1
0
Fork 1
Spiegel von https://github.com/dani-garcia/vaultwarden.git synchronisiert 2024-11-22 05:10:29 +01:00
vaultwarden/docker
Mathijs van Veluw 8ab200224e
Several small fixes for open issues (#4143)
* Fix BWDC when re-run with cleared cache

Using the BWDC with a cleared cache caused invited users to be converted
to accepted users.

The problem was a wrong check for the `restore` function.

Fixes #4114

* Remove useless variable

During some refactoring this seems to be overlooked.
This variable gets filled but isn't used at all afterwards.

Fixes #4105

* Check some `.git` paths to force a rebuild

When a checked-out repo switches to a specific tag, and that tag does
not have anything else changed in the files except the tag, it could
happen that the build process doesn't see any changes, while it could be
that the version string needs to be different.

This commit ensures that if some specific paths are changed within the
.git directory, cargo will be triggered to rebuild.

Fixes #4087

* Do not delete dir on file delete

Previously during a `delete_file` check we also tried to delete the
parent directory and ignored all errors, like not being empty for
example.

Since this function is called `delete_file` and does not mention
anything in regards to a directory i have removed that code and it will
now only delete the file and leave the rest as-is.

If this somehow is still needed or wanted, which i do not think we want,
then we should create a new function.

Fixes #4081

* Fix healthcheck when using an ENV file

If someone is using a `.env` file or configured the `ENV_FILE` variable
to use that as it's configuration, this was missed by the healthcheck.

So, `DOMAIN` and `ROCKET_TLS` were not seen, and not used in these cases.

This commit fixes this by checking for this file and if it exists, then
it will load those variables first.

Fixes #4112

* Add missing route

While there was a function and a derive, this endpoint wasn't part of
the routes. Since Bitwarden does have this endpoint ill add the route
instead of deleting it.

Fixes #4076
Fixes #4144

* Update crates to update the openssl crate

Because of a bug in the openssl-sys crate we pinned the version to an
older version. This issue has been fixed and was released 2 days ago.

This commit updates the openssl crates including others.
This should also fix the issues with building Vaultwarden using newer
versions of LibreSSL.

Fixes #4051
2023-12-09 01:21:14 +01:00
..
bake.sh Container building changes (#3958) 2023-10-23 00:18:38 +02:00
bake_env.sh Container building changes (#3958) 2023-10-23 00:18:38 +02:00
docker-bake.hcl Update crates (#4074) 2023-11-15 10:41:14 +01:00
Dockerfile.alpine Update Rust, Crates, Profile and Actions (#4126) 2023-12-04 20:26:11 +01:00
Dockerfile.debian Update Rust, Crates, Profile and Actions (#4126) 2023-12-04 20:26:11 +01:00
Dockerfile.j2 Container building changes (#3958) 2023-10-23 00:18:38 +02:00
DockerSettings.yaml Update Rust, Crates, Profile and Actions (#4126) 2023-12-04 20:26:11 +01:00
healthcheck.sh Several small fixes for open issues (#4143) 2023-12-09 01:21:14 +01:00
Makefile Container building changes (#3958) 2023-10-23 00:18:38 +02:00
podman-bake.sh Container building changes (#3958) 2023-10-23 00:18:38 +02:00
README.md Container building changes (#3958) 2023-10-23 00:18:38 +02:00
render_template Container building changes (#3958) 2023-10-23 00:18:38 +02:00
start.sh Update deps and Alpine image 2022-07-31 15:45:31 +02:00

Vaultwarden Container Building

To build and release new testing and stable releases of Vaultwarden we use docker buildx bake.
This can be used locally by running the command yourself, but it is also used by GitHub Actions.

This makes it easier for us to test and maintain the different architectures we provide.
We also just have two Dockerfile's one for Debian and one for Alpine based images.
With just these two files we can build both Debian and Alpine images for the following platforms:

  • amd64 (linux/amd64)
  • arm64 (linux/arm64)
  • armv7 (linux/arm/v7)
  • armv6 (linux/arm/v6)

To build these containers you need to enable QEMU binfmt support to be able to run/emulate architectures which are different then your host.
This ensures the container build process can run binaries from other architectures.

NOTE: Run all the examples below from the root of the repo.

How to install QEMU binfmt support

This is different per host OS, but most support this in some way.

Ubuntu/Debian

apt install binfmt-support qemu-user-static

Arch Linux (others based upon it)

pacman -S qemu-user-static qemu-user-static-binfmt

Fedora

dnf install qemu-user-static

Others

There also is an option to use an other docker container to provide support for this.

