# syntax=docker/dockerfile:1.6 # ---------- Build stage ---------- FROM rust:1-bookworm AS builder WORKDIR /app # Speed up builds and improve caching: # 1) Copy only manifests first COPY Cargo.toml Cargo.lock ./ COPY sam2_server/Cargo.toml sam2_server/Cargo.toml # 2) Create a dummy main to cache dependency compilation RUN mkdir -p sam2_server/src \ && printf "fn main(){}\n" > sam2_server/src/main.rs # 3) Pre-build dependencies using BuildKit cache mounts (ignore failure on missing sources) RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/app/target \ cargo build -p sam2_server --release --locked || true # 4) Now copy the actual sources for the server crate only (avoids invalidating cache on unrelated files) COPY sam2_server/ ./sam2_server/ # 5) Build the release binary with caching # Note: artifacts in /app/target are on a cache mount and won't persist as image layers. # We install the binary into /usr/local/bin to persist it for the next stage. RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/app/target \ cargo build -p sam2_server --release --locked && \ install -Dm755 target/release/sam2_server /usr/local/bin/sam2_server # ---------- Runtime stage ---------- FROM debian:bookworm-slim AS runtime WORKDIR /app # Small, useful tools and certs (for HEALTHCHECK) RUN apt-get update \ && apt-get install -y --no-install-recommends ca-certificates curl \ && rm -rf /var/lib/apt/lists/* # Copy binary and static assets COPY --from=builder /usr/local/bin/sam2_server /usr/local/bin/sam2_server COPY sam2_server/static ./sam2_server/static # Copy ONNX models to workdir root (the server expects them next to /app) # COPY sam2_large.onnx sam2_small.onnx sam2_base_plus.onnx sam2_tiny.onnx ./ COPY sam2_tiny.onnx ./ # Run as non-root RUN useradd -r -u 10001 -g root -d /nonexistent -s /usr/sbin/nologin appuser \ && chown -R appuser:root /app \ && chmod -R g=u /app ENV RUST_LOG=info \ RUST_BACKTRACE=1 EXPOSE 8080 # Basic liveness probe against the models endpoint HEALTHCHECK --interval=30s --timeout=5s --start-period=20s --retries=3 \ CMD curl -fsS http://127.0.0.1:8080/api/models || exit 1 USER appuser ENTRYPOINT ["/usr/local/bin/sam2_server"]