diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9cb7143bb3b..382194657ae 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -12,6 +12,7 @@ on: - "rustfmt.toml" - "diesel.toml" - "docker/Dockerfile.j2" + - "docker/DockerSettings.yaml" pull_request: paths: - ".github/workflows/build.yml" @@ -23,6 +24,7 @@ on: - "rustfmt.toml" - "diesel.toml" - "docker/Dockerfile.j2" + - "docker/DockerSettings.yaml" jobs: build: diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml index 5446700c861..5c47566522a 100644 --- a/.github/workflows/hadolint.yml +++ b/.github/workflows/hadolint.yml @@ -16,7 +16,6 @@ jobs: uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 # End Checkout the repo - # Download hadolint - https://github.com/hadolint/hadolint/releases - name: Download hadolint shell: bash @@ -30,5 +29,5 @@ jobs: # Test Dockerfiles - name: Run hadolint shell: bash - run: git ls-files --exclude='docker/*/Dockerfile*' --ignored --cached | xargs hadolint + run: hadolint docker/Dockerfile.{debian,alpine} # End Test Dockerfiles diff --git a/.hadolint.yaml b/.hadolint.yaml index e7387659d56..a4e08cd6e85 100644 --- a/.hadolint.yaml +++ b/.hadolint.yaml @@ -1,10 +1,12 @@ ignored: + # To prevent issues and make clear some images only work on linux/amd64, we ignore this + - DL3029 # disable explicit version for apt install - DL3008 # disable explicit version for apk install - DL3018 - # disable check for consecutive `RUN` instructions - - DL3059 + # Ignore shellcheck info message + - SC1091 trustedRegistries: - docker.io - ghcr.io diff --git a/Cargo.lock b/Cargo.lock index ba38b97102e..89a51247836 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,11 +17,22 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +[[package]] +name = "ahash" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +dependencies = [ + "cfg-if", + "once_cell", + "version_check", +] + [[package]] name = "aho-corasick" -version = "1.0.5" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c378d78423fdad8089616f827526ee33c19f2fddbd5de1629152c9593ba4783" +checksum = "ea5d730647d4fadd988536d06fecce94b7b4f2a7efdae548f1cf4b63205518ab" dependencies = [ "memchr", ] @@ -41,6 +52,12 @@ dependencies = [ "alloc-no-stdlib", ] +[[package]] +name = "allocator-api2" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5" + [[package]] name = "android-tzdata" version = "0.1.1" @@ -58,9 +75,9 @@ dependencies = [ [[package]] name = "argon2" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2e554a8638bdc1e4eae9984845306cc95f8a9208ba8d49c3859fd958b46774d" +checksum = "17ba4cac0a46bc1d2912652a751c47f2a9f3a7fe89bcae2275d418f5270402f9" dependencies = [ "base64ct", "blake2", @@ -81,9 +98,9 @@ dependencies = [ [[package]] name = "async-compression" -version = "0.4.2" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d495b6dc0184693324491a5ac05f559acc97bf937ab31d7a1c33dd0016be6d2b" +checksum = "bb42b2197bf15ccb092b62c74515dbd8b86d0effd934795f6687c93b6e679a2c" dependencies = [ "brotli", "flate2", @@ -95,14 +112,14 @@ dependencies = [ [[package]] name = "async-executor" -version = "1.5.1" +version = "1.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fa3dc5f2a8564f07759c008b9109dc0d39de92a88d5588b8a5036d286383afb" +checksum = "2c1da3ae8dabd9c00f453a329dfe1fb28da3c0a72e2478cdcd93171740c20499" dependencies = [ "async-lock", "async-task", "concurrent-queue", - "fastrand 1.9.0", + "fastrand 2.0.1", "futures-lite", "slab", ] @@ -136,7 +153,7 @@ dependencies = [ "log", "parking", "polling", - "rustix 0.37.23", + "rustix 0.37.24", "slab", "socket2 0.4.9", "waker-fn", @@ -164,7 +181,7 @@ dependencies = [ "cfg-if", "event-listener", "futures-lite", - "rustix 0.37.23", + "rustix 0.37.24", "signal-hook", "windows-sys", ] @@ -215,14 +232,14 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "async-task" -version = "4.4.0" +version = "4.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecc7ab41815b3c653ccd2978ec3255c81349336702dfdf62ee6f7069b12a3aae" +checksum = "b9441c6b2fe128a7c2bf680a44c34d0df31ce09e5b7e401fcca3faa483dbc921" [[package]] name = "async-trait" @@ -232,7 +249,7 @@ checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -241,11 +258,20 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c59bdb34bc650a32731b31bd8f0829cc15d24a708ee31559e0bb34f2bc320cba" +[[package]] +name = "atomic" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d818003e740b63afc82337e3160717f4f63078720a810b7b903e70a5d1d2994" +dependencies = [ + "bytemuck", +] + [[package]] name = "atomic-waker" -version = "1.1.1" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1181e1e0d1fce796a03db1ae795d67167da795f9cf4a39c37589e85ef57f26d3" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] name = "autocfg" @@ -276,9 +302,9 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "base64" -version = "0.21.3" +version = "0.21.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414dcefbc63d77c526a76b3afcf6fbb9b5e2791c19c3aa2297733208750c6e53" +checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2" [[package]] name = "base64ct" @@ -324,24 +350,25 @@ dependencies = [ [[package]] name = "blocking" -version = "1.3.1" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77231a1c8f801696fc0123ec6150ce92cffb8e164a02afb9c8ddee0e9b65ad65" +checksum = "94c4ef1f913d78636d78d538eec1f18de81e481f44b1be0a81060090530846e1" dependencies = [ "async-channel", "async-lock", "async-task", - "atomic-waker", - "fastrand 1.9.0", + "fastrand 2.0.1", + "futures-io", "futures-lite", - "log", + "piper", + "tracing", ] [[package]] name = "brotli" -version = "3.3.4" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1a0b1dbcc8ae29329621f8d4f0d835787c1c38bb1401979b49d13b0b305ff68" +checksum = "516074a47ef4bce09577a3b379392300159ce5b1ba2e501ff1c819950066100f" dependencies = [ "alloc-no-stdlib", "alloc-stdlib", @@ -350,9 +377,9 @@ dependencies = [ [[package]] name = "brotli-decompressor" -version = "2.3.4" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b6561fd3f895a11e8f72af2cb7d22e08366bebc2b6b57f7744c4bda27034744" +checksum = "da74e2b81409b1b743f8f0c62cc6254afefb8b8e50bbfe3735550f7aeefa3448" dependencies = [ "alloc-no-stdlib", "alloc-stdlib", @@ -360,9 +387,15 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.13.0" +version = "3.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" + +[[package]] +name = "bytemuck" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" +checksum = "374d28ec25809ee0e23827c2ab573d729e293f281dfe393500e7ad618baa61c6" [[package]] name = "byteorder" @@ -372,21 +405,22 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "bytes" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" +checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" [[package]] name = "cached" -version = "0.44.0" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b195e4fbc4b6862bbd065b991a34750399c119797efff72492f28a5864de8700" +checksum = "8cead8ece0da6b744b2ad8ef9c58a4cdc7ef2921e60a6ddfb9eaaa86839b5fc5" dependencies = [ + "ahash", "async-trait", "cached_proc_macro", "cached_proc_macro_types", "futures", - "hashbrown 0.13.2", + "hashbrown 0.14.1", "instant", "once_cell", "thiserror", @@ -395,11 +429,10 @@ dependencies = [ [[package]] name = "cached_proc_macro" -version = "0.17.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b48814962d2fd604c50d2b9433c2a41a0ab567779ee2c02f7fba6eca1221f082" +checksum = "7da8245dd5f576a41c3b76247b54c15b0e43139ceeb4f732033e15be7c005176" dependencies = [ - "cached_proc_macro_types", "darling", "proc-macro2", "quote", @@ -429,9 +462,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.28" +version = "0.4.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95ed24df0632f708f5f6d8082675bef2596f7084dee3dd55f632290bf35bfe0f" +checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38" dependencies = [ "android-tzdata", "iana-time-zone", @@ -464,9 +497,9 @@ dependencies = [ [[package]] name = "concurrent-queue" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62ec6771ecfa0762d24683ee5a32ad78487a3d3afdc0fb8cae19d2c5deb50b7c" +checksum = "f057a694a54f12365049b0958a1685bb52d567f5593b355fbf685838e873d400" dependencies = [ "crossbeam-utils", ] @@ -633,7 +666,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" dependencies = [ "cfg-if", - "hashbrown 0.14.0", + "hashbrown 0.14.1", "lock_api", "once_cell", "parking_lot_core", @@ -687,14 +720,14 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "diesel" -version = "2.1.1" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d98235fdc2f355d330a8244184ab6b4b33c28679c0b4158f63138e51d6cf7e88" +checksum = "53c8a2cb22327206568569e5a45bb5a2c946455efdd76e24d15b7e82171af95e" dependencies = [ "bitflags 2.4.0", "byteorder", @@ -712,14 +745,14 @@ dependencies = [ [[package]] name = "diesel_derives" -version = "2.1.1" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e054665eaf6d97d1e7125512bb2d35d07c73ac86cc6920174cb42d1ab697a554" +checksum = "ef8337737574f55a468005a83499da720f20c65586241ffea339db9ecdfd2b44" dependencies = [ "diesel_table_macro_syntax", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -749,7 +782,7 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc5557efc453706fed5e4fa85006fe9817c224c3f480a34c7e5959fd700921c5" dependencies = [ - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -781,7 +814,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dbfb21b9878cf7a348dcb8559109aabc0ec40d69924bd706fa5149846c4fef75" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", "memchr", ] @@ -805,14 +838,14 @@ dependencies = [ [[package]] name = "enum-as-inner" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116" +checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a" dependencies = [ "heck", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.37", ] [[package]] @@ -823,9 +856,9 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.3" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +checksum = "add4f07d43996f76ef320709726a556a9d4f965d9410d8d0271132d2f8293480" dependencies = [ "errno-dragonfly", "libc", @@ -868,9 +901,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764" +checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" [[package]] name = "fern" @@ -884,14 +917,14 @@ dependencies = [ [[package]] name = "figment" -version = "0.10.10" +version = "0.10.