Dockerfile.grpc

# Copyright (c) 2024 by Alibaba.
# Licensed under the Apache License, Version 2.0, see LICENSE for details.
# SPDX-License-Identifier: Apache-2.0

# Use the official Rust image as the base image
FROM rust:latest as builder

# The list of build argument with docker build --build-arg NAME=VALUE
# Define the default commit of source code
ARG CDH_COMMIT=HEAD

# Set the working directory inside the container
WORKDIR /usr/src/guest-components

# Clone the specific commit from the GitHub repository
RUN apt-get update && apt-get install -y git \
    && git clone https://github.com/confidential-containers/guest-components.git . \
    && git checkout ${CDH_COMMIT}

# Install additional build dependencies
RUN apt-get install -y protobuf-compiler

# Build and install confidential-data-hub with specific configurations
RUN cd confidential-data-hub && make RESOURCE_PROVIDER=kbs,sev KMS_PROVIDER=aliyun,ehsm RPC=grpc

# Install ossfs, Gocryptofs and Runtime Dependencies
RUN apt-get update && apt-get install -y wget gdebi-core fuse gocryptfs && \
    wget https://gosspublic.alicdn.com/ossfs/ossfs_1.91.2_ubuntu22.04_amd64.deb && \
    gdebi -n ossfs_1.91.2_ubuntu22.04_amd64.deb && \
    rm ossfs_1.91.2_ubuntu22.04_amd64.deb 


FROM ubuntu:22.04


LABEL org.opencontainers.image.source="https://github.com/inclavare-containers/confidential-data-hub"

# Copy ossfs
COPY --from=builder /usr/local/bin/ossfs /usr/local/bin/ossfs
# Copy gocryptfs
COPY --from=builder /usr/bin/gocryptfs /usr/local/bin/gocryptfs
# Copy confidential-data-hub binary
COPY --from=builder /usr/src/guest-components/target/x86_64-unknown-linux-gnu/release/confidential-data-hub /usr/local/bin/confidential-data-hub


# Default Config File Path (/etc/confidential-data-hub.toml)
VOLUME [ "/etc/confidential-data-hub.toml" ]

# Start confidential-data-hub listening to request: 127.0.0.1:50000
CMD [ "confidential-data-hub" ]

EXPOSE 50000