Sulkta-Coop/crafting-table
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Dockerfile: skip cargo-audit/cargo-deny install (both flaking); keep mypy types-requests fix

Browse source
This commit is contained in:
Kayos 2026-04-29 14:42:40 -07:00
parent 44535acdf8
commit 569691a555
1 changed files with 7 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

26
Dockerfile
View file

@ -213,25 +213,13 @@ RUN curl -fsSL https://sh.rustup.rs | sh -s -- -y --default-toolchain stable --p
# at runtime). The /caches/cargo/bin/ dir IS volume-shadowed by the host bind
# mount, so cargo install artifacts there disappear inside the live container.
USER root
# Install cargo-deny via the prebuilt linux x86_64 binary from its GitHub
# release — way more reliable than `cargo install` (which has flaked on
# both cargo-audit's libgit2-sys dep AND on quote's build script under
# the /caches/cargo volume contention). cargo-deny supersedes cargo-audit
# for our purposes: `cargo deny check advisories` runs the same RustSec
# advisory DB scan that cargo-audit does.
RUN ARCH="$(dpkg --print-architecture)" \
&& case "$ARCH" in \
amd64) DENY_TARGET=x86_64-unknown-linux-musl ;; \
arm64) DENY_TARGET=aarch64-unknown-linux-musl ;; \
*) echo "unsupported arch $ARCH for cargo-deny" && exit 1 ;; \
esac \
&& DENY_VERSION=0.16.4 \
&& curl -fsSL "https://github.com/EmbarkStudios/cargo-deny/releases/download/${DENY_VERSION}/cargo-deny-${DENY_VERSION}-${DENY_TARGET}.tar.gz" -o /tmp/cargo-deny.tgz \
&& tar -xzf /tmp/cargo-deny.tgz -C /tmp \
&& cp "/tmp/cargo-deny-${DENY_VERSION}-${DENY_TARGET}/cargo-deny" /usr/local/bin/cargo-deny \
&& chmod 755 /usr/local/bin/cargo-deny \
&& rm -rf /tmp/cargo-deny.tgz "/tmp/cargo-deny-${DENY_VERSION}-${DENY_TARGET}"
USER crafter
# cargo-audit + cargo-deny intentionally NOT installed in image — both
# `cargo install` and prebuilt-binary-download approaches flaked
# (libgit2-sys C bindings, quote build script under /caches/cargo
# contention, and DNS flakes on github.com release downloads). Operators
# who need rust audit can install at runtime once the container is up.
# Future v0.2 work: bake into a precompiled stage or use the prebuilt
# binary pattern with retries.
# ============================================================
# 15. Bun (curl install)