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4547e226f4c9ab860571e070a9034192b3175580ecea38da34fcdb53a018c9a5" +checksum = "a014ac935975a70ad13a3bff2463b1c1b083b35ae4cb6309cfc59476aa7a181f" dependencies = [ - "atomic", + "atomic 0.6.0", "pear", "serde", - "toml", + "toml 0.8.2", "uncased", "version_check", ] @@ -1007,7 +1040,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -1149,9 +1182,9 @@ checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" [[package]] name = "handlebars" -version = "4.3.7" +version = "4.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83c3372087601b532857d332f5957cbae686da52bb7810bf038c3e3c3cc2fa0d" +checksum = "c39b3bc2a8f715298032cf5087e58573809374b08160aa7d750582bdb82d2683" dependencies = [ "log", "pest", @@ -1170,15 +1203,13 @@ checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" [[package]] name = "hashbrown" -version = "0.13.2" +version = "0.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" - -[[package]] -name = "hashbrown" -version = "0.14.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c6201b9ff9fd90a5a3bac2e56a830d0caa509576f0e503818ee82c181b3437a" +checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" +dependencies = [ + "ahash", + "allocator-api2", +] [[package]] name = "heck" @@ -1188,9 +1219,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" +checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" [[package]] name = "hmac" @@ -1201,6 +1232,15 @@ dependencies = [ "digest", ] +[[package]] +name = "home" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +dependencies = [ + "windows-sys", +] + [[package]] name = "hostname" version = "0.3.1" @@ -1365,12 +1405,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.0.0" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d" +checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" dependencies = [ "equivalent", - "hashbrown 0.14.0", + "hashbrown 0.14.1", ] [[package]] @@ -1405,7 +1445,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ - "socket2 0.5.3", + "socket2 0.5.4", "widestring", "windows-sys", "winreg", @@ -1424,7 +1464,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix 0.38.11", + "rustix 0.38.17", "windows-sys", ] @@ -1466,7 +1506,7 @@ version = "8.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", "pem", "ring", "serde", @@ -1497,7 +1537,7 @@ checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d" dependencies = [ "async-std", "async-trait", - "base64 0.21.3", + "base64 0.21.4", "email-encoding", "email_address", "fastrand 1.9.0", @@ -1520,15 +1560,15 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.147" +version = "0.2.148" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" +checksum = "9cdc71e17332e86d2e1d38c1f99edcb6288ee11b815fb1a4b049eaa2114d369b" [[package]] name = "libmimalloc-sys" -version = "0.1.34" +version = "0.1.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25d058a81af0d1c22d7a1c948576bee6d673f7af3c0f35564abd6c81122f513d" +checksum = "3979b5c37ece694f1f5e51e7ecc871fdb0f517ed04ee45f88d15d6d553cb9664" dependencies = [ "cc", "libc", @@ -1559,9 +1599,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.5" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503" +checksum = "3852614a3bd9ca9804678ba6be5e3b8ce76dfc902cae004e3e0c44051b6e88db" [[package]] name = "lock_api" @@ -1638,9 +1678,9 @@ checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" [[package]] name = "memchr" -version = "2.6.2" +version = "2.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5486aed0026218e61b8a01d5fbd5a0a134649abb71a0e53b7bc088529dced86e" +checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" [[package]] name = "migrations_internals" @@ -1649,7 +1689,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0f23f71580015254b020e856feac3df5878c2c7a8812297edd6c0a485ac9dada" dependencies = [ "serde", - "toml", + "toml 0.7.8", ] [[package]] @@ -1665,9 +1705,9 @@ dependencies = [ [[package]] name = "mimalloc" -version = "0.1.38" +version = "0.1.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "972e5f23f6716f62665760b0f4cbf592576a80c7b879ba9beaafc0e558894127" +checksum = "fa01922b5ea280a911e323e4d2fd24b7fe5cc4042e0d2cda3c40775cdc4bdc9c" dependencies = [ "libmimalloc-sys", ] @@ -1803,7 +1843,7 @@ checksum = "9e6a0fd4f737c707bd9086cc16c925f294943eb62eb71499e9fd4cf71f8b9f4e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -1846,9 +1886,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.0" +version = "0.32.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77ac5bbd07aea88c60a577a1ce218075ffd59208b2d7ca97adf9bfc5aeb21ebe" +checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" dependencies = [ "memchr", ] @@ -1882,7 +1922,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -1893,9 +1933,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-src" -version = "111.27.0+1.1.1v" +version = "111.28.0+1.1.1w" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06e8f197c82d7511c5b014030c9b1efeda40d7d5f99d23b4ceed3524a5e63f02" +checksum = "3ce95ee1f6f999dfb95b8afd43ebe442758ea2104d1ccb99a94c30db22ae701f" dependencies = [ "cc", ] @@ -1921,9 +1961,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "parking" -version = "2.1.0" +version = "2.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14f2252c834a40ed9bb5422029649578e63aa341ac401f74e719dd1afda8394e" +checksum = "e52c774a4c39359c1d1c52e43f73dd91a75a614652c825408eec30c95a9b2067" [[package]] name = "parking_lot" @@ -1994,7 +2034,7 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -2014,9 +2054,9 @@ checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" [[package]] name = "pest" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7a4d085fd991ac8d5b05a147b437791b4260b76326baf0fc60cf7c9c27ecd33" +checksum = "c022f1e7b65d6a24c0dbbd5fb344c66881bc01f3e5ae74a1c8100f2f985d98a4" dependencies = [ "memchr", "thiserror", @@ -2025,9 +2065,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bee7be22ce7918f641a33f08e3f43388c7656772244e2bbb2477f44cc9021a" +checksum = "35513f630d46400a977c4cb58f78e1bfbe01434316e60c37d27b9ad6139c66d8" dependencies = [ "pest", "pest_generator", @@ -2035,22 +2075,22 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1511785c5e98d79a05e8a6bc34b4ac2168a0e3e92161862030ad84daa223141" +checksum = "bc9fc1b9e7057baba189b5c626e2d6f40681ae5b6eb064dc7c7834101ec8123a" dependencies = [ "pest", "pest_meta", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "pest_meta" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b42f0394d3123e33353ca5e1e89092e533d2cc490389f2bd6131c43c634ebc5f" +checksum = "1df74e9e7ec4053ceb980e7c0c8bd3594e977fde1af91daba9c928e8e8c6708d" dependencies = [ "once_cell", "pest", @@ -2113,6 +2153,17 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "piper" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4" +dependencies = [ + "atomic-waker", + "fastrand 2.0.1", + "futures-io", +] + [[package]] name = "pkg-config" version = "0.3.27" @@ -2152,9 +2203,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.66" +version = "1.0.67" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +checksum = "3d433d9f1a3e8c1263d9456598b16fec66f4acc9a74dacffd35c7bb09b3a1328" dependencies = [ "unicode-ident", ] @@ -2167,7 +2218,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", "version_check", "yansi 1.0.0-rc.1", ] @@ -2301,18 +2352,18 @@ checksum = "7f7473c2cfcf90008193dd0e3e16599455cb601a9fce322b5bb55de799664925" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "regex" -version = "1.9.4" +version = "1.