feat(deploy): add docker

2026-02-11 16:31:27 +08:00
parent 3b3ce5572f
commit ed6bef8039
6 changed files with 216 additions and 0 deletions
--- a/deploy/docker/Dockerfile
+++ b/deploy/docker/Dockerfile
@@ -0,0 +1,51 @@
+FROM rust:1.91-slim-bookworm AS builder
+WORKDIR /usr/src/app
+
+# 官方 Rust 镜像中 CARGO_HOME = /usr/local/cargo
+RUN echo '[source.crates-io]' > $CARGO_HOME/config.toml \
+    && echo 'replace-with = "rsproxy-sparse"' >> $CARGO_HOME/config.toml \
+    && echo '[source.rsproxy]' >> $CARGO_HOME/config.toml \
+    && echo 'registry = "https://rsproxy.cn/crates.io-index"' >> $CARGO_HOME/config.toml \
+    && echo '[source.rsproxy-sparse]' >> $CARGO_HOME/config.toml \
+    && echo 'registry = "sparse+https://rsproxy.cn/index/"' >> $CARGO_HOME/config.toml \
+    && echo '[registries.rsproxy]' >> $CARGO_HOME/config.toml \
+    && echo 'index = "https://rsproxy.cn/crates.io-index"' >> $CARGO_HOME/config.toml
+
+# 验证一下文件是否真的存在（构建时会在 log 打印出来，让你放心）
+RUN cat $CARGO_HOME/config.toml
+
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends ca-certificates pkg-config libssl-dev git openssh-client \
+  && rm -rf /var/lib/apt/lists/*
+
+COPY Cargo.toml Cargo.lock ./
+COPY .cargo ./.cargo
+RUN mkdir -p src && echo "fn main() {}" > src/main.rs
+RUN cargo build --release --locked
+
+COPY src ./src
+COPY docs ./docs
+RUN touch src/main.rs
+RUN cargo build --release --locked
+
+FROM debian:bookworm-slim AS runner
+WORKDIR /app
+
+RUN sed -i 's/deb.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list.d/debian.sources \
+    && sed -i 's/security.debian.org/mirrors.aliyun.com/g' /etc/apt/sources.list.d/debian.sources
+
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends ca-certificates libssl3 \
+  && rm -rf /var/lib/apt/lists/*
+
+RUN groupadd --system --gid 10001 iam \
+  && useradd --system --uid 10001 --gid 10001 --no-create-home --shell /usr/sbin/nologin iam \
+  && mkdir -p /app/log /app/data \
+  && chown -R iam:iam /app/log
+
+ENV PORT=5020
+EXPOSE 5020
+
+COPY --from=builder /usr/src/app/target/release/iam-service /app/iam-service
+USER iam
+CMD ["/app/iam-service"]
--- a/deploy/docker/docker-compose.yml
+++ b/deploy/docker/docker-compose.yml
@@ -0,0 +1,12 @@
+services:
+  iam-service:
+    build:
+      context: ../..
+      dockerfile: deploy/docker/Dockerfile
+    env_file:
+      - ../../.env
+    ports:
+      - "${PORT}:${PORT}"
+    volumes:
+      - ../../data:/app/data:ro
+      - ../../log:/app/log
--- a/deploy/docker/start.sh
+++ b/deploy/docker/start.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${SCRIPT_DIR}"
+
+# 1. Validate environment
+export DEPLOY_TARGET=docker
+bash ../validate-env.sh
+
+# 2. Start
+echo "Starting iam-service..."
+# Explicit project name to avoid conflict
+docker compose --env-file ../../.env -p iam-service up -d --build
+
+echo "iam-service is running."
--- a/deploy/docker/stop.sh
+++ b/deploy/docker/stop.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+cd "${SCRIPT_DIR}"
+
+echo "Stopping iam-service..."
+docker compose --env-file ../../.env -p iam-service down
+
+echo "iam-service stopped."