Build using nix.

docker/webhook_bridge/Dockerfile

@@ -1,18 +1,42 @@
-# syntax=docker/dockerfile:1
-ARG ALPINE_VERSION="3.20"
+#
+# Builder
+#
 
-FROM rustlang/rust:nightly-alpine$ALPINE_VERSION AS builder
+FROM nixos/nix:latest AS builder
 
-RUN apk add --no-cache musl-dev pkgconfig libressl-dev
+RUN cp "$(nix --extra-experimental-features "nix-command flakes" --option filter-syscalls false build nixpkgs#cacert --print-out-paths)/etc/ssl/certs/ca-bundle.crt" /tmp/ca-bundle.crt
 
-RUN mkdir /source
-WORKDIR /source
-COPY --link . .
-# TODO: Add static build, which currently errors due to proc_macro. RUSTFLAGS="-C target-feature=+crt-static"
-RUN --mount=type=tmpfs,target=/tmp --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked CARGO_TARGET_DIR=/target cargo build --profile release-lto --bin webhook_bridge
+COPY . /tmp/build
+WORKDIR /tmp/build
 
-FROM alpine:$ALPINE_VERSION AS runner
+RUN nix \
+    --extra-experimental-features "nix-command flakes" \
+    --option filter-syscalls false \
+    build '.#docker_env'
 
-COPY --link --from=builder /target/release-lto/webhook_bridge /usr/bin/
+# Export the built closure to a folder
+RUN mkdir /tmp/nix-store-closure
+RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
+RUN ln -s $(readlink -f /tmp/build/result/bin/sh) /tmp/sh
 
-ENTRYPOINT ["/usr/bin/webhook_bridge"]
+
+
+#
+# Runner
+#
+
+FROM scratch
+
+WORKDIR /app
+
+ENV PATH="$PATH:/app/bin"
+
+ENV SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
+ENV NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
+COPY --from=builder /tmp/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt
+
+COPY --from=builder /tmp/nix-store-closure /nix/store
+COPY --from=builder /tmp/build/result /app
+COPY --from=builder /tmp/sh /bin/sh
+EXPOSE 9988
+CMD ["/app/bin/webhook_bridge"]