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12de2eff854e5fa4b1295edd650e227e9d8fb0c9e90b12e7f36d6a6811791a29" +checksum = "ebee201405406dbf528b8b672104ae6d6d63e6d118cb10e4d51abbc7b58044ff" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.3.7", + "regex-automata 0.3.9", "regex-syntax 0.7.5", ] @@ -2327,9 +2378,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.7" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49530408a136e16e5b486e883fbb6ba058e8e4e8ae6621a77b048b314336e629" +checksum = "59b23e92ee4318893fa3fe3e6fb365258efbfe6ac6ab30f090cdcbb7aa37efa9" dependencies = [ "aho-corasick", "memchr", @@ -2350,12 +2401,12 @@ checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" [[package]] name = "reqwest" -version = "0.11.20" +version = "0.11.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e9ad3fe7488d7e34558a2033d45a0c90b72d97b4f80705666fea71472e2e6a1" +checksum = "046cd98826c46c2ac8ddecae268eb5c2e58628688a5fc7a2643704a73faba95b" dependencies = [ "async-compression", - "base64 0.21.3", + "base64 0.21.4", "bytes", "cookie 0.16.2", "cookie_store 0.16.2", @@ -2378,6 +2429,7 @@ dependencies = [ "serde", "serde_json", "serde_urlencoded", + "system-configuration", "tokio", "tokio-native-tls", "tokio-socks", @@ -2445,7 +2497,7 @@ source = "git+https://github.com/SergioBenitez/Rocket?rev=ce441b5f46fdf5cd99cb32 dependencies = [ "async-stream", "async-trait", - "atomic", + "atomic 0.5.3", "binascii", "bytes", "either", @@ -2487,7 +2539,7 @@ dependencies = [ "proc-macro2", "quote", "rocket_http", - "syn 2.0.29", + "syn 2.0.37", "unicode-xid", ] @@ -2558,9 +2610,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustix" -version = "0.37.23" +version = "0.37.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d69718bf81c6127a49dc64e44a742e8bb9213c0ff8869a22c308f84c1d4ab06" +checksum = "4279d76516df406a8bd37e7dff53fd37d1a093f997a3c34a5c21658c126db06d" dependencies = [ "bitflags 1.3.2", "errno", @@ -2572,14 +2624,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.11" +version = "0.38.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0c3dde1fc030af041adc40e79c0e7fbcf431dd24870053d187d7c66e4b87453" +checksum = "f25469e9ae0f3d0047ca8b93fc56843f38e6774f0914a107ff8b41be8be8e0b7" dependencies = [ "bitflags 2.4.0", "errno", "libc", - "linux-raw-sys 0.4.5", + "linux-raw-sys 0.4.8", "windows-sys", ] @@ -2601,14 +2653,14 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", ] [[package]] name = "rustls-webpki" -version = "0.101.4" +version = "0.101.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" +checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" dependencies = [ "ring", "untrusted", @@ -2700,9 +2752,9 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.18" +version = "1.0.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918" +checksum = "ad977052201c6de01a8ef2aa3378c4bd23217a056337d1d6da40468d267a4fb0" [[package]] name = "serde" @@ -2731,14 +2783,14 @@ checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] name = "serde_json" -version = "1.0.105" +version = "1.0.107" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "693151e1ac27563d6dbcec9dee9fbd5da8539b20fa14ad3752b2e6d363ace360" +checksum = "6b420ce6e3d8bd882e9b243c6eed35dbc9a6110c9769e74b584e0d68d1f20c65" dependencies = [ "itoa", "ryu", @@ -2779,9 +2831,9 @@ dependencies = [ [[package]] name = "sha1" -version = "0.10.5" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures", @@ -2790,9 +2842,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.7" +version = "0.10.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", @@ -2801,9 +2853,9 @@ dependencies = [ [[package]] name = "sharded-slab" -version = "0.1.4" +version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" dependencies = [ "lazy_static", ] @@ -2856,9 +2908,9 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.0" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" +checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" [[package]] name = "socket2" @@ -2872,9 +2924,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.5.3" +version = "0.5.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2538b18701741680e0322a2302176d3253a35388e2e62f172f64f4f16605f877" +checksum = "4031e820eb552adee9295814c0ced9e5cf38ddf1e8b7d566d6de8e2538ea989e" dependencies = [ "libc", "windows-sys", @@ -2935,9 +2987,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.29" +version = "2.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c324c494eba9d92503e6f1ef2e6df781e78f6a7705a0202d9801b198807d518a" +checksum = "7303ef2c05cd654186cb250d29049a24840ca25d2747c25c0381c8d9e2f582e8" dependencies = [ "proc-macro2", "quote", @@ -2957,6 +3009,27 @@ dependencies = [ "time", ] +[[package]] +name = "system-configuration" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" +dependencies = [ + "bitflags 1.3.2", + "core-foundation", + "system-configuration-sys", +] + +[[package]] +name = "system-configuration-sys" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "tempfile" version = "3.8.0" @@ -2964,30 +3037,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef" dependencies = [ "cfg-if", - "fastrand 2.0.0", + "fastrand 2.0.1", "redox_syscall", - "rustix 0.38.11", + "rustix 0.38.17", "windows-sys", ] [[package]] name = "thiserror" -version = "1.0.47" +version = "1.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97a802ec30afc17eee47b2855fc72e0c4cd62be9b4efe6591edde0ec5bd68d8f" +checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.47" +version = "1.0.49" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bb623b56e39ab7dcd4b1b98bb6c8f8d907ed255b18de254088016b27a8ee19b" +checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -3011,9 +3084,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.28" +version = "0.3.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17f6bb557fd245c28e6411aa56b6403c689ad95061f50e4be16c274e70a17e48" +checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe" dependencies = [ "deranged", "itoa", @@ -3026,15 +3099,15 @@ dependencies = [ [[package]] name = "time-core" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" +checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a942f44339478ef67935ab2bbaec2fb0322496cf3cbe84b261e06ac3814c572" +checksum = "4ad70d68dba9e1f8aceda7aa6711965dfec1cac869f311a51bd08b3a2ccbce20" dependencies = [ "time-core", ] @@ -3068,7 +3141,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.3", + "socket2 0.5.4", "tokio-macros", "windows-sys", ] @@ -3081,7 +3154,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -3141,9 +3214,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.8" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "806fe8c2c87eccc8b3267cbae29ed3ab2d0bd37fca70ab622e46aaa9375ddb7d" +checksum = "1d68074620f57a0b21594d9735eb2e98ab38b17f80d3fcb189fca266771ca60d" dependencies = [ "bytes", "futures-core", @@ -3155,14 +3228,26 @@ dependencies = [ [[package]] name = "toml" -version = "0.7.6" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd79e69d3b627db300ff956027cc6c3798cef26d22526befdfcd12feeb6d2257" +dependencies = [ + "serde", + "serde_spanned", + "toml_datetime", + "toml_edit 0.19.15", +] + +[[package]] +name = "toml" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542" +checksum = "185d8ab0dfbb35cf1399a6344d8484209c088f75f8f68230da55d48d95d43e3d" dependencies = [ "serde", "serde_spanned", "toml_datetime", - "toml_edit", + "toml_edit 0.20.2", ] [[package]] @@ -3176,11 +3261,24 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.19.14" +version = "0.19.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" +dependencies = [ + "indexmap 2.0.2", + "serde", + "serde_spanned", + "toml_datetime", + "winnow", +] + +[[package]] +name = "toml_edit" +version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8123f27e969974a3dfba720fdb560be359f57b44302d280ba72e76a74480e8a" +checksum = "396e4d48bbb2b7554c944bde63101b5ae446cff6ec4a24227428f15eb72ef338" dependencies = [ - "indexmap 2.0.0", + "indexmap 2.0.2", "serde", "serde_spanned", "toml_datetime", @@ -3226,7 +3324,7 @@ checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", ] [[package]] @@ -3270,9 +3368,9 @@ dependencies = [ [[package]] name = "trust-dns-proto" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f7f83d1e4a0e4358ac54c5c3681e5d7da5efc5a7a632c90bb6d6669ddd9bc26" +checksum = "0dc775440033cb114085f6f2437682b194fa7546466024b1037e82a48a052a69" dependencies = [ "async-trait", "cfg-if", @@ -3281,9 +3379,9 @@ dependencies = [ "futures-channel", "futures-io", "futures-util", - "idna 0.2.3", + "idna 0.4.0", "ipnet", - "lazy_static", + "once_cell", "rand", "smallvec", "thiserror", @@ -3295,16 +3393,17 @@ dependencies = [ [[package]] name = "trust-dns-resolver" -version = "0.22.0" +version = "0.23.