1  # syntax=docker/dockerfile:1.20
 2  FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.9.0 AS xx
 3  
 4  FROM --platform=$BUILDPLATFORM node:25-slim AS ui
 5  
 6  WORKDIR /volume
 7  ENV PNPM_HOME="/pnpm"
 8  ENV PATH="$PNPM_HOME:$PATH"
 9  
10  RUN npm install -g pnpm
11  
12  COPY --parents capsule/ ./
13  
14  RUN cd capsule && \
15      pnpm install --frozen-lockfile && \
16      pnpm run build
17  
18  FROM --platform=$BUILDPLATFORM rust:1.94 AS builder
19  
20  COPY --from=xx / /
21  
22  WORKDIR /volume
23  ENV RUSTFLAGS="-C target-feature=+crt-static"
24  ENV XX_VERIFY_STATIC=1
25  
26  RUN apt-get update && \
27      apt-get install -y clang lld
28  
29  ARG TARGETPLATFORM
30  
31  RUN xx-apt-get install -y xx-c-essentials
32  
33  COPY --parents capsule/ capsule-cli/ Cargo.lock Cargo.toml ./
34  COPY --parents --from=ui /volume/capsule/assets ./
35  
36  RUN xx-cargo build --release --bin capsule && \
37      xx-verify target/$(xx-cargo --print-target-triple)/release/capsule && \
38      mkdir dist && \
39      cp target/$(xx-cargo --print-target-triple)/release/capsule dist/capsule
40  
41  FROM --platform=$BUILDPLATFORM alpine:3 AS newuser
42  
43  RUN echo "capsule:x:1000:" > /tmp/group && \
44      echo "capsule:x:1000:1000::/dev/null:/sbin/nologin" > /tmp/passwd && \
45      mkdir -p /tmp/var/lib/capsule && \
46      chown 1000:1000 /tmp/var/lib/capsule
47  
48  FROM scratch
49  
50  COPY --from=builder /volume/dist/capsule /bin/
51  COPY --from=newuser /tmp/group /tmp/passwd /etc/
52  COPY --from=newuser /tmp/var/lib /var/lib/
53  
54  ENV CAPSULE_DATA_DIR=/var/lib/capsule
55  
56  EXPOSE 8080
57  USER capsule
58  
59  ENTRYPOINT ["/bin/capsule"]