nixopus/rust-deploy
skills/rust-deploy/SKILL.md
Build and deploy Rust applications — version detection, release binaries, cargo-chef, and Dockerfile patterns. Use when deploying a Rust project, or when Cargo.toml is detected.
$ install --global
skillsauthnpx skillsauth add nixopus/agent rust-deployInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 12:01 AM147.5s1 file scanned
SKILL.md
- name:
- rust-deploy
- description:
- Build and deploy Rust applications — version detection, release binaries, cargo-chef, and Dockerfile patterns. Use when deploying a Rust project, or when Cargo.toml is detected.
- version:
- 1.0
Rust Deployment
Detection
Project is Rust if Cargo.toml or cargo.toml exists.
Versions
Rust version priority:
rust-toolchain.toml→toolchain.channelCargo.toml→package.rust-version.rust-versionfileCargo.toml→package.edition(maps to minimum Rust version)- Defaults to latest stable (1.89)
Build
Build Command
cargo build --release- Binary:
target/release/<package-name> - Package name from
Cargo.toml→[package].name
Entry Resolution
- Binary crate:
src/main.rs - Multi-binary:
src/bin/<name>.rs→ binary name matches filename - Library + binary:
[bin]section inCargo.toml
Output
- Build output:
target/release/<name> - Start command:
./bin/<project-name>or./target/release/<name>
Runtime Variables
| Variable | Purpose |
|---|---|
| ROCKET_ADDRESS | Rocket bind address (use 0.0.0.0 for containers) |
| PORT | Port for web servers (default 8080) |
Port Detection
PORTin.env/.env.example- Source code patterns:
:8080,bind,TcpListenerinmain.rs - Default: 8080
Framework / Library Detection
| Crate | Category |
|---|---|
| axum | Web |
| actix-web | Web |
| rocket | Web |
| warp | Web |
| tokio | Async runtime |
| tower | Middleware |
Install Stage Optimization
Copy in order:
Cargo.toml,Cargo.locksrc/(or full source)
BuildKit Caching
| Cache key | Path |
|---|---|
| cargo_registry | ~/.cargo/registry |
| cargo_git | ~/.cargo/git |
| cargo_target | target/ |
Base Images
| Stage | Image |
|---|---|
| Build | rust:1.89-bookworm or rust:1.89-alpine |
| Runtime | debian:bookworm-slim or gcr.io/distroless/cc |
For Alpine build: may need musl-dev for fully static binary.
Dockerfile Patterns
Multi-Stage (Debian)
FROM rust:1.89-bookworm AS build
WORKDIR /app
COPY Cargo.toml Cargo.lock ./
RUN mkdir src && echo "fn main() {}" > src/main.rs
RUN cargo build --release
COPY src ./src
RUN touch src/main.rs && cargo build --release
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY --from=build /app/target/release/<binary-name> .
EXPOSE 8080
CMD ["./<binary-name>"]
Cargo Chef (faster layer cache)
FROM rust:1.89-bookworm AS chef
RUN cargo install cargo-chef
FROM chef AS planner
WORKDIR /app
COPY . .
RUN cargo chef prepare --recipe-path recipe.json
FROM chef AS build
WORKDIR /app
COPY --from=planner /app/recipe.json .
RUN cargo chef cook --release --recipe-path recipe.json
COPY . .
RUN cargo build --release
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY --from=build /app/target/release/<binary-name> .
EXPOSE 8080
CMD ["./<binary-name>"]
Simple (no chef)
FROM rust:1.89-bookworm AS build
WORKDIR /app
COPY . .
RUN cargo build --release
FROM debian:bookworm-slim
RUN apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
WORKDIR /app
COPY --from=build /app/target/release/<binary-name> .
EXPOSE 8080
CMD ["./<binary-name>"]
Gotchas
- The dummy
main.rstrick (echo "fn main() {}" > src/main.rs) caches dependency compilation, buttouch src/main.rsis needed afterward to invalidate the binary build cache Cargo.lockmust be committed for binary crates — without it, dependency versions are resolved fresh on every build- Alpine builds need
musl-dev, but crates using OpenSSL also needopenssl-devandpkgconfig - Rust builds are memory-intensive —
cargo build --release -j 2limits parallelism to avoid OOM kills in resource-constrained environments - Cargo chef
preparerequires the full source tree — it scans code to compute the dependency recipe
Related Skills
nixopus/api-catalog
tools
VerifiedTrustedCommunity
Compressed catalog of all Nixopus API operations for the nixopus_api() tool
1SKILL.mdUpdated Apr 26, 2026
nixopus/static-deploy
development
VerifiedTrustedCommunity
Deploy static file sites — Caddy/nginx serving, Staticfile config, and Dockerfile patterns. Use when deploying a static HTML site with no server-side runtime, or when index.html or a Staticfile is detected at the project root.
1SKILL.mdUpdated Apr 22, 2026
nixopus/shell-deploy
devops
VerifiedTrustedCommunity
Deploy shell script applications — interpreter detection, setup scripts, and Dockerfile patterns. Use when deploying a shell script project, or when start.sh is detected.
1SKILL.mdUpdated Apr 22, 2026
nixopus/self-heal
development
VerifiedTrustedCommunity
Self-healing loop for failed deployments — diagnose, fix, redeploy up to 3 attempts, then escalate or rollback. Load when a deployment fails or build errors occur.
1SKILL.mdUpdated Apr 22, 2026