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aff21aa4dcefb0a1afbfac26deb0adc93888c7d295fb63ab273ef276ba2b7cfe" +checksum = "2dff7aed33ef3e8bf2c9966fccdfed93f93d46f432282ea875cd66faabc6ef2f" dependencies = [ "cfg-if", "futures-util", "ipconfig", - "lazy_static", "lru-cache", + "once_cell", "parking_lot", + "rand", "resolv-conf", "smallvec", "thiserror", @@ -3340,15 +3439,15 @@ dependencies = [ [[package]] name = "typenum" -version = "1.16.0" +version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "ubyte" -version = "0.10.3" +version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c81f0dae7d286ad0d9366d7679a77934cfc3cf3a8d67e82669794412b2368fe6" +checksum = "f720def6ce1ee2fc44d40ac9ed6d3a59c361c80a75a7aa8e75bb9baed31cf2ea" dependencies = [ "serde", ] @@ -3377,9 +3476,9 @@ checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" [[package]] name = "unicode-ident" -version = "1.0.11" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-normalization" @@ -3475,6 +3574,7 @@ dependencies = [ "num-traits", "once_cell", "openssl", + "openssl-sys", "paste", "percent-encoding", "pico-args", @@ -3516,15 +3616,15 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "waker-fn" -version = "1.1.0" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca" +checksum = "f3c4517f54858c779bbcbf228f4fca63d121bf85fbecb2dc578cdf4a39395690" [[package]] name = "walkdir" -version = "2.3.3" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698" +checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" dependencies = [ "same-file", "winapi-util", @@ -3566,7 +3666,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", "wasm-bindgen-shared", ] @@ -3600,7 +3700,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.37", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3655,13 +3755,14 @@ dependencies = [ [[package]] name = "which" -version = "4.4.0" +version = "4.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" dependencies = [ "either", - "libc", + "home", "once_cell", + "rustix 0.38.17", ] [[package]] @@ -3688,9 +3789,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" dependencies = [ "winapi", ] diff --git a/Cargo.toml b/Cargo.toml index 309b379a541..9cfc7145a0d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -72,10 +72,10 @@ tokio = { version = "1.32.0", features = ["rt-multi-thread", "fs", "io-util", "p # A generic serialization/deserialization framework serde = { version = "1.0.188", features = ["derive"] } -serde_json = "1.0.105" +serde_json = "1.0.107" # A safe, extensible ORM and Query builder -diesel = { version = "2.1.1", features = ["chrono", "r2d2"] } +diesel = { version = "2.1.2", features = ["chrono", "r2d2"] } diesel_migrations = "2.1.0" diesel_logger = { version = "0.3.0", optional = true } @@ -90,9 +90,9 @@ ring = "0.16.20" uuid = { version = "1.4.1", features = ["v4"] } # Date and time libraries -chrono = { version = "0.4.28", features = ["clock", "serde"], default-features = false } +chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false } chrono-tz = "0.8.3" -time = "0.3.28" +time = "0.3.29" # Job scheduler job_scheduler_ng = "2.0.4" @@ -121,19 +121,19 @@ percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails email_address = "0.2.4" # HTML Template library -handlebars = { version = "4.3.7", features = ["dir_source"] } +handlebars = { version = "4.4.0", features = ["dir_source"] } # HTTP client (Used for favicons, version check, DUO and HIBP API) -reqwest = { version = "0.11.20", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] } +reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] } # Favicon extraction libraries html5gum = "0.5.7" -regex = { version = "1.9.4", features = ["std", "perf", "unicode-perl"], default-features = false } +regex = { version = "1.9.6", features = ["std", "perf", "unicode-perl"], default-features = false } data-url = "0.3.0" -bytes = "1.4.0" +bytes = "1.5.0" # Cache function results (Used for version check and favicon fetching) -cached = "0.44.0" +cached = { version = "0.46.0", features = ["async"] } # Used for custom short lived cookie jar during favicon extraction cookie = "0.16.2" @@ -150,34 +150,41 @@ paste = "1.0.14" governor = "0.6.0" # Check client versions for specific features. -semver = "1.0.18" +semver = "1.0.19" # Allow overriding the default memory allocator # Mainly used for the musl builds, since the default musl malloc is very slow -mimalloc = { version = "0.1.38", features = ["secure"], default-features = false, optional = true } -which = "4.4.0" +mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true } +which = "4.4.2" # Argon2 library with support for the PHC format -argon2 = "0.5.1" +argon2 = "0.5.2" # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN rpassword = "7.2.0" +# Set openssl-sys fixed to v0.9.92 to prevent building issues with musl, arm and 32bit pointer width +# It will force add a dynamically linked library which prevents the build from being static +openssl-sys = "=0.9.92" + + [patch.crates-io] rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch # rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch + # Strip debuginfo from the release builds # Also enable thin LTO for some optimizations [profile.release] strip = "debuginfo" lto = "thin" -# Always build argon2 using opt-level 3 -# This is a huge speed improvement during testing -[profile.dev.package.argon2] -opt-level = 3 # A little bit of a speedup [profile.dev] split-debuginfo = "unpacked" + +# Always build argon2 using opt-level 3 +# This is a huge speed improvement during testing +[profile.dev.package.argon2] +opt-level = 3 diff --git a/docker/DockerSettings.yaml b/docker/DockerSettings.yaml new file mode 100644 index 00000000000..b0be283f74d --- /dev/null +++ b/docker/DockerSettings.yaml @@ -0,0 +1,25 @@ +--- +vault_version: "v2023.8.2" +vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" # v2023.8.2 +rust_version: 1.72.1 # Rust version to be used +debian_version: bookworm # Debian release name to be used +alpine_version: 3.18 # Alpine version to be used +# For which platforms/architectures will we try to build images +platforms: ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] +# Determine the build images per OS/Arch +build_stage_image: + debian: + image: "docker.io/library/rust:{{rust_version}}-slim-{{debian_version}}" + platform: "$BUILDPLATFORM" + alpine: + image: "build_${TARGETARCH}${TARGETVARIANT}" + platform: "linux/amd64" # The Alpine build images only have linux/amd64 images + arch_image: + amd64: "ghcr.io/blackdex/rust-musl:x86_64-musl-stable-{{rust_version}}" + arm64: "ghcr.io/blackdex/rust-musl:aarch64-musl-stable-{{rust_version}}" + armv7: "ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-{{rust_version}}" + armv6: "ghcr.io/blackdex/rust-musl:arm-musleabi-stable-{{rust_version}}" +# The final image which will be used to distribute the container images +runtime_stage_image: + debian: "docker.io/library/debian:{{debian_version}}-slim" + alpine: "docker.io/library/alpine:{{alpine_version}}" diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine new file mode 100644 index 00000000000..f9307e8928f --- /dev/null +++ b/docker/Dockerfile.alpine @@ -0,0 +1,156 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ + +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 +# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 +# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 +# [docker.io/vaultwarden/web-vault:v2023.8.2] +# +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault + +########################## ALPINE BUILD IMAGES ########################## +## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 +## And for Alpine we define all build images here, they will only be loaded when actually used +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.72.1 as build_amd64 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.72.1 as build_arm64 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.1 as build_armv7 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.72.1 as build_armv6 + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform=linux/amd64 build_${TARGETARCH}${TARGETVARIANT} as build +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" \ + # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 + # Debian Bookworm already contains libpq v15 + PQ_LIB_DIR="/usr/local/musl/pq15/lib" + + +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs + +# Shared variables across Debian and Alpine +RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ + # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic + if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi + +# Enable MiMalloc to improve performance on Alpine builds +ARG DB=sqlite,mysql,postgresql,enable_mimalloc + +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +# ARG CARGO_PROFILE=release +ARG CARGO_PROFILE=dev + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi + + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +# +# For these images to be able to built you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +FROM docker.io/library/alpine:3.18 + +ENV ROCKET_PROFILE="release" \ + ROCKET_ADDRESS=0.0.0.0 \ + ROCKET_PORT=80 \ + SSL_CERT_DIR=/etc/ssl/certs + +# Create data folder and Install needed libraries +RUN mkdir /data && \ + apk --no-cache add \ + ca-certificates \ + curl \ + openssl \ + tzdata + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +CMD ["/start.sh"] diff --git a/docker/Dockerfile.buildx b/docker/Dockerfile.buildx deleted file mode 100644 index c250312c94b..00000000000 --- a/docker/Dockerfile.buildx +++ /dev/null @@ -1,34 +0,0 @@ -# syntax=docker/dockerfile:1 -# The cross-built images have the build arch (`amd64`) embedded in the image -# manifest, rather than the target arch. For example: -# -# $ docker inspect vaultwarden/server:latest-armv7 | jq -r '.