From 730039eda6fa8535ae66dbe42ca27644f8b5d564 Mon Sep 17 00:00:00 2001
From: Paul Makles <me@insrt.uk>
Date: Fri, 30 Aug 2024 12:06:05 +0100
Subject: [PATCH] chore: switch to distroless Docker runtime images fix: match
 Debian releases for build

closes #297

Co-authored-by: MaticPoh <85814976+MaticPoh@users.noreply.github.com>
---
 Dockerfile                    | 2 +-
 Dockerfile.useCurrentArch     | 2 +-
 crates/bonfire/Dockerfile     | 7 +++----
 crates/core/config/src/lib.rs | 2 ++
 crates/delta/Dockerfile       | 6 ++----
 5 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a18ca6b6d..233469105 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build Stage
-FROM --platform="${BUILDPLATFORM}" rust:1.76.0-slim
+FROM --platform="${BUILDPLATFORM}" rust:1.80.1-slim-bookworm
 USER 0:0
 WORKDIR /home/rust/src
 
diff --git a/Dockerfile.useCurrentArch b/Dockerfile.useCurrentArch
index 9532ed35f..994d3935b 100644
--- a/Dockerfile.useCurrentArch
+++ b/Dockerfile.useCurrentArch
@@ -1,5 +1,5 @@
 # Build Stage
-FROM rust:1.76.0-slim
+FROM rust:1.80.1-slim-bookworm
 USER 0:0
 WORKDIR /home/rust/src
 
diff --git a/crates/bonfire/Dockerfile b/crates/bonfire/Dockerfile
index fb5d540ff..0190f2eff 100644
--- a/crates/bonfire/Dockerfile
+++ b/crates/bonfire/Dockerfile
@@ -2,10 +2,9 @@
 FROM ghcr.io/revoltchat/base:latest AS builder
 
 # Bundle Stage
-FROM debian:bullseye-slim
-RUN apt-get update && \
-    apt-get install -y ca-certificates && \
-    apt-get clean
+FROM gcr.io/distroless/cc-debian12:nonroot
 COPY --from=builder /home/rust/src/target/release/revolt-bonfire ./
+
 EXPOSE 9000
+USER nonroot
 CMD ["./revolt-bonfire"]
diff --git a/crates/core/config/src/lib.rs b/crates/core/config/src/lib.rs
index 7812ac7bc..912cc1adc 100644
--- a/crates/core/config/src/lib.rs
+++ b/crates/core/config/src/lib.rs
@@ -25,6 +25,8 @@ static CONFIG_BUILDER: Lazy<RwLock<Config>> = Lazy::new(|| {
             ));
         } else if std::path::Path::new("Revolt.toml").exists() {
             builder = builder.add_source(File::new("Revolt.toml", FileFormat::Toml));
+        } else if std::path::Path::new("/Revolt.toml").exists() {
+            builder = builder.add_source(File::new("/Revolt.toml", FileFormat::Toml));
         }
 
         builder.build().unwrap()
diff --git a/crates/delta/Dockerfile b/crates/delta/Dockerfile
index 308e00dba..41ff46720 100644
--- a/crates/delta/Dockerfile
+++ b/crates/delta/Dockerfile
@@ -2,13 +2,11 @@
 FROM ghcr.io/revoltchat/base:latest AS builder
 
 # Bundle Stage
-FROM debian:bullseye-slim
-RUN apt-get update && \
-    apt-get install -y ca-certificates && \
-    apt-get clean
+FROM gcr.io/distroless/cc-debian12:nonroot
 COPY --from=builder /home/rust/src/target/release/revolt-delta ./
 
 EXPOSE 8000
 ENV ROCKET_ADDRESS 0.0.0.0
 ENV ROCKET_PORT 8000
+USER nonroot
 CMD ["./revolt-delta"]