From b217af0d3f9a553ad63681758ad24adc6868be2e Mon Sep 17 00:00:00 2001 From: BlackDex Date: Thu, 19 Oct 2023 16:04:26 +0200 Subject: [PATCH] Address review remarks and small updates - Addressed review remarks - Added `podman-bake.sh` script to build Vaultwarden with podman - Updated README - Updated crates - Added `VW_VERSION` support - Added annotations --- .github/workflows/release.yml | 1 + .pre-commit-config.yaml | 2 +- Cargo.lock | 309 ++++++++++++++++++++++------------ Cargo.toml | 18 +- Dockerfile | 2 +- docker/DockerSettings.yaml | 3 + docker/Dockerfile.alpine | 25 +-- docker/Dockerfile.debian | 30 ++-- docker/Dockerfile.j2 | 42 +++-- docker/Makefile | 1 + docker/README.md | 66 +++++++- docker/bake.sh | 20 +-- docker/bake_env.sh | 33 ++++ docker/docker-bake.hcl | 34 +++- docker/healthcheck.sh | 2 +- docker/podman-bake.sh | 105 ++++++++++++ 16 files changed, 512 insertions(+), 181 deletions(-) create mode 100644 docker/bake_env.sh create mode 100755 docker/podman-bake.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 21c9d4c7a5e..ae68bc1d769 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,6 +14,7 @@ on: branches: # Only on paths above - main + - release-build-revision tags: # Always, regardless of paths above - '*' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0d7abeb75b0..39ce1cb5563 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-yaml - id: check-json diff --git a/Cargo.lock b/Cargo.lock index f782ba1ed02..5c4a9a84161 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -17,6 +17,17 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" +[[package]] +name = "ahash" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" +dependencies = [ + "getrandom", + "once_cell", + "version_check", +] + [[package]] name = "ahash" version = "0.8.3" @@ -98,9 +109,9 @@ dependencies = [ [[package]] name = "async-compression" -version = "0.4.3" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb42b2197bf15ccb092b62c74515dbd8b86d0effd934795f6687c93b6e679a2c" +checksum = "f658e2baef915ba0f26f1f7c42bfb8e12f532a01f449a090ded75ae7a07e9ba2" dependencies = [ "brotli", "flate2", @@ -112,9 +123,9 @@ dependencies = [ [[package]] name = "async-executor" -version = "1.5.4" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c1da3ae8dabd9c00f453a329dfe1fb28da3c0a72e2478cdcd93171740c20499" +checksum = "4b0c4a4f319e45986f347ee47fef8bf5e81c9abc3f6f58dc2391439f30df65f0" dependencies = [ "async-lock", "async-task", @@ -153,7 +164,7 @@ dependencies = [ "log", "parking", "polling", - "rustix 0.37.24", + "rustix 0.37.26", "slab", "socket2 0.4.9", "waker-fn", @@ -181,7 +192,7 @@ dependencies = [ "cfg-if", "event-listener 3.0.0", "futures-lite", - "rustix 0.38.18", + "rustix 0.38.20", "windows-sys", ] @@ -197,7 +208,7 @@ dependencies = [ "cfg-if", "futures-core", "futures-io", - "rustix 0.38.18", + "rustix 0.38.20", "signal-hook-registry", "slab", "windows-sys", @@ -254,15 +265,15 @@ dependencies = [ [[package]] name = "async-task" -version = "4.4.1" +version = "4.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9441c6b2fe128a7c2bf680a44c34d0df31ce09e5b7e401fcca3faa483dbc921" +checksum = "b4eb2cdb97421e01129ccb49169d8279ed21e829929144f4a22a6e54ac549ca1" [[package]] name = "async-trait" -version = "0.1.73" +version = "0.1.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0" +checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" dependencies = [ "proc-macro2", "quote", @@ -343,9 +354,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" [[package]] name = "blake2" @@ -432,12 +443,12 @@ version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8cead8ece0da6b744b2ad8ef9c58a4cdc7ef2921e60a6ddfb9eaaa86839b5fc5" dependencies = [ - "ahash", + "ahash 0.8.3", "async-trait", "cached_proc_macro", "cached_proc_macro_types", "futures", - "hashbrown 0.14.1", + "hashbrown 0.14.2", "instant", "once_cell", "thiserror", @@ -512,6 +523,16 @@ dependencies = [ "phf_codegen", ] +[[package]] +name = "chumsky" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23170228b96236b5a7299057ac284a321457700bc8c41a4476052f0f4ba5349d" +dependencies = [ + "hashbrown 0.12.3", + "stacker", +] + [[package]] name = "concurrent-queue" version = "2.3.0" @@ -595,9 +616,9 @@ checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" [[package]] name = "cpufeatures" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" +checksum = "3fbc60abd742b35f2492f808e1abbb83d45f72db402e14c55057edc9c7b1e9e4" dependencies = [ "libc", ] @@ -683,7 +704,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" dependencies = [ "cfg-if", - "hashbrown 0.14.1", + "hashbrown 0.14.2", "lock_api", "once_cell", "parking_lot_core", @@ -703,9 +724,12 @@ checksum = "41b319d1b62ffbd002e057f36bebd1f42b9f97927c9577461d855f3513c4289f" [[package]] name = "deranged" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946" +checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3" +dependencies = [ + "powerfmt", +] [[package]] name = "devise" @@ -733,7 +757,7 @@ version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "35b50dba0afdca80b187392b24f2499a88c336d5a8493e4b4ccfb608708be56a" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "proc-macro2", "proc-macro2-diagnostics", "quote", @@ -746,7 +770,7 @@ version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2268a214a6f118fce1838edba3d1561cf0e78d8de785475957a580a7f8c69d33" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "byteorder", "chrono", "diesel_derives", @@ -948,9 +972,9 @@ dependencies = [ [[package]] name = "flate2" -version = "1.0.27" +version = "1.0.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010" +checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" dependencies = [ "crc32fast", "miniz_oxide", @@ -1217,14 +1241,17 @@ name = "hashbrown" version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" +dependencies = [ + "ahash 0.7.6", +] [[package]] name = "hashbrown" -version = "0.14.1" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7dfda62a12f55daeae5015f81b0baea145391cb4520f86c248fc615d72640d12" +checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156" dependencies = [ - "ahash", + "ahash 0.8.3", "allocator-api2", ] @@ -1351,16 +1378,16 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.57" +version = "0.1.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fad5b825842d2b38bd206f3e81d6957625fd7f0a361e345c30e01a0ae2dd613" +checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20" dependencies = [ "android_system_properties", "core-foundation-sys", "iana-time-zone-haiku", "js-sys", "wasm-bindgen", - "windows", + "windows-core", ] [[package]] @@ -1427,7 +1454,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" dependencies = [ "equivalent", - "hashbrown 0.14.1", + "hashbrown 0.14.2", ] [[package]] @@ -1481,7 +1508,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix 0.38.18", + "rustix 0.38.20", "windows-sys", ] @@ -1519,13 +1546,13 @@ dependencies = [ [[package]] name = "jsonwebtoken" -version = "8.3.0" +version = "9.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" +checksum = "1e863f95209c79b9b8b001c4b03463385f890a765dbc4e0802cb8d4177e3e410" dependencies = [ "base64 0.21.4", "pem", - "ring", + "ring 0.17.5", "serde", "serde_json", "simple_asn1", @@ -1548,31 +1575,33 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "lettre" -version = "0.10.4" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d" +checksum = "d47084ad58f99c26816d174702f60e873f861fcef3f9bd6075b4ad2dd72d07d5" dependencies = [ "async-std", "async-trait", "base64 0.21.4", + "chumsky", "email-encoding", "email_address", - "fastrand 1.9.0", + "fastrand 2.0.1", "futures-io", "futures-util", "hostname", "httpdate", - "idna 0.3.0", + "idna 0.4.0", "mime", "native-tls", "nom", "once_cell", "quoted_printable", "serde", - "socket2 0.4.9", + "socket2 0.5.4", "tokio", "tokio-native-tls", "tracing", + "url", ] [[package]] @@ -1622,9 +1651,9 @@ checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" [[package]] name = "lock_api" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" +checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" dependencies = [ "autocfg", "scopeguard", @@ -1922,7 +1951,7 @@ version = "0.10.57" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "cfg-if", "foreign-types", "libc", @@ -1978,9 +2007,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "parking" -version = "2.1.1" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e52c774a4c39359c1d1c52e43f73dd91a75a614652c825408eec30c95a9b2067" +checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" [[package]] name = "parking_lot" @@ -1994,13 +2023,13 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.8" +version = "0.9.