nim-censor-bot/Dockerfile

FROM alpine:edge as builder

RUN apk update && apk add autoconf \
                          automake \
                          bash \
                          build-base \
                          cmake \
                          curl \
                          git \
                          libtool \
                          ninja \
                          perl \
                          sqlite-dev \
                          sqlite-static

ENV NIM_VERSION v1.6.12
ENV LIBRESSL_VERSION v3.8.0

# Compile LibreSSL Portable from source
RUN git clone https://github.com/libressl/portable --depth=1 -b ${LIBRESSL_VERSION} libressl && \
    cd libressl && \
    ./autogen.sh && \
    mkdir build-ninja && \
    cd build-ninja && \
    cmake -G"Ninja" .. && \
    ninja

# Compile Nim from source including upstream patch
RUN git clone https://github.com/nim-lang/Nim.git --depth=1 -b ${NIM_VERSION} && \
    cd Nim && \
    git config user.name gitlab && \
    git config user.email gitlab-ci@git.baalajimaestro.me && \
    curl https://github.com/nim-lang/Nim/commit/7c96eb45482dae4a78cf05d7fa85ae5018e2fe5f.patch | git am && \
    bash build_all.sh

# Add built nim to path
ENV PATH=/Nim/bin:$PATH

# Update nimble
RUN nimble install nimble --accept

COPY . /app
WORKDIR /app

# Build with necessary params to enable statically linking openssl, glibc and sqlite3
RUN /root/.nimble/bin/nimble build --passL:-L/usr/lib \
                            -d:ssl \
                            -p:. \
                            --dynlibOverride:ssl \
                            --dynlibOverride:crypto \
                            --dynlibOverride:sqlite3 \
                            --dynlibOverride:tls \
                            --passl:-lssl \
                            --passl:-lsqlite3 \
                            --passl:-lcrypto \
                            --passl:-ltls \
                            --passL:-L/libressl/build-ninja/ssl \
                            --passL:-L/libressl/build-ninja/crypto \
                            --passL:-L/libressl/build-ninja/tls \
                            --passL:-static \
                            --passL:"-flto" \
                            -d:release \
                            --opt:speed \
                            --mm:orc \
                            --deepcopy=on \
                            --accept

RUN strip -s /app/nim_censor_bot && \
    strip -R .comment -R .note -R .note.ABI-tag /app/nim_censor_bot

FROM scratch

COPY --from=builder /app/nim_censor_bot /
COPY --from=builder /etc/ssl/certs /etc/ssl/certs

ENV DB_HOST="/data/censordata.db"

EXPOSE 8080
VOLUME /data

CMD ["./nim_censor_bot"]