diff --git a/rust/.dockerignore b/rust/.dockerignore new file mode 100644 index 0000000..2f7896d --- /dev/null +++ b/rust/.dockerignore @@ -0,0 +1 @@ +target/ diff --git a/rust/Cargo.lock b/rust/Cargo.lock index 9c67c15..90412be 100644 --- a/rust/Cargo.lock +++ b/rust/Cargo.lock @@ -67,7 +67,7 @@ dependencies = [ "api", "async-trait", "base64", - "bitcoin_hashes 0.19.0", + "bitcoin_hashes 1.0.0", "hex-conservative 1.0.1", "jsonwebtoken", "openssl", @@ -91,9 +91,9 @@ checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "bitcoin-consensus-encoding" -version = "1.0.0-rc.3" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9cd69023e5db2f3f7241672de6be29408373ba0ff407e7fda71d70d728bec05a" +checksum = "b2d6094e2a1ba3c93b5a596fe5a10d1a10c3c6e06785cde89f693a044c01aa40" dependencies = [ "bitcoin-internals", ] @@ -122,9 +122,9 @@ dependencies = [ [[package]] name = "bitcoin_hashes" -version = "0.19.0" +version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9aaf7add9aa250546d4d7a0ad0755a25327f5205dc2d7eba6b6ec08cd864c79e" +checksum = "8f70c29ac06e7effa19682e91318deae86bdb46c4fd1bbd0f12fd196ff427ab0" dependencies = [ "bitcoin-consensus-encoding", "bitcoin-internals", diff --git a/rust/Dockerfile b/rust/Dockerfile new file mode 100644 index 0000000..e9c7713 --- /dev/null +++ b/rust/Dockerfile @@ -0,0 +1,48 @@ +# Build stage +FROM rust:1.91-bookworm AS builder + +WORKDIR /build + +# Copy workspace files +COPY Cargo.toml Cargo.lock ./ +COPY rustfmt.toml ./ + +# Copy all workspace members +COPY server ./server +COPY api ./api +COPY impls ./impls +COPY auth-impls ./auth-impls + +# Build the application in release mode +RUN cargo build --locked --release --bin vss-server + +# Runtime stage +FROM debian:bookworm-slim + +# Install runtime dependencies and create an unprivileged runtime user +RUN apt-get update && \ + apt-get install -y --no-install-recommends \ + ca-certificates \ + libssl3 \ + && rm -rf /var/lib/apt/lists/* \ + && groupadd --system vss \ + && useradd --system --gid vss --home-dir /app --shell /usr/sbin/nologin vss \ + && mkdir -p /app \ + && chown vss:vss /app + +WORKDIR /app + +# Copy the compiled binary from builder +COPY --from=builder --chown=vss:vss /build/target/release/vss-server /app/vss-server + +# Copy default configuration file +COPY --chown=vss:vss server/vss-server-config.toml /app/vss-server-config.toml + +USER vss:vss + +ENV VSS_BIND_ADDRESS=0.0.0.0:8080 + +EXPOSE 8080 + +# Run the server with the config file +CMD ["/app/vss-server", "/app/vss-server-config.toml"] diff --git a/rust/auth-impls/Cargo.toml b/rust/auth-impls/Cargo.toml index 819a748..5f95667 100644 --- a/rust/auth-impls/Cargo.toml +++ b/rust/auth-impls/Cargo.toml @@ -12,7 +12,7 @@ sigs = [ "bitcoin_hashes", "hex-conservative", "secp256k1" ] api = { path = "../api" } async-trait = "0.1.77" base64 = { version = "0.22.1", optional = true, default-features = false, features = ["std"] } -bitcoin_hashes = { version = "0.19", optional = true, default-features = false } +bitcoin_hashes = { version = "1.0", optional = true, default-features = false } hex-conservative = { version = "1.0", optional = true, default-features = false } openssl = { version = "0.10.75", optional = true, default-features = false } secp256k1 = { version = "0.31", optional = true, default-features = false, features = [ "global-context" ] } diff --git a/rust/docker-compose.yml b/rust/docker-compose.yml index cc3f89c..a814825 100644 --- a/rust/docker-compose.yml +++ b/rust/docker-compose.yml @@ -1,4 +1,19 @@ services: + vss-server: + build: + context: . + dockerfile: Dockerfile + ports: + - "8080:8080" + environment: + VSS_BIND_ADDRESS: 0.0.0.0:8080 + VSS_PSQL_ADDRESS: postgres:5432 + depends_on: + postgres: + condition: service_healthy + networks: + - app-network + postgres: image: postgres:15 environment: @@ -9,6 +24,11 @@ services: - postgres-data:/var/lib/postgresql/data ports: - "5432:5432" + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres -d postgres"] + interval: 5s + timeout: 5s + retries: 5 networks: - app-network