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447" +checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.4.1", "smallvec", "windows-targets", ] @@ -2056,11 +2085,12 @@ dependencies = [ [[package]] name = "pem" -version = "1.1.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923" dependencies = [ - "base64 0.13.1", + "base64 0.21.4", + "serde", ] [[package]] @@ -2203,6 +2233,12 @@ dependencies = [ "windows-sys", ] +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + [[package]] name = "ppv-lite86" version = "0.2.17" @@ -2246,6 +2282,15 @@ version = "2.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac" +[[package]] +name = "psm" +version = "0.1.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5787f7cda34e3033a72192c018bc5883100330f362ef279a8cbccfce8bb4e874" +dependencies = [ + "cc", +] + [[package]] name = "publicsuffix" version = "2.2.3" @@ -2289,9 +2334,9 @@ dependencies = [ [[package]] name = "quoted_printable" -version = "0.4.8" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a3866219251662ec3b26fc217e3e05bf9c4f84325234dfb96bf0bf840889e49" +checksum = "79ec282e887b434b68c18fe5c121d38e72a5cf35119b59e54ec5b992ea9c8eb0" [[package]] name = "r2d2" @@ -2352,6 +2397,15 @@ dependencies = [ "bitflags 1.3.2", ] +[[package]] +name = "redox_syscall" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +dependencies = [ + "bitflags 1.3.2", +] + [[package]] name = "ref-cast" version = "1.0.20" @@ -2374,14 +2428,14 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.0" +version = "1.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d119d7c7ca818f8a53c300863d4f87566aac09943aef5b355bb83969dae75d87" +checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.4.1", - "regex-syntax 0.8.0", + "regex-automata 0.4.3", + "regex-syntax 0.8.2", ] [[package]] @@ -2395,13 +2449,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.1" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "465c6fc0621e4abc4187a2bda0937bfd4f722c2730b29562e19689ea796c9a4b" +checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.8.0", + "regex-syntax 0.8.2", ] [[package]] @@ -2412,9 +2466,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.8.0" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3cbb081b9784b07cceb8824c8583f86db4814d172ab043f3c23f7dc600bf83d" +checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "reqwest" @@ -2481,11 +2535,25 @@ dependencies = [ "libc", "once_cell", "spin 0.5.2", - "untrusted", + "untrusted 0.7.1", "web-sys", "winapi", ] +[[package]] +name = "ring" +version = "0.17.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys", +] + [[package]] name = "rmp" version = "0.8.12" @@ -2627,9 +2695,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustix" -version = "0.37.24" +version = "0.37.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4279d76516df406a8bd37e7dff53fd37d1a093f997a3c34a5c21658c126db06d" +checksum = "84f3f8f960ed3b5a59055428714943298bf3fa2d4a1d53135084e0544829d995" dependencies = [ "bitflags 1.3.2", "errno", @@ -2641,11 +2709,11 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.18" +version = "0.38.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a74ee2d7c2581cd139b42447d7d9389b889bdaad3a73f1ebb16f2a3237bb19c" +checksum = "67ce50cb2e16c2903e30d1cbccfd8387a74b9d4c938b6a4c5ec6cc7556f7a8a0" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "errno", "libc", "linux-raw-sys 0.4.10", @@ -2659,7 +2727,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" dependencies = [ "log", - "ring", + "ring 0.16.20", "rustls-webpki", "sct", ] @@ -2679,8 +2747,8 @@ version = "0.101.