[]|.Architecture' -# amd64 -# -# Recent versions of Docker have started printing a warning when the image's -# claimed arch doesn't match the host arch. For example: -# -# WARNING: The requested image's platform (linux/amd64) does not match the -# detected host platform (linux/arm/v7) and no specific platform was requested -# -# The image still works fine, but the spurious warning creates confusion. -# -# Docker doesn't seem to provide a way to directly set the arch of an image -# at build time. To resolve the build vs. target arch discrepancy, we use -# Docker Buildx to build a new set of images with the correct target arch. -# -# Docker Buildx uses this Dockerfile to build an image for each requested -# platform. Since the Dockerfile basically consists of a single `FROM` -# instruction, we're effectively telling Buildx to build a platform-specific -# image by simply copying the existing cross-built image and setting the -# correct target arch as a side effect. -# -# References: -# -# - https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images -# - https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope -# - https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact -# -ARG LOCAL_REPO -ARG DOCKER_TAG -FROM ${LOCAL_REPO}:${DOCKER_TAG}-${TARGETARCH}${TARGETVARIANT} diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian new file mode 100644 index 00000000000..cacfff38c0b --- /dev/null +++ b/docker/Dockerfile.debian @@ -0,0 +1,179 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ + +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 +# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 +# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 +# [docker.io/vaultwarden/web-vault:v2023.8.2] +# +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault + +########################## Cross Compile Docker Helper Scripts ########################## +FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.72.1-slim-bookworm as build +COPY --from=xx / / +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" + +# Install clang to get `xx-cargo` working +# Install pkg-config to allow amd64 builds to find all libraries +RUN apt-get update && \ + apt-get install -y \ + --no-install-recommends \ + clang pkg-config + +RUN xx-apt-get install -y \ + --no-install-recommends \ + gcc \ + libc6-dev \ + linux-libc-dev \ + libmariadb-dev \ + libmariadb-dev-compat \ + libmariadb3 \ + libpq-dev \ + libpq5 \ + libssl-dev + +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs + +# Environment variables for cargo across Debian and Alpine +RUN echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo && \ + if xx-info is-cross ; then \ + # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. + # Because of this we generate the needed environment variables here which we can load in the needed steps. + echo "export CC_$(xx-cargo --print-target-triple | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(xx-cargo --print-target-triple | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ + echo "export CROSS_COMPILE=1" >> /env-cargo && \ + echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ + echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \ + fi + +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +# ARG CARGO_PROFILE=release +ARG CARGO_PROFILE=dev + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi + + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +# +# For these images to be able to built you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +FROM docker.io/library/debian:bookworm-slim + +ENV ROCKET_PROFILE="release" \ + ROCKET_ADDRESS=0.0.0.0 \ + ROCKET_PORT=80 \ + DEBIAN_FRONTEND=noninteractive + +# Create data folder and Install needed libraries +RUN mkdir /data && \ + apt-get update && apt-get install -y \ + --no-install-recommends \ + ca-certificates \ + curl \ + libmariadb-dev-compat \ + libpq5 \ + openssl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +CMD ["/start.sh"] diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index ab4c4ff4f7c..8292869d4c5 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -1,68 +1,14 @@ # syntax=docker/dockerfile:1 # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -{% set rust_version = "1.72.0" %} -{% set debian_version = "bookworm" %} -{% set alpine_version = "3.17" %} -{% set build_stage_base_image = "docker.io/library/rust:%s-%s" % (rust_version, debian_version) %} -{% if "alpine" in target_file %} -{% if "amd64" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:x86_64-musl-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/library/alpine:%s" % alpine_version %} -{% set package_arch_target = "x86_64-unknown-linux-musl" %} -{% elif "armv7" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:armv7-musleabihf-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/armv7hf-alpine:%s" % alpine_version %} -{% set package_arch_target = "armv7-unknown-linux-musleabihf" %} -{% elif "armv6" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:arm-musleabi-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/rpi-alpine:%s" % alpine_version %} -{% set package_arch_target = "arm-unknown-linux-musleabi" %} -{% elif "arm64" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:aarch64-musl-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/aarch64-alpine:%s" % alpine_version %} -{% set package_arch_target = "aarch64-unknown-linux-musl" %} -{% endif %} -{% elif "amd64" in target_file %} -{% set runtime_stage_base_image = "docker.io/library/debian:%s-slim" % debian_version %} -{% elif "arm64" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/aarch64-debian:%s" % debian_version %} -{% set package_arch_name = "arm64" %} -{% set package_arch_target = "aarch64-unknown-linux-gnu" %} -{% set package_cross_compiler = "aarch64-linux-gnu" %} -{% elif "armv6" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/rpi-debian:%s" % debian_version %} -{% set package_arch_name = "armel" %} -{% set package_arch_target = "arm-unknown-linux-gnueabi" %} -{% set package_cross_compiler = "arm-linux-gnueabi" %} -{% elif "armv7" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/armv7hf-debian:%s" % debian_version %} -{% set package_arch_name = "armhf" %} -{% set package_arch_target = "armv7-unknown-linux-gnueabihf" %} -{% set package_cross_compiler = "arm-linux-gnueabihf" %} -{% endif %} -{% if package_arch_name is defined %} -{% set package_arch_prefix = ":" + package_arch_name %} -{% else %} -{% set package_arch_prefix = "" %} -{% endif %} -{% if package_arch_target is defined %} -{% set package_arch_target_param = " --target=" + package_arch_target %} -{% else %} -{% set package_arch_target_param = "" %} -{% endif %} -{% if "buildkit" in target_file %} -{% set mount_rust_cache = "--mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry " %} -{% else %} -{% set mount_rust_cache = "" %} -{% endif %} +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -{% set vault_version = "v2023.8.2" %} -{% set vault_image_digest = "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" %} + +####################### VAULT BUILD IMAGE ####################### # The web-vault digest specifies a particular web-vault build on Docker Hub. # Using the digest instead of the tag name provides better security, # as the digest of an image is immutable, whereas a tag name can later @@ -80,10 +26,31 @@ # $ docker image inspect --format "{{ '{{' }}.RepoTags}}" docker.io/vaultwarden/web-vault@{{ vault_image_digest }} # [docker.io/vaultwarden/web-vault:{{ vault_version }}] # -FROM docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault + +{% if base == "debian" %} +########################## Cross Compile Docker Helper Scripts ########################## +FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx +{% elif base == "alpine" %} +########################## ALPINE BUILD IMAGES ########################## +## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 +## And for Alpine we define all build images here, they will only be loaded when actually used +{% for arch in build_stage_image[base].arch_image %} +FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].arch_image[arch] }} as build_{{ arch }} +{% endfor %} +{% endif %} + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].image }} as build +{% if base == "debian" %} +COPY --from=xx / / +{% endif %} +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM -########################## BUILD IMAGE ########################## -FROM {{ build_stage_base_image }} as build +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -91,56 +58,39 @@ ENV DEBIAN_FRONTEND=noninteractive \ TZ=UTC \ TERM=xterm-256color \ CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ USER="root" +{%- if base == "alpine" %} \ + # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 + # Debian Bookworm already contains libpq v15 + PQ_LIB_DIR="/usr/local/musl/pq15/lib" +{% endif %} -# Create CARGO_HOME folder and don't download rust docs -RUN {{ mount_rust_cache -}} mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal +{% if base == "debian" %} -{% if "alpine" in target_file %} -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -{% if "armv6" in target_file %} -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' -{% endif %} -{% elif "arm" in target_file %} -# Install build dependencies for the {{ package_arch_name }} architecture -RUN {{ mount_rust_cache -}} dpkg --add-architecture {{ package_arch_name }} \ - && apt-get update \ - && apt-get install -y \ +# Install clang to get `xx-cargo` working +# Install pkg-config to allow amd64 builds to find all libraries +RUN apt-get update && \ + apt-get install -y \ --no-install-recommends \ - gcc-{{ package_cross_compiler }} \ - libc6-dev{{ package_arch_prefix }} \ - linux-libc-dev{{ package_arch_prefix }} \ - libmariadb-dev{{ package_arch_prefix }} \ - libmariadb-dev-compat{{ package_arch_prefix }} \ - libmariadb3{{ package_arch_prefix }} \ - libpq-dev{{ package_arch_prefix }} \ - libpq5{{ package_arch_prefix }} \ - libssl-dev{{ package_arch_prefix }} \ - # - # Make sure cargo has the right target config - && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "{{ package_cross_compiler }}-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/{{ package_cross_compiler }}"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \ - OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}" -{% elif "amd64" in target_file %} -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ + clang pkg-config + +RUN xx-apt-get install -y \ --no-install-recommends \ + gcc \ + libc6-dev \ + linux-libc-dev \ libmariadb-dev \ - libpq-dev + libmariadb-dev-compat \ + libmariadb3 \ + libpq-dev \ + libpq5 \ + libssl-dev {% endif %} +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + # Creates a dummy project used to grab dependencies RUN USER=root cargo new --bin /app WORKDIR /app @@ -150,74 +100,105 @@ COPY ./Cargo.* ./ COPY ./rust-toolchain.toml ./rust-toolchain.toml COPY ./build.rs ./build.rs -{% if package_arch_target is defined %} -RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }} -{% endif %} +{% if base == "debian" %} +# Environment variables for cargo across Debian and Alpine +RUN echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo && \ + if xx-info is-cross ; then \ + # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. + # Because of this we generate the needed environment variables here which we can load in the needed steps. + echo "export CC_$(xx-cargo --print-target-triple | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(xx-cargo --print-target-triple | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ + echo "export CROSS_COMPILE=1" >> /env-cargo && \ + echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ + echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \ + fi # Configure the DB ARG as late as possible to not invalidate the cached layers above -{% if "alpine" in target_file %} +ARG DB=sqlite,mysql,postgresql +{% elif base == "alpine" %} +# Shared variables across Debian and Alpine +RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ + # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic + if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi + # Enable MiMalloc to improve performance on Alpine builds ARG DB=sqlite,mysql,postgresql,enable_mimalloc -{% else %} -ARG DB=sqlite,mysql,postgresql {% endif %} +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +# ARG CARGO_PROFILE=release +ARG CARGO_PROFILE=dev + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} \ - && find . -not -path "./target*" -delete +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Make sure that we actually build the project -RUN touch src/main.rs +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi -# Builds again, this time it'll just be -# your actual source files being built -RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM {{ runtime_stage_base_image }} +# +# For these images to be able to built you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +FROM {{ runtime_stage_image[base] }} ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ ROCKET_PORT=80 -{%- if "alpine" in runtime_stage_base_image %} \ +{%- if base == "debian" %} \ + DEBIAN_FRONTEND=noninteractive +{% elif base == "alpine" %} \ SSL_CERT_DIR=/etc/ssl/certs {% endif %} - -{% if "amd64" not in target_file %} -RUN [ "cross-build-start" ] -{% endif %} - # Create data folder and Install needed libraries -RUN mkdir /data \ -{% if "alpine" in runtime_stage_base_image %} - && apk add --no-cache \ +RUN mkdir /data && \ +{% if base == "debian" %} + apt-get update && apt-get install -y \ + --no-install-recommends \ ca-certificates \ curl \ - openssl \ - tzdata -{% else %} - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* -{% endif %} - -{% if "amd64" not in target_file %} -RUN [ "cross-build-end" ] + libmariadb-dev-compat \ + libpq5 \ + openssl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* +{% elif base == "alpine" %} + apk --no-cache add \ + ca-certificates \ + curl \ + openssl \ + tzdata {% endif %} VOLUME /data @@ -227,16 +208,13 @@ EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / -COPY --from=vault /web-vault ./web-vault -{% if package_arch_target is defined %} -COPY --from=build /app/target/{{ package_arch_target }}/release/vaultwarden . -{% else %} -COPY --from=build /app/target/release/vaultwarden . -{% endif %} COPY docker/healthcheck.sh /healthcheck.sh COPY docker/start.sh /start.sh +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] CMD ["/start.sh"] diff --git a/docker/Makefile b/docker/Makefile index d7c0ab80a18..74c4bae5510 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -1,15 +1,3 @@ -OBJECTS := $(shell find ./ -mindepth 2 -name 'Dockerfile*') - -all: $(OBJECTS) - -%/Dockerfile: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.alpine: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.buildkit: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.buildkit.alpine: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" +all: + ./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian + ./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine diff --git a/docker/README.md b/docker/README.md index 1dbfe22c441..daff7916b68 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,3 +1,7 @@ -The arch-specific directory names follow the arch identifiers used by the Docker official images: +# Vaultwarden Container Building -https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64 +## Local container building + +```bash +docker buildx create --name multiarch --use --driver-opt network=host +``` diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile deleted file mode 100644 index 2efaf77a754..00000000000 --- a/docker/amd64/Dockerfile +++ /dev/null @@ -1,119 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev \ - libpq-dev - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/debian:bookworm-slim - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine deleted file mode 100644 index 3e4f3efd17f..00000000000 --- a/docker/amd64/Dockerfile.alpine +++ /dev/null @@ -1,116 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add x86_64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.buildkit b/docker/amd64/Dockerfile.buildkit deleted file mode 100644 index eac7a5ea0c5..00000000000 --- a/docker/amd64/Dockerfile.buildkit +++ /dev/null @@ -1,119 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev \ - libpq-dev - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/debian:bookworm-slim - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.buildkit.alpine b/docker/amd64/Dockerfile.buildkit.alpine deleted file mode 100644 index c1f199f5533..00000000000 --- a/docker/amd64/Dockerfile.buildkit.alpine +++ /dev/null @@ -1,116 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add x86_64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile deleted file mode 100644 index 910568d0ca6..00000000000 --- a/docker/arm64/Dockerfile +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the arm64 architecture -RUN dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - libc6-dev:arm64 \ - linux-libc-dev:arm64 \ - libmariadb-dev:arm64 \ - libmariadb-dev-compat:arm64 \ - libmariadb3:arm64 \ - libpq-dev:arm64 \ - libpq5:arm64 \ - libssl-dev:arm64 \ - # - # Make sure cargo has the right target config - && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \ - OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add aarch64-unknown-linux-gnu - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine deleted file mode 100644 index e23c306a6bb..00000000000 --- a/docker/arm64/Dockerfile.alpine +++ /dev/null @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add aarch64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.buildkit