From 645bf21d54433022983dd883699103207a60941a Mon Sep 17 00:00:00 2001 From: Dessalines Date: Wed, 11 Oct 2023 11:57:05 -0400 Subject: [PATCH] Moving to debian-based docker image. Fixes #3972 (#4004) * Moving to debian-based docker image. Fixes #3972 * Fix cargo.toml format. * Try nightly rust for cargo_fmt. * Trying to fix cargo build. * Trying to fix cargo build 2. * Trying to fix federation tests. * Trying to fix federation tests 2. * Trying to fix federation tests 3. * Try to fix aarch 1. * Try to fix aarch 2. * Try to fix aarch 3. * Removing aarch * Adding tests back in. * Adding ca-certs, and debian non-root user * Commenting arm image building. * Fix platform on runner. * Version 0.19.0-beta.6 --- .woodpecker.yml | 32 +++++----- Cargo.toml | 2 + docker/Dockerfile | 160 +++++++++++++++++++++------------------------- 3 files changed, 91 insertions(+), 103 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 32fa9a9dab..ff4685ac25 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -2,7 +2,7 @@ # See https://github.com/woodpecker-ci/woodpecker/issues/1677 variables: - - &muslrust_image "clux/muslrust:1.70.0" + - &rust_image "rust:1.72.1" - &slow_check_paths - path: # rust source code @@ -57,15 +57,13 @@ steps: cargo_fmt: group: format - image: *muslrust_image + image: rustlang/rust:nightly environment: # store cargo data in repo folder so that it gets cached between steps CARGO_HOME: .cargo commands: # need make existing toolchain available - - cp -n ~/.cargo . -r - - rustup toolchain install nightly-2023-07-10 --no-self-update --profile minimal --component rustfmt - - cargo +nightly-2023-07-10 fmt -- --check + - cargo +nightly fmt -- --check restore-cache: image: meltwater/drone-cache:v1 @@ -93,7 +91,7 @@ steps: # make sure api builds with default features (used by other crates relying on lemmy api) check_api_common_default_features: - image: *muslrust_image + image: *rust_image environment: CARGO_HOME: .cargo commands: @@ -101,7 +99,7 @@ steps: when: *slow_check_paths lemmy_api_common_doesnt_depend_on_diesel: - image: *muslrust_image + image: *rust_image environment: CARGO_HOME: .cargo commands: @@ -109,7 +107,7 @@ steps: when: *slow_check_paths lemmy_api_common_works_with_wasm: - image: *muslrust_image + image: *rust_image environment: CARGO_HOME: .cargo commands: @@ -118,7 +116,7 @@ steps: when: *slow_check_paths check_defaults_hjson_updated: - image: *muslrust_image + image: *rust_image environment: CARGO_HOME: .cargo commands: @@ -149,7 +147,7 @@ steps: when: *slow_check_paths cargo_clippy: - image: *muslrust_image + image: *rust_image environment: CARGO_HOME: .cargo commands: @@ -173,17 +171,17 @@ steps: when: *slow_check_paths cargo_build: - image: *muslrust_image + image: *rust_image environment: CARGO_HOME: .cargo commands: - cargo build - - mv target/x86_64-unknown-linux-musl/debug/lemmy_server target/lemmy_server + - mv target/debug/lemmy_server target/lemmy_server when: *slow_check_paths cargo_test: group: tests - image: *muslrust_image + image: *rust_image environment: LEMMY_DATABASE_URL: postgres://lemmy:password@database:5432/lemmy RUST_BACKTRACE: "1" @@ -195,12 +193,12 @@ steps: run_federation_tests: group: tests - image: node:alpine + image: node:20-bookworm-slim environment: LEMMY_DATABASE_URL: postgres://lemmy:password@database:5432 DO_WRITE_HOSTS_FILE: "1" commands: - - apk add bash curl postgresql-client + - apt update && apt install -y bash curl postgresql-client - bash api_tests/prepare-drone-federation-test.sh - cd api_tests/ - yarn @@ -239,7 +237,9 @@ steps: settings: repo: dessalines/lemmy dockerfile: docker/Dockerfile - platforms: linux/amd64,linux/arm64 + # TODO fix arm build: see: https://woodpecker.join-lemmy.org/repos/129/pipeline/2888/20 + # platforms: linux/amd64,linux/arm64 + platforms: linux/amd64 build_args: - RUST_RELEASE_MODE=release tag: ${CI_COMMIT_TAG} diff --git a/Cargo.toml b/Cargo.toml index 5e5cc654f5..9c3fa787e6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -23,6 +23,8 @@ doctest = false [profile.release] debug = 0 lto = "thin" +strip = true # Automatically strip symbols from the binary. +opt-level = "z" # Optimize for size. # This profile significantly speeds up build time. If debug info is needed you can comment the line # out temporarily, but make sure to leave this in the main branch. diff --git a/docker/Dockerfile b/docker/Dockerfile index 9f21aaf9be..eab612598b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,54 +1,13 @@ -# -# Docker multiarch image: -# We build the Lemmy binary for amd64 and arm64 in individual stages using the blackdex/rust-musl image (github.com/blackdex/rust-musl). -# This image uses musl-cross-make (github.com/richfelker/musl-cross-make) to build a musl cross compilation toolchain for the target -# architecture. It also includes pre-built static libraries such as libpq. These libraries can improve the compile time and eliminate -# the requirement for extra dependencies in the final image. -# -# During each build stage, we use the blackdex/rust-musl openssl 3 images and configure PQ_LIB_DIR=/usr/local/musl/pq15/lib to use -# libpq v15. We also ensure the installation of the Rust toolchain corresponding to the target architecture using: -# `rustup