PublicArchive/astral-uv
2
0
Fork 0
mirror of https://github.com/astral-sh/uv.git synced 2026-05-06 08:56:53 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
astral-uv/Dockerfile
T
Zanie Blue 9345450b4c Use cargo auditable to include SBOM in uv builds (#18276) 
Inspired by #18252 

This required an upstream change
https://github.com/rust-secure-code/cargo-auditable/pull/245 which is
now released.

This increases binary sizes slightly, ~4KB.

The cargo wrapper implementation will be extended in #18280 to code sign
binaries.
2026-03-06 11:38:02 -06:00

72 lines
2.3 KiB
Docker
Raw Permalink Blame History

FROM --platform=$BUILDPLATFORM ubuntu:24.04@sha256:d1e2e92c075e5ca139d51a140fff46f84315c0fdce203eab2807c7e495eff4f9 AS build
ARG UBUNTU_SNAPSHOT=20260301T000000Z
ARG RUSTUP_VERSION=1.28.1
ENV HOME="/root"
WORKDIR $HOME
# Retry apt downloads to handle transient mirror failures (e.g., 503s from snapshot.ubuntu.com).
RUN echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries
# Install dependencies using an Ubuntu snapshot for reproducibility.
# ca-certificates are required for using the snapshot.
RUN --mount=type=cache,target=/var/lib/apt/lists \
apt install -y --update ca-certificates && \
apt install -y --update --snapshot ${UBUNTU_SNAPSHOT} --no-install-recommends \
build-essential \
curl
# Install uv
COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv
# Setup zig as cross compiling linker
COPY pyproject.toml uv.lock ./
RUN uv sync --only-group docker --locked
ENV PATH="$HOME/.venv/bin:$PATH"
# Install rust
ARG TARGETPLATFORM
RUN case "$TARGETPLATFORM" in \
"linux/arm64") echo "aarch64-unknown-linux-musl" > rust_target.txt ;; \
"linux/amd64") echo "x86_64-unknown-linux-musl" > rust_target.txt ;; \
*) exit 1 ;; \
esac
RUN curl --proto '=https' --tlsv1.2 -sSf \
"https://static.rust-lang.org/rustup/archive/${RUSTUP_VERSION}/$(uname -m)-unknown-linux-gnu/rustup-init" \
-o rustup-init \
&& chmod +x rustup-init \
&& ./rustup-init -y --target $(cat rust_target.txt) --profile minimal --default-toolchain none \
&& rm rustup-init
ENV PATH="$HOME/.cargo/bin:$PATH"
# Install the toolchain then the musl target
COPY rust-toolchain.toml rust-toolchain.toml
RUN rustup toolchain install
RUN rustup target add $(cat rust_target.txt)
# Build
COPY crates crates
COPY ./Cargo.toml Cargo.toml
COPY ./Cargo.lock Cargo.lock
# Install cargo-auditable
RUN cargo install \
--locked \
--version 0.7.4 \
cargo-auditable
RUN case "${TARGETPLATFORM}" in \
"linux/arm64") export JEMALLOC_SYS_WITH_LG_PAGE=16;; \
esac && \
cargo auditable zigbuild --bin uv --bin uvx --target $(cat rust_target.txt) --release
RUN cp target/$(cat rust_target.txt)/release/uv /uv \
&& cp target/$(cat rust_target.txt)/release/uvx /uvx
# TODO(konsti): Optimize binary size, with a version that also works when cross compiling
# RUN strip --strip-all /uv
FROM scratch
COPY --from=build /uv /uvx /
WORKDIR /io
ENTRYPOINT ["/uv"]
Reference in New Issue View Git Blame Copy Permalink