Spiegel von
https://github.com/dani-garcia/vaultwarden.git
synchronisiert 2024-11-19 04:40:28 +01:00
5633b6ac94
The bitwarden_rs code is still cross-compiled exactly as before, but Docker Buildx is used to rewrite the resulting Docker images with correct platform metadata (reflecting the target platform instead of the build platform). Buildx also now handles building and pushing the multi-arch manifest lists.
106 Zeilen
3,6 KiB
Text
106 Zeilen
3,6 KiB
Text
# This file was generated using a Jinja2 template.
|
|
# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's.
|
|
|
|
# Using multistage build:
|
|
# https://docs.docker.com/develop/develop-images/multistage-build/
|
|
# https://whitfin.io/speeding-up-rust-docker-builds/
|
|
####################### VAULT BUILD IMAGE #######################
|
|
|
|
# This hash is extracted from the docker web-vault builds and it's preferred over a simple tag because it's immutable.
|
|
# It can be viewed in multiple ways:
|
|
# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there.
|
|
# - From the console, with the following commands:
|
|
# docker pull bitwardenrs/web-vault:v2.17.1
|
|
# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.17.1
|
|
#
|
|
# - To do the opposite, and get the tag from the hash, you can do:
|
|
# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0
|
|
FROM bitwardenrs/web-vault@sha256:dcb7884dc5845b3842ff2204fe77482000b771495c6c359297ec3c03330d65e0 as vault
|
|
|
|
########################## BUILD IMAGE ##########################
|
|
FROM messense/rust-musl-cross:armv7-musleabihf as build
|
|
|
|
# Alpine-based ARM (musl) only supports sqlite during compile time.
|
|
ARG DB=sqlite
|
|
|
|
# Build time options to avoid dpkg warnings and help with reproducible builds.
|
|
ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color
|
|
|
|
# Don't download rust docs
|
|
RUN rustup set profile minimal
|
|
|
|
ENV USER "root"
|
|
ENV RUSTFLAGS='-C link-arg=-s'
|
|
|
|
# Creates a dummy project used to grab dependencies
|
|
RUN USER=root cargo new --bin /app
|
|
WORKDIR /app
|
|
|
|
# Copies over *only* your manifests and build files
|
|
COPY ./Cargo.* ./
|
|
COPY ./rust-toolchain ./rust-toolchain
|
|
COPY ./build.rs ./build.rs
|
|
|
|
RUN rustup target add armv7-unknown-linux-musleabihf
|
|
|
|
# Builds your dependencies and removes the
|
|
# dummy project, except the target folder
|
|
# This folder contains the compiled dependencies
|
|
RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
|
|
RUN find . -not -path "./target*" -delete
|
|
|
|
# Copies the complete project
|
|
# To avoid copying unneeded files, use .dockerignore
|
|
COPY . .
|
|
|
|
# Make sure that we actually build the project
|
|
RUN touch src/main.rs
|
|
|
|
# Builds again, this time it'll just be
|
|
# your actual source files being built
|
|
RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
|
|
RUN musl-strip target/armv7-unknown-linux-musleabihf/release/bitwarden_rs
|
|
|
|
######################## RUNTIME IMAGE ########################
|
|
# Create a new stage with a minimal image
|
|
# because we already have a binary built
|
|
FROM balenalib/armv7hf-alpine:3.12
|
|
|
|
ENV ROCKET_ENV "staging"
|
|
ENV ROCKET_PORT=80
|
|
ENV ROCKET_WORKERS=10
|
|
ENV SSL_CERT_DIR=/etc/ssl/certs
|
|
|
|
RUN [ "cross-build-start" ]
|
|
|
|
# Install needed libraries
|
|
RUN apk add --no-cache \
|
|
openssl \
|
|
curl \
|
|
sqlite \
|
|
ca-certificates
|
|
RUN apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/community catatonit
|
|
|
|
RUN mkdir /data
|
|
|
|
RUN [ "cross-build-end" ]
|
|
|
|
VOLUME /data
|
|
EXPOSE 80
|
|
EXPOSE 3012
|
|
|
|
# Copies the files from the context (Rocket.toml file and web-vault)
|
|
# and the binary from the "build" stage to the current stage
|
|
COPY Rocket.toml .
|
|
COPY --from=vault /web-vault ./web-vault
|
|
COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/bitwarden_rs .
|
|
|
|
COPY docker/healthcheck.sh /healthcheck.sh
|
|
COPY docker/start.sh /start.sh
|
|
|
|
HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
|
|
|
|
# Configures the startup!
|
|
WORKDIR /
|
|
CMD ["catatonit", "/start.sh"]
|
|
|