ARG RUST_VERSION=1.84 FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx AS xx FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-slim-bookworm AS base FROM --platform=$BUILDPLATFORM rust:${RUST_VERSION}-slim-bookworm AS toolchain # Prevent deletion of apt cache RUN rm -f /etc/apt/apt.conf.d/docker-clean # Match Rustc version as close as possible # rustc -vV ARG LLVM_VERSION=19 ENV RUSTUP_TOOLCHAIN=${RUST_VERSION} # Install repo tools # Line one: compiler tools # Line two: curl, for downloading binaries # Line three: for xx-verify RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ apt-get update && apt-get install -y \ clang-${LLVM_VERSION} lld-${LLVM_VERSION} pkg-config make perl jq \ curl \ file \ libssl-dev # libssl is needed in the host architecture due to an issue with the headers # Create symlinks for LLVM tools RUN <> /etc/environment # Configure pkg-config RUN <> /etc/environment echo "PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /etc/environment echo "PKG_CONFIG_ALLOW_CROSS=true" >> /etc/environment EOF # Configure cc to use clang version RUN <> /etc/environment echo "CXX=clang++" >> /etc/environment EOF # Cross-language LTO RUN <> /etc/environment echo "CXXFLAGS=-flto" >> /etc/environment # Linker is set to target-compatible clang by xx echo "RUSTFLAGS='-Clinker-plugin-lto -Clink-arg=-fuse-ld=lld'" >> /etc/environment EOF # Apply CPU-specific optimizations if TARGET_CPU is provided ARG TARGET_CPU= RUN <> /etc/environment echo "CXXFLAGS='${CXXFLAGS} -march=${TARGET_CPU}'" >> /etc/environment echo "RUSTFLAGS='${RUSTFLAGS} -C target-cpu=${TARGET_CPU}'" >> /etc/environment fi EOF # Prepare output directories RUN mkdir /out FROM toolchain AS builder ARG TARGETPLATFORM ARG KANIDM_FEATURES="" ARG KANIDM_BUILD_PROFILE="" ARG KANIDM_BUILD_OPTIONS="" # Set the build profile ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic} # Verify environment configuration RUN cat /etc/environment RUN xx-cargo --print-target-triple # Get source COPY . . # Build the binary RUN --mount=type=cache,target=/usr/local/cargo/registry \ --mount=type=cache,target=/usr/local/cargo/git/db \ --mount=type=cache,target=/app/target \ bash < /out/sbom/\$PACKAGE.spdx.json done EOF # Extract dynamically linked dependencies RUN <