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -2740,8 +2808,8 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -2775,9 +2843,9 @@ checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.188" +version = "1.0.189" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" +checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537" dependencies = [ "serde_derive", ] @@ -2794,9 +2862,9 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.188" +version = "1.0.189" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" +checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5" dependencies = [ "proc-macro2", "quote", @@ -2960,6 +3028,19 @@ dependencies = [ "memchr", ] +[[package]] +name = "stacker" +version = "0.1.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c886bd4480155fd3ef527d45e9ac8dd7118a898a46530b7b94c3e21866259fce" +dependencies = [ + "cc", + "cfg-if", + "libc", + "psm", + "winapi", +] + [[package]] name = "state" version = "0.6.0" @@ -3045,25 +3126,25 @@ checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef" dependencies = [ "cfg-if", "fastrand 2.0.1", - "redox_syscall", - "rustix 0.38.18", + "redox_syscall 0.3.5", + "rustix 0.38.20", "windows-sys", ] [[package]] name = "thiserror" -version = "1.0.49" +version = "1.0.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1177e8c6d7ede7afde3585fd2513e611227efd6481bd78d2e82ba1ce16557ed4" +checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.49" +version = "1.0.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10712f02019e9288794769fba95cd6847df9874d49d871d062172f9dd41bc4cc" +checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" dependencies = [ "proc-macro2", "quote", @@ -3091,14 +3172,15 @@ dependencies = [ [[package]] name = "time" -version = "0.3.29" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "426f806f4089c493dcac0d24c29c01e2c38baf8e30f1b716ee37e83d200b18fe" +checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" dependencies = [ "deranged", "itoa", "libc", "num_threads", + "powerfmt", "serde", "time-core", "time-macros", @@ -3312,11 +3394,10 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" [[package]] name = "tracing" -version = "0.1.37" +version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ - "cfg-if", "log", "pin-project-lite", "tracing-attributes", @@ -3325,9 +3406,9 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.26" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" +checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", @@ -3336,9 +3417,9 @@ dependencies = [ [[package]] name = "tracing-core" -version = "0.1.31" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a" +checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" dependencies = [ "once_cell", "valuable", @@ -3375,9 +3456,9 @@ dependencies = [ [[package]] name = "trust-dns-proto" -version = "0.23.0" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0dc775440033cb114085f6f2437682b194fa7546466024b1037e82a48a052a69" +checksum = "559ac980345f7f5020883dd3bcacf176355225e01916f8c2efecad7534f682c6" dependencies = [ "async-trait", "cfg-if", @@ -3400,9 +3481,9 @@ dependencies = [ [[package]] name = "trust-dns-resolver" -version = "0.23.0" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2dff7aed33ef3e8bf2c9966fccdfed93f93d46f432282ea875cd66faabc6ef2f" +checksum = "c723b0e608b24ad04c73b2607e0241b2c98fd79795a95e98b068b6966138a29d" dependencies = [ "cfg-if", "futures-util", @@ -3508,6 +3589,12 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "url" version = "2.4.1" @@ -3528,9 +3615,9 @@ checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9" [[package]] name = "uuid" -version = "1.4.1" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d" +checksum = "88ad59a7560b41a70d191093a945f0b87bc1deeda46fb237479708a1d6b6cdfc" dependencies = [ "getrandom", ] @@ -3543,9 +3630,9 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" [[package]] name = "value-bag" -version = "1.4.1" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d92ccd67fb88503048c01b59152a04effd0782d035a83a6d256ce6085f08f4a3" +checksum = "4a72e1902dde2bd6441347de2b70b7f5d59bf157c6c62f0c44572607a1d55bbe" [[package]] name = "vaultwarden" @@ -3588,7 +3675,7 @@ dependencies = [ "rand", "regex", "reqwest", - "ring", + "ring 0.17.5", "rmpv", "rocket", "rocket_ws", @@ -3762,14 +3849,15 @@ dependencies = [ [[package]] name = "which" -version = "4.4.2" +version = "5.