b/docker/arm64/Dockerfile.buildkit deleted file mode 100644 index 7f370c4e9ef..00000000000 --- a/docker/arm64/Dockerfile.buildkit +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the arm64 architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - libc6-dev:arm64 \ - linux-libc-dev:arm64 \ - libmariadb-dev:arm64 \ - libmariadb-dev-compat:arm64 \ - libmariadb3:arm64 \ - libpq-dev:arm64 \ - libpq5:arm64 \ - libssl-dev:arm64 \ - # - # Make sure cargo has the right target config - && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \ - OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-gnu - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.buildkit.alpine b/docker/arm64/Dockerfile.buildkit.alpine deleted file mode 100644 index 8cad80d3998..00000000000 --- a/docker/arm64/Dockerfile.buildkit.alpine +++ /dev/null @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile deleted file mode 100644 index 6480c9a6c3b..00000000000 --- a/docker/armv6/Dockerfile +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armel architecture -RUN dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - libc6-dev:armel \ - linux-libc-dev:armel \ - libmariadb-dev:armel \ - libmariadb-dev-compat:armel \ - libmariadb3:armel \ - libpq-dev:armel \ - libpq5:armel \ - libssl-dev:armel \ - # - # Make sure cargo has the right target config - && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add arm-unknown-linux-gnueabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine deleted file mode 100644 index acec859ad99..00000000000 --- a/docker/armv6/Dockerfile.alpine +++ /dev/null @@ -1,120 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add arm-unknown-linux-musleabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.buildkit b/docker/armv6/Dockerfile.buildkit deleted file mode 100644 index 6211d9a3a5d..00000000000 --- a/docker/armv6/Dockerfile.buildkit +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armel architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - libc6-dev:armel \ - linux-libc-dev:armel \ - libmariadb-dev:armel \ - libmariadb-dev-compat:armel \ - libmariadb3:armel \ - libpq-dev:armel \ - libpq5:armel \ - libssl-dev:armel \ - # - # Make sure cargo has the right target config - && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-gnueabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.buildkit.alpine b/docker/armv6/Dockerfile.buildkit.alpine deleted file mode 100644 index 21315cb3646..00000000000 --- a/docker/armv6/Dockerfile.buildkit.alpine +++ /dev/null @@ -1,120 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-musleabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile deleted file mode 100644 index b5174133184..00000000000 --- a/docker/armv7/Dockerfile +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armhf architecture -RUN dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - libc6-dev:armhf \ - linux-libc-dev:armhf \ - libmariadb-dev:armhf \ - libmariadb-dev-compat:armhf \ - libmariadb3:armhf \ - libpq-dev:armhf \ - libpq5:armhf \ - libssl-dev:armhf \ - # - # Make sure cargo has the right target config - && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add armv7-unknown-linux-gnueabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine deleted file mode 100644 index 450d19635bd..00000000000 --- a/docker/armv7/Dockerfile.alpine +++ /dev/null @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add armv7-unknown-linux-musleabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.buildkit b/docker/armv7/Dockerfile.buildkit deleted file mode 100644 index aa291135e58..00000000000 --- a/docker/armv7/Dockerfile.buildkit +++ /dev/null @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armhf architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - libc6-dev:armhf \ - linux-libc-dev:armhf \ - libmariadb-dev:armhf \ - libmariadb-dev-compat:armhf \ - libmariadb3:armhf \ - libpq-dev:armhf \ - libpq5:armhf \ - libssl-dev:armhf \ - # - # Make sure cargo has the right target config - && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-gnueabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.buildkit.alpine b/docker/armv7/Dockerfile.buildkit.alpine deleted file mode 100644 index 58a32af98ea..00000000000 --- a/docker/armv7/Dockerfile.buildkit.alpine +++ /dev/null @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-musleabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl new file mode 100644 index 00000000000..b9509abae75 --- /dev/null +++ b/docker/docker-bake.hcl @@ -0,0 +1,136 @@ +// ==== Baking Variables ==== + +// Set which cargo provile to use, dev or release for example +// Use the value provided in the Dockerfile as default +variable "CARGO_PROFILE" { + default = null +} + +// Set which DB's (features) to enable +// Use the value provided in the Dockerfile as default +variable "DB" { + default = null +} + +// The repository this build was triggered from +variable "SOURCE_REPOSITORY_URL" { + default = null +} + +// The commit hash of of the current commit this build was triggered on +variable "SOURCE_COMMIT" { + default = null +} + +// The version of this build +// Typically the current exact tag of this commit, +// else the last tag and the first 8 characters of the source commit +variable "SOURCE_VERSION" { + default = null +} + +// The base tag(s) to use +// This can be a comma separated value like "testing,1.29.2" +variable "BASE_TAGS" { + default = "testing" +} + +// Which container registries should be used for the tagging +// This can be a comma separated value +// Use a full URI like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` +variable "CONTAINER_REGISTRIES" { + default = "vaultwarden/server" +} + + +// ==== Baking Groups ==== + +group "default" { + targets = ["debian"] +} + + +// ==== Shared Baking ==== + +target "_default_attributes" { + labels = { + "org.opencontainers.image.licenses" = "AGPL-3.0-only" + "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki" + "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden" + "org.opencontainers.image.created" = "${formatdate("YYYY-MM-DD'T'hh:mm:ssZZZZZ", timestamp())}" + "org.opencontainers.image.source" = "${SOURCE_REPOSITORY_URL}" + "org.opencontainers.image.revision" = "${SOURCE_COMMIT}" + "org.opencontainers.image.version" = "${SOURCE_VERSION}" + } + args = { + DB = "${DB}" + CARGO_PROFILE = "${CARGO_PROFILE}" + } +} + + +// ==== Debian Baking ==== + +target "debian" { + inherits = ["_default_attributes"] + dockerfile = "docker/Dockerfile.debian" + output = ["type=docker"] + tags = generate_tags("", platform_tag()) +} + +target "debian-all" { + inherits = ["debian"] + platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] + tags = generate_tags("", "") + output = ["type=registry"] +} + + +// ==== Alpine Baking ==== + +target "alpine" { + inherits = ["_default_attributes"] + dockerfile = "docker/Dockerfile.alpine" + output = ["type=docker"] + tags = generate_tags("-alpine", platform_tag()) +} + +target "alpine-all" { + inherits = ["alpine"] + platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] + tags = generate_tags("-alpine", "") + output = ["type=registry"] +} + + +// ==== Baking functions ==== + +// This will return the local platform as amd64, arm64 or armv7 for example +// It can be used for creating a local image tag +function "platform_tag" { + params = [] + result = "-${replace(replace(BAKE_LOCAL_PLATFORM, "linux/", ""), "/", "")}" +} + + +function "get_container_registries" { + params = [] + result = flatten(split(",", CONTAINER_REGISTRIES)) +} + +function "get_base_tags" { + params = [] + result = flatten(split(",", BASE_TAGS)) +} + +function "generate_tags" { + params = [ + suffix, // What to append to the BASE_TAG when needed, like `-alpine` for example + platform // the platform we are building for if needed + ] + result = flatten([ + for registry in get_container_registries() : + [for base_tag in get_base_tags() : + concat(["${registry}:${base_tag}${suffix}${platform}"])] + ]) +} diff --git a/docker/render_template b/docker/render_template index c9978d5ad30..401e0ad021d 100755 --- a/docker/render_template +++ b/docker/render_template @@ -1,17 +1,31 @@ #!