# To install and activate
docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
# To unistall
docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'

Single architecture container building

You can build a container per supported architecture as long as you have QEMU binfmt support installed on your system.

# Default bake triggers a Debian build using the hosts architecture
docker buildx bake --file docker/docker-bake.hcl

# Bake Debian ARM64 using a debug build
CARGO_PROFILE=dev \
SOURCE_COMMIT="$(git rev-parse HEAD)" \
docker buildx bake --file docker/docker-bake.hcl debian-arm64

# Bake Alpine ARMv6 as a release build
SOURCE_COMMIT="$(git rev-parse HEAD)" \
docker buildx bake --file docker/docker-bake.hcl alpine-armv6

Local Multi Architecture container building

Start the initialization, this only needs to be done once.

# Create and use a new buildx builder instance which connects to the host network
docker buildx create --name vaultwarden --use --driver-opt network=host

# Validate it runs
docker buildx inspect --bootstrap

# Create a local container registry directly reachable on the localhost
docker run -d --name registry --network host registry:2

After that is done, you should be able to build and push to the local registry.
Use the following command with the modified variables to bake the Alpine images.
Replace alpine with debian if you want to build the debian multi arch images.

# Start a buildx bake using a debug build
CARGO_PROFILE=dev \
SOURCE_COMMIT="$(git rev-parse HEAD)" \
CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \
docker buildx bake --file docker/docker-bake.hcl alpine-multi

Using the bake.sh script

To make it a bit more easier to trigger a build, there also is a bake.sh script.
This script calls docker buildx bake with all the right parameters and also generates the SOURCE_COMMIT and SOURCE_VERSION variables.
This script can be called from both the repo root or within the docker directory.

So, if you want to build a Multi Arch Alpine container pushing to your localhost registry you can run this from within the docker directory. (Just make sure you executed the initialization steps above first)

CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \
./bake.sh alpine-multi

Or if you want to just build a Debian container from the repo root, you can run this.

docker/bake.sh

You can append both alpine and debian with -amd64, -arm64, -armv7 or -armv6, which will trigger a build for that specific platform.
This will also append those values to the tag so you can see the builded container when running docker images.

You can also append extra arguments after the target if you want. This can be useful for example to print what bake will use.

docker/bake.sh alpine-all --print

Testing baked images

To test these images you can run these images by using the correct tag and provide the platform.
For example, after you have build an arm64 image via ./bake.sh debian-arm64 you can run:

docker run --rm -it \
  -e DISABLE_ADMIN_TOKEN=true \
  -e I_REALLY_WANT_VOLATILE_STORAGE=true \
  -p8080:80 --platform=linux/arm64 \
  vaultwarden/server:testing-arm64

Using the podman-bake.sh script

To also make building easier using podman, there is a podman-bake.sh script.
This script calls podman buildx build with the needed parameters and the same as bake.sh, it will generate some variables automatically.
This script can be called from both the repo root or within the docker directory.

NOTE: Unlike the bake.sh script, this only supports a single CONTAINER_REGISTRIES, and a single BASE_TAGS value, no comma separated values. It also only supports building separate architectures, no Multi Arch containers.

To build an Alpine arm64 image with only sqlite support and mimalloc, run this:

DB="sqlite,enable_mimalloc" \
./podman-bake.sh alpine-arm64

Or if you want to just build a Debian container from the repo root, you can run this.

docker/podman-bake.sh

You can append extra arguments after the target if you want. This can be useful for example to disable cache like this.

./podman-bake.sh alpine-arm64 --no-cache

For the podman builds you can, just like the bake.sh script, also append the architecture to build for that specific platform.

Testing podman builded images

The command to start a podman built container is almost the same as for the docker/bake built containers. The images start with localhost/, so you need to prepend that.

podman run --rm -it \
  -e DISABLE_ADMIN_TOKEN=true \
  -e I_REALLY_WANT_VOLATILE_STORAGE=true \
  -p8080:80 --platform=linux/arm64 \
  localhost/vaultwarden/server:testing-arm64

Variables supported

Variable default description
CARGO_PROFILE null Which cargo profile to use. null means what is defined in the Dockerfile
DB null Which features to build. null means what is defined in the Dockerfile
SOURCE_REPOSITORY_URL null The source repository form where this build is triggered
SOURCE_COMMIT null The commit hash of the current commit for this build
SOURCE_VERSION null The current exact tag of this commit, else the last tag and the first 8 chars of the source commit
BASE_TAGS testing Tags to be used. Can be a comma separated value like "latest,1.29.2"
CONTAINER_REGISTRIES vaultwarden/server Comma separated value of container registries. Like ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server
VW_VERSION null To override the SOURCE_VERSION value. This is also used by the build.rs code for example