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +checksum = "9bf3ea8596f3a0dd5980b46430f2058dfe2c36a27ccfbb1845d6fbfcd9ba6e14" dependencies = [ "either", "home", "once_cell", - "rustix 0.38.18", + "rustix 0.38.20", + "windows-sys", ] [[package]] @@ -3818,6 +3906,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-core" +version = "0.51.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-sys" version = "0.48.0" @@ -3886,9 +3983,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "winnow" -version = "0.5.16" +version = "0.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "037711d82167854aff2018dfd193aa0fef5370f456732f0d5a0c59b0f1b4b907" +checksum = "a3b801d0e0a6726477cc207f60162da452f3a95adb368399bef20a946e06f65c" dependencies = [ "memchr", ] diff --git a/Cargo.toml b/Cargo.toml index d4794ca3da8..cd56b04b696 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,7 +42,7 @@ syslog = "6.1.0" # Logging log = "0.4.20" fern = { version = "0.6.2", features = ["syslog-6"] } -tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work +tracing = { version = "0.1.40", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work # A `dotenv` implementation for Rust dotenvy = { version = "0.15.7", default-features = false } @@ -71,7 +71,7 @@ futures = "0.3.28" tokio = { version = "1.33.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] } # A generic serialization/deserialization framework -serde = { version = "1.0.188", features = ["derive"] } +serde = { version = "1.0.189", features = ["derive"] } serde_json = "1.0.107" # A safe, extensible ORM and Query builder @@ -84,15 +84,15 @@ libsqlite3-sys = { version = "0.26.0", features = ["bundled"], optional = true } # Crypto-related libraries rand = { version = "0.8.5", features = ["small_rng"] } -ring = "0.16.20" +ring = "0.17.5" # UUID generation -uuid = { version = "1.4.1", features = ["v4"] } +uuid = { version = "1.5.0", features = ["v4"] } # Date and time libraries chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false } chrono-tz = "0.8.3" -time = "0.3.29" +time = "0.3.30" # Job scheduler job_scheduler_ng = "2.0.4" @@ -101,7 +101,7 @@ job_scheduler_ng = "2.0.4" data-encoding = "2.4.0" # JWT library -jsonwebtoken = "8.3.0" +jsonwebtoken = "9.0.0" # TOTP library totp-lite = "2.0.0" @@ -116,7 +116,7 @@ webauthn-rs = "0.3.2" url = "2.4.1" # Email libraries -lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false } +lettre = { version = "0.11.0", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false } percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails email_address = "0.2.4" @@ -128,7 +128,7 @@ reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip" # Favicon extraction libraries html5gum = "0.5.7" -regex = { version = "1.10.0", features = ["std", "perf", "unicode-perl"], default-features = false } +regex = { version = "1.10.2", features = ["std", "perf", "unicode-perl"], default-features = false } data-url = "0.3.0" bytes = "1.5.0" @@ -158,7 +158,7 @@ semver = "1.0.20" # Allow overriding the default memory allocator # Mainly used for the musl builds, since the default musl malloc is very slow mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true } -which = "4.4.2" +which = "5.0.0" # Argon2 library with support for the PHC format argon2 = "0.5.2" diff --git a/Dockerfile b/Dockerfile index c99d6e504ec..e4ce2a8130b 120000 --- a/Dockerfile +++ b/Dockerfile @@ -1 +1 @@ -docker/amd64/Dockerfile \ No newline at end of file +docker/Dockerfile.debian \ No newline at end of file diff --git a/docker/DockerSettings.yaml b/docker/DockerSettings.yaml index 2ad1eb1460a..ac50905506d 100644 --- a/docker/DockerSettings.yaml +++ b/docker/DockerSettings.yaml @@ -1,6 +1,9 @@ --- vault_version: "v2023.8.2" vault_image_digest: "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" +# Cross Compile Docker Helper Scripts v1.3.0 +# We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts +xx_image_digest: "sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc" rust_version: 1.73.0 # Rust version to be used debian_version: bookworm # Debian release name to be used alpine_version: 3.18 # Alpine version to be used diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 6bfe90ad353..02c3bb976b3 