target add $TARGET-unknown-linux-musl`. -# - -ARG RUST_VERSION=1.71.0 -ARG ALPINE_VERSION=3.18 +ARG RUST_VERSION=1.72.1 ARG CARGO_BUILD_FEATURES=default ARG RUST_RELEASE_MODE=debug -ARG UID=911 -ARG GID=911 - -# AMD64 builder base -FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:x86_64-musl-stable-${RUST_VERSION}-openssl3 AS base-amd64 - -ENV DEBIAN_FRONTEND=noninteractive -ENV CARGO_HOME=/root/.cargo -ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib - -RUN apt update && apt install -y \ - --no-install-recommends \ - git - -RUN mkdir -pv "${CARGO_HOME}" && \ - rustup set profile minimal && \ - rustup target add x86_64-unknown-linux-musl - -# ARM64 builder base -FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION}-openssl3 AS base-arm64 - -ENV DEBIAN_FRONTEND=noninteractive -ENV CARGO_HOME=/root/.cargo -ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib - -RUN apt update && apt install -y \ - --no-install-recommends \ - git - -RUN mkdir -pv "${CARGO_HOME}" && \ - rustup set profile minimal && \ - rustup target add aarch64-unknown-linux-musl +ARG AMD_BUILDER_IMAGE=rust:${RUST_VERSION} +ARG ARM_BUILDER_IMAGE=blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION}-openssl3 +ARG AMD_RUNNER_IMAGE=debian:bookworm-slim +ARG ARM_RUNNER_IMAGE=alpine:3.18 # AMD64 builder -FROM base-amd64 AS build-amd64 +FROM --platform=${BUILDPLATFORM} ${AMD_BUILDER_IMAGE} AS build-amd64 ARG CARGO_BUILD_FEATURES ARG RUST_RELEASE_MODE @@ -61,65 +20,92 @@ COPY . ./ RUN --mount=type=cache,target=/lemmy/target set -ex; \ if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ - cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \ - mv target/x86_64-unknown-linux-musl/debug/lemmy_server ./lemmy; \ + cargo build --features "${CARGO_BUILD_FEATURES}"; \ + mv target/debug/lemmy_server ./lemmy; \ fi # Release build RUN set -ex; \ if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ - cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \ - mv target/x86_64-unknown-linux-musl/release/lemmy_server ./lemmy; \ + cargo build --features "${CARGO_BUILD_FEATURES}" --release; \ + mv target/release/lemmy_server ./lemmy; \ fi # ARM64 builder -FROM base-arm64 AS build-arm64 +# TODO currently broken +# FROM --platform=${BUILDPLATFORM} ${ARM_BUILDER_IMAGE} as build-arm64 -ARG CARGO_BUILD_FEATURES -ARG RUST_RELEASE_MODE +# ENV DEBIAN_FRONTEND=noninteractive +# ENV CARGO_HOME=/root/.cargo +# ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib -WORKDIR /lemmy +# RUN apt update && apt install -y \ +# --no-install-recommends \ +# git -COPY . ./ +# RUN mkdir -pv "${CARGO_HOME}" && \ +# rustup set profile minimal && \ +# rustup target add aarch64-unknown-linux-musl -# Debug build -RUN --mount=type=cache,target=/lemmy/target set -ex; \ - if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ - echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ - cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \ - mv target/aarch64-unknown-linux-musl/debug/lemmy_server ./lemmy; \ - fi +# ARG CARGO_BUILD_FEATURES +# ARG RUST_RELEASE_MODE -# Release build -RUN set -ex; \ - if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ - echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ - cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \ - mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy; \ - fi +# WORKDIR /lemmy -# Get target binary -FROM build-${TARGETARCH} AS build +# COPY . ./ + +# # Debug build +# RUN --mount=type=cache,target=/lemmy/target set -ex; \ +# if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ +# echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ +# cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \ +# mv target/aarch64-unknown-linux-musl/debug/lemmy_server ./lemmy; \ +# fi + +# # Release build +# RUN set -ex; \ +# if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ +# echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ +# cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \ +# mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy; \ +# fi ## Final image -FROM alpine:${ALPINE_VERSION} +FROM ${AMD_RUNNER_IMAGE} -ARG UID -ARG GID +# Federation needs CA certificates +RUN apt update && apt install -y libssl-dev libpq-dev ca-certificates -RUN apk add --no-cache \ - ca-certificates - -COPY --from=build --chmod=0755 /lemmy/lemmy /usr/local/bin - -RUN addgroup -S -g ${GID} lemmy && \ - adduser -S -H -D -G lemmy -u ${UID} -g "" -s /sbin/nologin lemmy - -USER lemmy - -CMD ["lemmy"] +# Debian / Ubuntu non-root user creds +ARG UNAME=lemmy +ARG UID=1000 +ARG GID=1000 +RUN groupadd -g $GID -o $UNAME +RUN useradd -m -u $UID -g $GID -o -s /bin/bash $UNAME +USER $UNAME +COPY --from=build-amd64 /lemmy/lemmy ./ +CMD ["./lemmy"] EXPOSE 8536 +STOPSIGNAL SIGTERM + +## Arm Runner +# FROM --platform=${BUILDPLATFORM} ${ARM_RUNNER_IMAGE} + +# ARG UNAME=lemmy +# ARG UID=1000 +# ARG GID=1000 + +# RUN apk add --no-cache ca-certificates + +# COPY --from=build-arm64 --chmod=0755 /lemmy/lemmy /usr/local/bin + +# RUN addgroup -S -g ${GID} ${UNAME} && \ +# adduser -S -H -D -G ${UNAME} -u ${UID} -g "" -s /sbin/nologin ${UNAME} +# USER $UNAME + +# CMD ["lemmy"] +# EXPOSE 8536 +# STOPSIGNAL SIGTERM -STOPSIGNAL SIGTERM \ No newline at end of file