . # Default to the main resolution tool # Users can override with specific binary: docker run atproto-identity-resolve --help # Or run other tools: # docker run atproto-identity-key --help # docker run atproto-attestation-sign --help # docker run atproto-attestation-verify --help # docker run atproto-record-cid --help # docker run atproto-client-auth --help # docker run atproto-oauth-service-token --help # docker run atproto-oauth-tool --help # docker run atproto-xrpcs-helloworld --help # docker run atproto-jetstream-consumer --help # docker run atproto-lexicon-resolve --help CMD ["atproto-identity-resolve", "--help"] # Add labels for documentation LABEL org.opencontainers.image.title="atproto-identity-rs" LABEL org.opencontainers.image.description="AT Protocol identity management tools" LABEL org.opencontainers.image.authors="Nick Gerakines " LABEL org.opencontainers.image.source="https://tangled.sh/@smokesignal.events/atproto-identity-rs" LABEL org.opencontainers.image.version="0.13.0" LABEL org.opencontainers.image.licenses="MIT" # Document available binaries LABEL binaries="atproto-identity-resolve,atproto-identity-key,atproto-identity-sign,atproto-identity-validate,atproto-attestation-sign,atproto-attestation-verify,atproto-record-cid,atproto-client-auth,atproto-client-app-password,atproto-client-dpop,atproto-oauth-service-token,atproto-oauth-tool,atproto-jetstream-consumer,atproto-xrpcs-helloworld,atproto-lexicon-resolve"