From 4c324e11606b25b8bec7396af56d5c252c3f04e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Wed, 19 Aug 2020 00:02:14 +0200 Subject: [PATCH] Change Dockerfiles to make the AMD image multidb --- .dockerignore | 11 ++ Dockerfile | 2 +- docker/Dockerfile.j2 | 54 +++---- docker/amd64/{mysql => }/Dockerfile | 13 +- .../amd64/{postgresql => }/Dockerfile.alpine | 13 +- docker/amd64/mysql/Dockerfile.alpine | 105 -------------- docker/amd64/postgresql/Dockerfile | 102 ------------- docker/amd64/sqlite/Dockerfile | 96 ------------- docker/amd64/sqlite/Dockerfile.alpine | 99 ------------- docker/arm32v6/{sqlite => }/Dockerfile | 6 +- docker/arm32v6/mysql/Dockerfile | 134 ------------------ docker/arm32v7/{sqlite => }/Dockerfile | 7 +- docker/arm32v7/mysql/Dockerfile | 133 ----------------- docker/arm64v8/{sqlite => }/Dockerfile | 6 +- docker/arm64v8/mysql/Dockerfile | 134 ------------------ hooks/arches.sh | 5 - hooks/build | 2 +- 17 files changed, 50 insertions(+), 872 deletions(-) rename docker/amd64/{mysql => }/Dockerfile (94%) rename docker/amd64/{postgresql => }/Dockerfile.alpine (93%) delete mode 100644 docker/amd64/mysql/Dockerfile.alpine delete mode 100644 docker/amd64/postgresql/Dockerfile delete mode 100644 docker/amd64/sqlite/Dockerfile delete mode 100644 docker/amd64/sqlite/Dockerfile.alpine rename docker/arm32v6/{sqlite => }/Dockerfile (95%) delete mode 100644 docker/arm32v6/mysql/Dockerfile rename docker/arm32v7/{sqlite => }/Dockerfile (95%) delete mode 100644 docker/arm32v7/mysql/Dockerfile rename docker/arm64v8/{sqlite => }/Dockerfile (95%) delete mode 100644 docker/arm64v8/mysql/Dockerfile diff --git a/.dockerignore b/.dockerignore index 0584c2a2..b3e43a23 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,6 +3,7 @@ target # Data folder data +.env # IDE files .vscode @@ -10,5 +11,15 @@ data *.iml # Documentation +.github *.md +*.txt +*.yml +*.yaml +# Docker folders +hooks +tools + +# Web vault +web-vault \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index bf93eafd..c99d6e50 120000 --- a/Dockerfile +++ b/Dockerfile @@ -1 +1 @@ -docker/amd64/sqlite/Dockerfile \ No newline at end of file +docker/amd64/Dockerfile \ No newline at end of file diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index d6c3dc2e..e44e82fb 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -1,10 +1,10 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. -{% set build_stage_base_image = "rust:1.40" %} +{% set build_stage_base_image = "rust:1.45" %} {% if "alpine" in target_file %} -{% set build_stage_base_image = "clux/muslrust:nightly-2020-03-09" %} -{% set runtime_stage_base_image = "alpine:3.11" %} +{% set build_stage_base_image = "clux/muslrust:nightly-2020-07-09" %} +{% set runtime_stage_base_image = "alpine:3.12" %} {% set package_arch_name = "" %} {% elif "amd64" in target_file %} {% set runtime_stage_base_image = "debian:buster-slim" %} @@ -42,25 +42,19 @@ FROM bitwardenrs/web-vault@{{ vault_image_hash }} as vault ########################## BUILD IMAGE ########################## -{% if "musl" in build_stage_base_image %} -# Musl build image for statically compiled binary -{% else %} -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -{% endif %} FROM {{ build_stage_base_image }} as build -{% if "sqlite" in target_file %} -# set sqlite as default for DB ARG for backward compatibility +{% if "alpine" in target_file %} +# Alpine only works on SQlite ARG DB=sqlite -{% elif "mysql" in target_file %} -# set mysql backend -ARG DB=mysql +{% elif "amd64" in target_file %} +# AMD64 supports all +ARG DB=sqlite,mysql,postgresql -{% elif "postgresql" in target_file %} -# set postgresql backend -ARG DB=postgresql +{% else %} +# ARM only supports SQLite for now +ARG DB=sqlite {% endif %} # Build time options to avoid dpkg warnings and help with reproducible builds. @@ -73,7 +67,7 @@ RUN rustup set profile minimal ENV USER "root" ENV RUSTFLAGS='-C link-arg=-s' -{% elif "arm32" in target_file or "arm64" in target_file %} +{% elif "arm" in target_file %} # Install required build libs for {{ package_arch_name }} architecture. RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ /etc/apt/sources.list.d/deb-src.list \ @@ -96,7 +90,6 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" - {% elif "arm32v6" in target_file %} RUN apt-get update \ && apt-get install -y \ @@ -108,7 +101,6 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" - {% elif "arm32v7" in target_file %} RUN apt-get update \ && apt-get install -y \ @@ -120,27 +112,16 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" - {% endif %} -{% if "mysql" in target_file %} -# Install MySQL package +{% if "amd64" in target_file %} +# Install DB packages RUN apt-get update && apt-get install -y \ --no-install-recommends \ -{% if "musl" in build_stage_base_image %} - libmysqlclient-dev{{ package_arch_prefix }} \ -{% else %} libmariadb-dev{{ package_arch_prefix }} \ -{% endif %} - && rm -rf /var/lib/apt/lists/* - -{% elif "postgresql" in target_file %} -# Install PostgreSQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ libpq-dev{{ package_arch_prefix }} \ && rm -rf /var/lib/apt/lists/* - {% endif %} + # Creates a dummy project used to grab dependencies RUN USER=root cargo new --bin /app WORKDIR /app @@ -178,6 +159,7 @@ RUN rustup target add arm-unknown-linux-gnueabi {% elif "arm32v7" in target_file %} RUN rustup target add armv7-unknown-linux-gnueabihf + {% endif %} # Builds your dependencies and removes the # dummy project, except the target folder @@ -239,11 +221,9 @@ RUN apt-get update && apt-get install -y \ openssl \ ca-certificates \ curl \ -{% if "sqlite" in target_file %} sqlite3 \ -{% elif "mysql" in target_file %} +{% if "amd64" in target_file %} libmariadbclient-dev \ -{% elif "postgresql" in target_file %} libpq5 \ {% endif %} && rm -rf /var/lib/apt/lists/* diff --git a/docker/amd64/mysql/Dockerfile b/docker/amd64/Dockerfile similarity index 94% rename from docker/amd64/mysql/Dockerfile rename to docker/amd64/Dockerfile index 88e289fa..b8a7bf9e 100644 --- a/docker/amd64/mysql/Dockerfile +++ b/docker/amd64/Dockerfile @@ -18,12 +18,10 @@ FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault ########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build +FROM rust:1.45 as build -# set mysql backend -ARG DB=mysql +# AMD64 supports all +ARG DB=sqlite,mysql,postgresql # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color @@ -31,10 +29,11 @@ ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color # Don't download rust docs RUN rustup set profile minimal -# Install MySQL package +# Install DB packages RUN apt-get update && apt-get install -y \ --no-install-recommends \ libmariadb-dev \ + libpq-dev \ && rm -rf /var/lib/apt/lists/* # Creates a dummy project used to grab dependencies @@ -78,7 +77,9 @@ RUN apt-get update && apt-get install -y \ openssl \ ca-certificates \ curl \ + sqlite3 \ libmariadbclient-dev \ + libpq5 \ && rm -rf /var/lib/apt/lists/* RUN mkdir /data diff --git a/docker/amd64/postgresql/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine similarity index 93% rename from docker/amd64/postgresql/Dockerfile.alpine rename to docker/amd64/Dockerfile.alpine index 984a8a7b..d5dc43e6 100644 --- a/docker/amd64/postgresql/Dockerfile.alpine +++ b/docker/amd64/Dockerfile.alpine @@ -18,11 +18,10 @@ FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault ########################## BUILD IMAGE ########################## -# Musl build image for statically compiled binary -FROM clux/muslrust:nightly-2020-03-09 as build +FROM clux/muslrust:nightly-2020-07-09 as build -# set postgresql backend -ARG DB=postgresql +# Alpine only works on SQlite +ARG DB=sqlite # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color @@ -33,9 +32,10 @@ RUN rustup set profile minimal ENV USER "root" ENV RUSTFLAGS='-C link-arg=-s' -# Install PostgreSQL package +# Install DB packages RUN apt-get update && apt-get install -y \ --no-install-recommends \ + libmariadb-dev \ libpq-dev \ && rm -rf /var/lib/apt/lists/* @@ -70,7 +70,7 @@ RUN cargo build --features ${DB} --release ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM alpine:3.11 +FROM alpine:3.12 ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 @@ -81,7 +81,6 @@ ENV SSL_CERT_DIR=/etc/ssl/certs RUN apk add --no-cache \ openssl \ curl \ - postgresql-libs \ ca-certificates RUN mkdir /data diff --git a/docker/amd64/mysql/Dockerfile.alpine b/docker/amd64/mysql/Dockerfile.alpine deleted file mode 100644 index f0733c37..00000000 --- a/docker/amd64/mysql/Dockerfile.alpine +++ /dev/null @@ -1,105 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# Musl build image for statically compiled binary -FROM clux/muslrust:nightly-2020-03-09 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -ENV USER "root" -ENV RUSTFLAGS='-C link-arg=-s' - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmysqlclient-dev \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -RUN rustup target add x86_64-unknown-linux-musl - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM alpine:3.11 - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs - -# Install needed libraries -RUN apk add --no-cache \ - openssl \ - curl \ - mariadb-connector-c \ - ca-certificates - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/amd64/postgresql/Dockerfile b/docker/amd64/postgresql/Dockerfile deleted file mode 100644 index 3a51b048..00000000 --- a/docker/amd64/postgresql/Dockerfile +++ /dev/null @@ -1,102 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set postgresql backend -ARG DB=postgresql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install PostgreSQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libpq-dev \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM debian:buster-slim - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libpq5 \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build app/target/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/amd64/sqlite/Dockerfile b/docker/amd64/sqlite/Dockerfile deleted file mode 100644 index fe9cecb1..00000000 --- a/docker/amd64/sqlite/Dockerfile +++ /dev/null @@ -1,96 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set sqlite as default for DB ARG for backward compatibility -ARG DB=sqlite - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM debian:buster-slim - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - sqlite3 \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build app/target/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/amd64/sqlite/Dockerfile.alpine b/docker/amd64/sqlite/Dockerfile.alpine deleted file mode 100644 index 2dce0cf7..00000000 --- a/docker/amd64/sqlite/Dockerfile.alpine +++ /dev/null @@ -1,99 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# Musl build image for statically compiled binary -FROM clux/muslrust:nightly-2020-03-09 as build - -# set sqlite as default for DB ARG for backward compatibility -ARG DB=sqlite - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -ENV USER "root" -ENV RUSTFLAGS='-C link-arg=-s' - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -RUN rustup target add x86_64-unknown-linux-musl - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM alpine:3.11 - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs - -# Install needed libraries -RUN apk add --no-cache \ - openssl \ - curl \ - sqlite \ - ca-certificates - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm32v6/sqlite/Dockerfile b/docker/arm32v6/Dockerfile similarity index 95% rename from docker/arm32v6/sqlite/Dockerfile rename to docker/arm32v6/Dockerfile index 1bc37aff..b1165d3a 100644 --- a/docker/arm32v6/sqlite/Dockerfile +++ b/docker/arm32v6/Dockerfile @@ -18,11 +18,9 @@ FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault ########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build +FROM rust:1.45 as build -# set sqlite as default for DB ARG for backward compatibility +# ARM only supports SQLite for now ARG DB=sqlite # Build time options to avoid dpkg warnings and help with reproducible builds. diff --git a/docker/arm32v6/mysql/Dockerfile b/docker/arm32v6/mysql/Dockerfile deleted file mode 100644 index fad45f33..00000000 --- a/docker/arm32v6/mysql/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for armel architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armel \ - libc6-dev:armel - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - && mkdir -p ~/.cargo \ - && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev:armel \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" -RUN rustup target add arm-unknown-linux-gnueabi - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/rpi-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm32v7/sqlite/Dockerfile b/docker/arm32v7/Dockerfile similarity index 95% rename from docker/arm32v7/sqlite/Dockerfile rename to docker/arm32v7/Dockerfile index cf20a39e..57e96489 100644 --- a/docker/arm32v7/sqlite/Dockerfile +++ b/docker/arm32v7/Dockerfile @@ -18,11 +18,9 @@ FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault ########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build +FROM rust:1.45 as build -# set sqlite as default for DB ARG for backward compatibility +# ARM only supports SQLite for now ARG DB=sqlite # Build time options to avoid dpkg warnings and help with reproducible builds. @@ -66,6 +64,7 @@ ENV CROSS_COMPILE="1" ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" RUN rustup target add armv7-unknown-linux-gnueabihf + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies diff --git a/docker/arm32v7/mysql/Dockerfile b/docker/arm32v7/mysql/Dockerfile deleted file mode 100644 index 89da407a..00000000 --- a/docker/arm32v7/mysql/Dockerfile +++ /dev/null @@ -1,133 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for armhf architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armhf \ - libc6-dev:armhf - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - && mkdir -p ~/.cargo \ - && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev:armhf \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" -RUN rustup target add armv7-unknown-linux-gnueabihf -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/armv7hf-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm64v8/sqlite/Dockerfile b/docker/arm64v8/Dockerfile similarity index 95% rename from docker/arm64v8/sqlite/Dockerfile rename to docker/arm64v8/Dockerfile index 449df5ec..984ef99c 100644 --- a/docker/arm64v8/sqlite/Dockerfile +++ b/docker/arm64v8/Dockerfile @@ -18,11 +18,9 @@ FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault ########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build +FROM rust:1.45 as build -# set sqlite as default for DB ARG for backward compatibility +# ARM only supports SQLite for now ARG DB=sqlite # Build time options to avoid dpkg warnings and help with reproducible builds. diff --git a/docker/arm64v8/mysql/Dockerfile b/docker/arm64v8/mysql/Dockerfile deleted file mode 100644 index 8cd92867..00000000 --- a/docker/arm64v8/mysql/Dockerfile +++ /dev/null @@ -1,134 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for arm64 architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:arm64 \ - libc6-dev:arm64 - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - && mkdir -p ~/.cargo \ - && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev:arm64 \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" -ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" -RUN rustup target add aarch64-unknown-linux-gnu - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/aarch64-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/hooks/arches.sh b/hooks/arches.sh index 216179e3..14c53e23 100644 --- a/hooks/arches.sh +++ b/hooks/arches.sh @@ -11,16 +11,11 @@ arches=( case "${DOCKER_REPO}" in *-mysql) - db=mysql arches=(amd64) ;; *-postgresql) - db=postgresql arches=(amd64) ;; - *) - db=sqlite - ;; esac if [[ "${DOCKER_TAG}" == *alpine ]]; then diff --git a/hooks/build b/hooks/build index 2a534606..da267a87 100755 --- a/hooks/build +++ b/hooks/build @@ -9,6 +9,6 @@ set -ex for arch in "${arches[@]}"; do docker build \ -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \ - -f docker/${arch}/${db}/Dockerfile${os_suffix} \ + -f docker/${arch}/Dockerfile${os_suffix} \ . done