# PIR Service — Multi-Stage Docker Build # # Stage 1 (builder): Swift 6.2-noble — kompiliert PIRProcessDatabase + PIRService # Stage 2 (runtime): swift:6.2-noble-slim — minimales Runtime-Image mit Swift-Libs # # Build-Kontext: /srv/pir-build/ (enthält pir-service-example/ + swift-homomorphic-encryption/) # Anmerkung: swift:6.2-noble-slim enthält alle Swift-Runtime-Libs (~300 MB), # ist aber OHNE Swift-Toolchain (kein swiftc, kein spm). # ── Stage 1: Builder ──────────────────────────────────────────────────────── FROM swift:6.2-noble AS builder WORKDIR /build # swift-homomorphic-encryption → PIRProcessDatabase bauen COPY swift-homomorphic-encryption/ ./swift-homomorphic-encryption/ RUN cd swift-homomorphic-encryption && \ swift build -c release --product PIRProcessDatabase 2>&1 && \ cp .build/release/PIRProcessDatabase /usr/local/bin/PIRProcessDatabase # pir-service-example → PIRService + ConstructDatabase bauen COPY pir-service-example/ ./pir-service-example/ RUN cd pir-service-example && \ swift build -c release --product PIRService 2>&1 && \ swift build -c release --product ConstructDatabase 2>&1 && \ cp .build/release/PIRService /usr/local/bin/PIRService && \ cp .build/release/ConstructDatabase /usr/local/bin/ConstructDatabase # ── Stage 2: Runtime ───────────────────────────────────────────────────────── # swift:6.2-noble enthält alle Swift-Runtime-Libs — kein manueller Lib-Transfer nötig FROM swift:6.2-noble AS runtime # Nur die Binaries aus dem Builder-Stage kopieren COPY --from=builder /usr/local/bin/PIRService /usr/local/bin/PIRService COPY --from=builder /usr/local/bin/PIRProcessDatabase /usr/local/bin/PIRProcessDatabase COPY --from=builder /usr/local/bin/ConstructDatabase /usr/local/bin/ConstructDatabase # Verzeichnisse: /data = DB-Artifacts, /config = service-config.json RUN mkdir -p /data /config WORKDIR /data EXPOSE 8090 # service-config.json wird via Volume gemountet (/config/service-config.json) # Daten-Artifacts werden via Volume gemountet (/data/) CMD ["PIRService", "--hostname", "0.0.0.0", "--port", "8090", "/config/service-config.json"]