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -65,11 +65,6 @@ RUN mkdir -pv "${CARGO_HOME}" \ RUN USER=root cargo new --bin /app WORKDIR /app -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - # Shared variables across Debian and Alpine RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic @@ -84,6 +79,12 @@ RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs # Builds your dependencies and removes the # dummy project, except the target folder @@ -113,7 +114,7 @@ RUN source /env-cargo && \ # Create a new stage with a minimal image # because we already have a binary built # -# For these images to be able to built you need to have qemu binfmt support. +# To build these images you need to have qemu binfmt support. # See the following pages to help install these tools locally # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 @@ -123,7 +124,9 @@ RUN source /env-cargo && \ # See: https://github.com/tonistiigi/binfmt # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' -FROM docker.io/library/alpine:3.18 +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.18 ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ @@ -133,10 +136,10 @@ ENV ROCKET_PROFILE="release" \ # Create data folder and Install needed libraries RUN mkdir /data && \ apk --no-cache add \ - ca-certificates \ - curl \ - openssl \ - tzdata + ca-certificates \ + curl \ + openssl \ + tzdata VOLUME /data EXPOSE 80 diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian index 8607e63a3b3..fc99c81504a 100644 --- a/docker/Dockerfile.debian +++ b/docker/Dockerfile.debian @@ -29,7 +29,9 @@ FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault ########################## Cross Compile Docker Helper Scripts ########################## -FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx +## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts +## And these bash scripts do not have any significant difference if at all +FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc AS xx ########################## BUILD IMAGE ########################## # hadolint ignore=DL3006 @@ -51,11 +53,14 @@ ENV DEBIAN_FRONTEND=noninteractive \ # Install clang to get `xx-cargo` working # Install pkg-config to allow amd64 builds to find all libraries +# Install git so build.rs can determine the correct version # Install the libc cross packages based upon the debian-arch RUN apt-get update && \ apt-get install -y \ --no-install-recommends \ - clang pkg-config \ + clang \ + pkg-config \ + git \ "libc6-$(xx-info debian-arch)-cross" \ "libc6-dev-$(xx-info debian-arch)-cross" \ "linux-libc-dev-$(xx-info debian-arch)-cross" && \ @@ -82,11 +87,6 @@ RUN mkdir -pv "${CARGO_HOME}" \ RUN USER=root cargo new --bin /app WORKDIR /app -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - # Environment variables for cargo across Debian and Alpine RUN source /env-cargo && \ if xx-info is-cross ; then \ @@ -109,6 +109,12 @@ RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs # Builds your dependencies and removes the # dummy project, except the target folder @@ -138,7 +144,7 @@ RUN source /env-cargo && \ # Create a new stage with a minimal image # because we already have a binary built # -# For these images to be able to built you need to have qemu binfmt support. +# To build these images you need to have qemu binfmt support. # See the following pages to help install these tools locally # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 @@ -148,7 +154,9 @@ RUN source /env-cargo && \ # See: https://github.com/tonistiigi/binfmt # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' -FROM docker.io/library/debian:bookworm-slim +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM docker.io/library/debian:bookworm-slim ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ @@ -164,8 +172,8 @@ RUN mkdir /data && \ libmariadb-dev-compat \ libpq5 \ openssl && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* + apt-get clean && \ + rm -rf /var/lib/apt/lists/* VOLUME /data EXPOSE 80 diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 index 5748850ee1f..7fa39bfbc21 100644 --- a/docker/Dockerfile.j2 +++ b/docker/Dockerfile.j2 @@ -30,7 +30,9 @@ FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_diges {% if base == "debian" %} ########################## Cross Compile Docker Helper Scripts ########################## -FROM --platform=$BUILDPLATFORM docker.io/tonistiigi/xx:master AS xx +## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts +## And these bash scripts do not have any significant difference if at all +FROM --platform=linux/amd64 docker.io/tonistiigi/xx@{{ xx_image_digest }} AS xx {% elif base == "alpine" %} ########################## ALPINE BUILD IMAGES ########################## ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 @@ -69,11 +71,14 @@ ENV DEBIAN_FRONTEND=noninteractive \ # Install clang to get `xx-cargo` working # Install pkg-config to allow amd64 builds to find all libraries +# Install git so build.rs can determine the correct version # Install the libc cross packages based upon the debian-arch RUN apt-get update && \ apt-get install -y \ --no-install-recommends \ - clang pkg-config \ + clang \ + pkg-config \ + git \ "libc6-$(xx-info debian-arch)-cross" \ "libc6-dev-$(xx-info debian-arch)-cross" \ "linux-libc-dev-$(xx-info debian-arch)-cross" && \ @@ -101,19 +106,14 @@ RUN mkdir -pv "${CARGO_HOME}" \ RUN USER=root cargo new --bin /app WORKDIR /app -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - {% if base == "debian" %} # Environment variables for cargo across Debian and Alpine RUN source /env-cargo && \ if xx-info is-cross ; then \ # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. # Because of this we generate the needed environment variables here which we can load in the needed steps. - echo "export CC_$(echo ${CARGO_TARGET} | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ - echo "export CARGO_TARGET_$(echo ${CARGO_TARGET} | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ echo "export CROSS_COMPILE=1" >> /env-cargo && \ echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ @@ -140,6 +140,12 @@ RUN source /env-cargo && \ rustup target add "${CARGO_TARGET}" ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs # Builds your dependencies and removes the # dummy project, except the target folder @@ -169,7 +175,7 @@ RUN source /env-cargo && \ # Create a new stage with a minimal image # because we already have a binary built # -# For these images to be able to built you need to have qemu binfmt support. +# To build these images you need to have qemu binfmt support. # See the following pages to help install these tools locally # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 @@ -179,7 +185,9 @@ RUN source /env-cargo && \ # See: https://github.com/tonistiigi/binfmt # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' -FROM {{ runtime_stage_image[base] }} +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM {{ runtime_stage_image[base] }} ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ @@ -200,14 +208,14 @@ RUN mkdir /data && \ libmariadb-dev-compat \ libpq5 \ openssl && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* + apt-get clean && \ + rm -rf /var/lib/apt/lists/* {% elif base == "alpine" %} apk --no-cache add \ - ca-certificates \ - curl \ - openssl \ - tzdata + ca-certificates \ + curl \ + openssl \ + tzdata {% endif %} VOLUME /data diff --git a/docker/Makefile b/docker/Makefile index 74c4bae5510..e8c0760a5e4 100644 --- a/docker/Makefile +++ b/docker/Makefile @@ -1,3 +1,4 @@ all: ./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian ./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine +.PHONY: all diff --git a/docker/README.md b/docker/README.md index 314e8aa132f..3c74043c02a 100644 --- a/docker/README.md +++ b/docker/README.md @@ -1,7 +1,7 @@ # Vaultwarden Container Building To build and release new testing and stable releases of Vaultwarden we use `docker buildx bake`.
-This can be used locally by running the command your self, but it is also used by GitHub Actions. +This can be used locally by running the command yourself, but it is also used by GitHub Actions. This makes it easier for us to test and maintain the different architectures we provide.
We also just have two Dockerfile's one for Debian and one for Alpine based images.
