feat(wfe-server): Dockerfile and configuration reference

Multi-stage alpine build targeting sunbeam-remote buildx builder. Comprehensive README documenting all config options, env vars, auth methods (static tokens, OIDC/JWT, webhook HMAC), and backends.
2026-04-06 21:01:28 +01:00
parent 556c9bc4b3
commit 6f4700ef89
3 changed files with 313 additions and 0 deletions
--- a/30
+++ b/30
@@ -0,0 +1,30 @@
+# Stage 1: Build
+FROM rust:alpine AS builder
+
+RUN apk add --no-cache musl-dev protobuf-dev openssl-dev openssl-libs-static pkgconfig
+
+WORKDIR /build
+COPY . .
+
+# Configure the sunbeam cargo registry (workspace deps reference it)
+RUN mkdir -p .cargo && printf '[registries.sunbeam]\nindex = "sparse+https://src.sunbeam.pt/api/packages/studio/cargo/"\n' > .cargo/config.toml
+
+RUN cargo build --release --bin wfe-server \
+    -p wfe-server \
+    --features "wfe-yaml/rustlang,wfe-yaml/buildkit,wfe-yaml/containerd,wfe-yaml/kubernetes" \
+    && strip target/release/wfe-server
+
+# Stage 2: Runtime
+FROM alpine:3.21
+
+RUN apk add --no-cache ca-certificates tini
+
+COPY --from=builder /build/target/release/wfe-server /usr/local/bin/wfe-server
+
+RUN adduser -D -u 1000 wfe
+USER wfe
+
+EXPOSE 50051 8080
+
+ENTRYPOINT ["tini", "--"]
+CMD ["wfe-server"]