rizo/Dockerfile

## Dockerfile
FROM ocaml/opam2:alpine-3.7-ocaml-4.06
RUN sudo apk --no-cache add ca-certificates
RUN sudo apk add --update m4 openssh-client

# Setup SSH.
RUN mkdir -p ~/.ssh
ARG SSH_PRIVATE_KEY
RUN echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
RUN chmod 600 ~/.ssh/id_rsa
RUN printf "Host github.com\n\tStrictHostKeyChecking no\n" > ~/.ssh/config

# Setup git for private repos.
RUN git config --global url."git@github.com:".insteadOf "https://github.com/"

# Setup private repositories.
# RUN opam repo add remote --all-switches https://opam.ocaml.org/2.0
# RUN opam repo add private-repo --all-switches <repo-url>

# Install project dependencies.
COPY --chown=opam:nogroup Makefile *.opam /mnt/local/
WORKDIR /mnt/local
RUN opam config exec make install-deps

# Build the project.
COPY --chown=opam:nogroup . /mnt/local
RUN opam config exec make PROFILE=release build

# Install for export.
RUN mkdir -p /mnt/local/_export
RUN opam config exec make DESTDIR=/mnt/local/_export install


# Runner image.
FROM alpine:3.7
RUN apk --no-cache add ca-certificates

COPY --from=0 /mnt/local/_export /mnt/local
ENV PATH /mnt/local/bin:$PATH
WORKDIR /mnt/local

## Makefile
default: build
.PHONY: default

install-deps:
	opam install -y --deps-only .
.PHONY: install-deps

build:
	if test -n "${PROFILE}"; \
		then dune build --profile="${PROFILE}" @install; \
		else dune build @install; fi
.PHONY: build

test:
	dune runtest
.PHONY: test

install:
	# Will not be needed after <https://github.com/ocaml/dune/issues/946>.
	if test -n "${DESTDIR}"; \
		then dune install --prefix="${DESTDIR}"; \
		else dune install; fi
.PHONY: install

uninstall:
	if test -n "${DESTDIR}"; \
		then dune uninstall --prefix="${DESTDIR}"; \
		else dune uninstall; fi
.PHONY: uninstall

clean:
	rm -rf _build
.PHONY: clean

docker-build:
	docker build \
		--build-arg SSH_PRIVATE_KEY="`vault read -field ssh-private-key PATH`" \
		-t SOMETHING \
		.
.PHONY: docker-build

docker-push: docker-build
	docker push SOMETHING
.PHONY: docker-push
	FROM ocaml/opam2:alpine-3.7-ocaml-4.06
	RUN sudo apk --no-cache add ca-certificates
	RUN sudo apk add --update m4 openssh-client

	# Setup SSH.
	RUN mkdir -p ~/.ssh
	ARG SSH_PRIVATE_KEY
	RUN echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
	RUN chmod 600 ~/.ssh/id_rsa
	RUN printf "Host github.com\n\tStrictHostKeyChecking no\n" > ~/.ssh/config

	# Setup git for private repos.
	RUN git config --global url."git@github.com:".insteadOf "https://github.com/"

	# Setup private repositories.
	# RUN opam repo add remote --all-switches https://opam.ocaml.org/2.0
	# RUN opam repo add private-repo --all-switches <repo-url>

	# Install project dependencies.
	COPY --chown=opam:nogroup Makefile *.opam /mnt/local/
	WORKDIR /mnt/local
	RUN opam config exec make install-deps

	# Build the project.
	COPY --chown=opam:nogroup . /mnt/local
	RUN opam config exec make PROFILE=release build

	# Install for export.
	RUN mkdir -p /mnt/local/_export
	RUN opam config exec make DESTDIR=/mnt/local/_export install


	# Runner image.
	FROM alpine:3.7
	RUN apk --no-cache add ca-certificates

	COPY --from=0 /mnt/local/_export /mnt/local
	ENV PATH /mnt/local/bin:$PATH
	WORKDIR /mnt/local
	default: build
	.PHONY: default

	install-deps:
	opam install -y --deps-only .
	.PHONY: install-deps

	build:
	if test -n "${PROFILE}"; \
	then dune build --profile="${PROFILE}" @install; \
	else dune build @install; fi
	.PHONY: build

	test:
	dune runtest
	.PHONY: test

	install:
	# Will not be needed after <https://github.com/ocaml/dune/issues/946>.
	if test -n "${DESTDIR}"; \
	then dune install --prefix="${DESTDIR}"; \
	else dune install; fi
	.PHONY: install

	uninstall:
	if test -n "${DESTDIR}"; \
	then dune uninstall --prefix="${DESTDIR}"; \
	else dune uninstall; fi
	.PHONY: uninstall

	clean:
	rm -rf _build
	.PHONY: clean

	docker-build:
	docker build \
	--build-arg SSH_PRIVATE_KEY="`vault read -field ssh-private-key PATH`" \
	-t SOMETHING \
	.
	.PHONY: docker-build

	docker-push: docker-build
	docker push SOMETHING
	.PHONY: docker-push