/usr/bin/env python3 -import os, argparse, json - +import os +import argparse +import json +import yaml import jinja2 +# Load settings file +with open("DockerSettings.yaml", 'r') as yaml_file: + yaml_data = yaml.safe_load(yaml_file) + +settings_env = jinja2.Environment( + loader=jinja2.FileSystemLoader(os.getcwd()), +) +settings_yaml = yaml.safe_load(settings_env.get_template("DockerSettings.yaml").render(yaml_data)) + args_parser = argparse.ArgumentParser() args_parser.add_argument('template_file', help='Jinja2 template file to render.') args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.') cli_args = args_parser.parse_args() +# Merge the default config yaml with the json arguments given. render_vars = json.loads(cli_args.render_vars) +settings_yaml.update(render_vars) + environment = jinja2.Environment( loader=jinja2.FileSystemLoader(os.getcwd()), trim_blocks=True, ) -print(environment.get_template(cli_args.template_file).render(render_vars)) +print(environment.get_template(cli_args.template_file).render(settings_yaml)) diff --git a/hooks/README.md b/hooks/README.md deleted file mode 100644 index d198452e0a0..00000000000 --- a/hooks/README.md +++ /dev/null @@ -1,20 +0,0 @@ -The hooks in this directory are used to create multi-arch images using Docker Hub automated builds. - -Docker Hub hooks provide these predefined [environment variables](https://docs.docker.com/docker-hub/builds/advanced/#environment-variables-for-building-and-testing): - -* `SOURCE_BRANCH`: the name of the branch or the tag that is currently being tested. -* `SOURCE_COMMIT`: the SHA1 hash of the commit being tested. -* `COMMIT_MSG`: the message from the commit being tested and built. -* `DOCKER_REPO`: the name of the Docker repository being built. -* `DOCKERFILE_PATH`: the dockerfile currently being built. -* `DOCKER_TAG`: the Docker repository tag being built. -* `IMAGE_NAME`: the name and tag of the Docker repository being built. (This variable is a combination of `DOCKER_REPO:DOCKER_TAG`.) - -The current multi-arch image build relies on the original vaultwarden Dockerfiles, which use cross-compilation for architectures other than `amd64`, and don't yet support all arch/distro combinations. However, cross-compilation is much faster than QEMU-based builds (e.g., using `docker buildx`). This situation may need to be revisited at some point. - -## References - -* https://docs.docker.com/docker-hub/builds/advanced/ -* https://docs.docker.com/engine/reference/commandline/manifest/ -* https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/ -* https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api diff --git a/hooks/arches.sh b/hooks/arches.sh deleted file mode 100644 index 96114fae484..00000000000 --- a/hooks/arches.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -# The default Debian-based images support these arches for all database backends. -arches=( - amd64 - armv6 - armv7 - arm64 -) -export arches - -if [[ "${DOCKER_TAG}" == *alpine ]]; then - distro_suffix=.alpine -fi -export distro_suffix diff --git a/hooks/build b/hooks/build deleted file mode 100755 index b89a56610b1..00000000000 --- a/hooks/build +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash - -echo ">>> Building images..." - -# shellcheck source=arches.sh -source ./hooks/arches.sh - -if [[ -z "${SOURCE_COMMIT}" ]]; then - # This var is typically predefined by Docker Hub, but it won't be - # when testing locally. - SOURCE_COMMIT="$(git rev-parse HEAD)" -fi - -# Construct a version string in the style of `build.rs`. -GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" -if [[ -n "${GIT_EXACT_TAG}" ]]; then - SOURCE_VERSION="${GIT_EXACT_TAG}" -else - GIT_LAST_TAG="$(git describe --tags --abbrev=0)" - SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" -fi - -LABELS=( - # https://github.com/opencontainers/image-spec/blob/master/annotations.md - org.opencontainers.image.created="$(date --utc --iso-8601=seconds)" - org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki" - org.opencontainers.image.licenses="AGPL-3.0-only" - org.opencontainers.image.revision="${SOURCE_COMMIT}" - org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}" - org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden" - org.opencontainers.image.version="${SOURCE_VERSION}" -) -LABEL_ARGS=() -for label in "${LABELS[@]}"; do - LABEL_ARGS+=(--label "${label}") -done - -# Check if DOCKER_BUILDKIT is set, if so, use the Dockerfile.buildkit as template -if [[ -n "${DOCKER_BUILDKIT}" ]]; then - buildkit_suffix=.buildkit -fi - -set -ex - -for arch in "${arches[@]}"; do - docker build \ - "${LABEL_ARGS[@]}" \ - -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \ - -f "docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix}" \ - . -done diff --git a/hooks/pre_build b/hooks/pre_build deleted file mode 100755 index 9829bb5d8ea..00000000000 --- a/hooks/pre_build +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -# If requested, print some environment info for troubleshooting. -if [[ -n "${DOCKER_HUB_DEBUG}" ]]; then - id - pwd - df -h - env - docker info - docker version -fi - -# Install build dependencies. -deps=( - jq -) -apt-get update -apt-get install -y "${deps[@]}" - -# Docker Hub uses a shallow clone and doesn't fetch tags, which breaks some -# Git operations that we perform later, so fetch the complete history and -# tags first. Note that if the build is cached, the clone may have been -# unshallowed already; if so, unshallowing will fail, so skip it. -if [[ -f .git/shallow ]]; then - git fetch --unshallow --tags -fi diff --git a/hooks/push b/hooks/push deleted file mode 100755 index f2a3267f215..00000000000 --- a/hooks/push +++ /dev/null @@ -1,111 +0,0 @@ -#!/usr/bin/env bash - -# shellcheck source=arches.sh -source ./hooks/arches.sh - -export DOCKER_CLI_EXPERIMENTAL=enabled - -# Join a list of args with a single char. -# Ref: https://stackoverflow.com/a/17841619 -join() { local IFS="$1"; shift; echo "$*"; } - -set -ex - -echo ">>> Starting local Docker registry when needed..." - -# Docker Buildx's `docker-container` driver is needed for multi-platform -# builds, but it can't access existing images on the Docker host (like the -# cross-compiled ones we just built). Those images first need to be pushed to -# a registry -- Docker Hub could be used, but since it's not trivial to clean -# up those intermediate images on Docker Hub, it's easier to just run a local -# Docker registry, which gets cleaned up automatically once the build job ends. -# -# https://docs.docker.com/registry/deploying/ -# https://hub.docker.com/_/registry -# -# Use host networking so the buildx container can access the registry via -# localhost. -# -# First check if there already is a registry container running, else skip it. -# This will only happen either locally or running it via Github Actions -# -if ! timeout 5 bash -c 'cat < /dev/null > /dev/tcp/localhost/5000'; then - # defaults to port 5000 - docker run -d --name registry --network host registry:2 -fi - -# Docker Hub sets a `DOCKER_REPO` env var with the format `index.docker.io/user/repo`. -# Strip the registry portion to construct a local repo path for use in `Dockerfile.buildx`. -LOCAL_REGISTRY="localhost:5000" -REPO="${DOCKER_REPO#*/}" -LOCAL_REPO="${LOCAL_REGISTRY}/${REPO}" - -echo ">>> Pushing images to local registry..." - -for arch in "${arches[@]}"; do - docker_image="${DOCKER_REPO}:${DOCKER_TAG}-${arch}" - local_image="${LOCAL_REPO}:${DOCKER_TAG}-${arch}" - docker tag "${docker_image}" "${local_image}" - docker push "${local_image}" -done - -echo ">>> Setting up Docker Buildx..." - -# Same as earlier, use host networking so the buildx container can access the -# registry via localhost. -# -# Ref: https://github.com/docker/buildx/issues/94#issuecomment-534367714 -# -# Check if there already is a builder running, else skip this and use the existing. -# This will only happen either locally or running it via Github Actions -# -if ! docker buildx inspect builder > /dev/null 2>&1 ; then - docker buildx create --name builder --use --driver-opt network=host -fi - -echo ">>> Running Docker Buildx..." - -tags=("${DOCKER_REPO}:${DOCKER_TAG}") - -# If the Docker tag starts with a version number, assume the latest release -# is being pushed. Add an extra tag (`latest` or `alpine`, as appropriate) -# to make it easier for users to track the latest release. -if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then - if [[ "${DOCKER_TAG}" == *alpine ]]; then - tags+=("${DOCKER_REPO}:alpine") - else - tags+=("${DOCKER_REPO}:latest") - fi -fi - -tag_args=() -for tag in "${tags[@]}"; do - tag_args+=(--tag "${tag}") -done - -# Docker Buildx takes a list of target platforms (OS/arch/variant), so map -# the arch list to a platform list (assuming the OS is always `linux`). -declare -A arch_to_platform=( - [amd64]="linux/amd64" - [armv6]="linux/arm/v6" - [armv7]="linux/arm/v7" - [arm64]="linux/arm64" -) -platforms=() -for arch in "${arches[@]}"; do - platforms+=("${arch_to_platform[$arch]}") -done -platform="$(join "," "${platforms[@]}")" - -# Run the build, pushing the resulting images and multi-arch manifest list to -# Docker Hub. The Dockerfile is read from stdin to avoid sending any build -# context, which isn't needed here since the actual cross-compiled images -# have already been built. -docker buildx build \ - --network host \ - --build-arg LOCAL_REPO="${LOCAL_REPO}" \ - --build-arg DOCKER_TAG="${DOCKER_TAG}" \ - --platform "${platform}" \ - "${tag_args[@]}" \ - --push \ - - < ./docker/Dockerfile.buildx diff --git a/rust-toolchain.toml b/rust-toolchain.toml index f0263f9f2fe..e279de73a02 100644 --- a/rust-toolchain.toml +++ b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] -channel = "1.72.0" +channel = "1.72.1" components = [ "rustfmt", "clippy" ] profile = "minimal"