@@ -67,7 +67,7 @@ docker buildx bake --file docker/docker-bake.hcl alpine-armv6 ## Local Multi Architecture container building -Start the the initialization, this only needs to be done once. +Start the initialization, this only needs to be done once. ```bash # Create and use a new buildx builder instance which connects to the host network @@ -92,6 +92,7 @@ CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \ docker buildx bake --file docker/docker-bake.hcl alpine-multi ``` + ## Using the `bake.sh` script To make it a bit more easier to trigger a build, there also is a `bake.sh` script.
@@ -109,6 +110,66 @@ Or if you want to just build a Debian container from the repo root, you can run docker/bake.sh ``` +You can append both `alpine` and `debian` with `-amd64`, `-arm64`, `-armv7` or `-armv6`, which will trigger a build for that specific platform.
+This will also append those values to the tag so you can see the builded container when running `docker images`. + +You can also append extra arguments after the target if you want. This can be useful for example to print what bake will use. +```bash +docker/bake.sh alpine-all --print +``` + +### Testing baked images + +To test these images you can run these images by using the correct tag and provide the platform.
+For example, after you have build an arm64 image via `./bake.sh debian-arm64` you can run: +```bash +docker run --rm -it \ + -e DISABLE_ADMIN_TOKEN=true \ + -e I_REALLY_WANT_VOLATILE_STORAGE=true \ + -p8080:80 --platform=linux/arm64 \ + vaultwarden/server:testing-arm64 +``` + + +## Using the `podman-bake.sh` script + +To also make building easier using podman, there is a `podman-bake.sh` script.
+This script calls `podman buildx build` with the needed parameters and the same as `bake.sh`, it will generate some variables automatically.
+This script can be called from both the repo root or within the docker directory. + +**NOTE:** Unlike the `bake.sh` script, this only supports a single `CONTAINER_REGISTRIES`, and a single `BASE_TAGS` value, no comma separated values. It also only supports building separate architectures, no Multi Arch containers. + +To build an Alpine arm64 image with only sqlite support and mimalloc, run this: +```bash +DB="sqlite,enable_mimalloc" \ +./podman-bake.sh alpine-arm64 +``` + +Or if you want to just build a Debian container from the repo root, you can run this. +```bash +docker/podman-bake.sh +``` + +You can append extra arguments after the target if you want. This can be useful for example to disable cache like this. +```bash +./podman-bake.sh alpine-arm64 --no-cache +``` + +For the podman builds you can, just like the `bake.sh` script, also append the architecture to build for that specific platform.
+ +### Testing podman builded images + +The command to start a podman built container is almost the same as for the docker/bake built containers. The images start with `localhost/`, so you need to prepend that. + +```bash +podman run --rm -it \ + -e DISABLE_ADMIN_TOKEN=true \ + -e I_REALLY_WANT_VOLATILE_STORAGE=true \ + -p8080:80 --platform=linux/arm64 \ + localhost/vaultwarden/server:testing-arm64 +``` + + ## Variables supported | Variable | default | description | | --------------------- | ------------------ | ----------- | @@ -119,3 +180,4 @@ docker/bake.sh | SOURCE_VERSION | null | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit | | BASE_TAGS | testing | Tags to be used. Can be a comma separated value like "latest,1.29.2" | | CONTAINER_REGISTRIES | vaultwarden/server | Comma separated value of container registries. Like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` | +| VW_VERSION | null | To override the `SOURCE_VERSION` value. This is also used by the `build.rs` code for example | diff --git a/docker/bake.sh b/docker/bake.sh index fa10179d71c..8aeac2fb1da 100755 --- a/docker/bake.sh +++ b/docker/bake.sh @@ -1,25 +1,15 @@ -#!/usr/bin/env sh +#!/usr/bin/env bash # Determine the basedir of this script. # It should be located in the same directory as the docker-bake.hcl # This ensures you can run this script from both inside and outside of the docker directory BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")") -if [ -z "${SOURCE_COMMIT}" ]; then - SOURCE_COMMIT="$(git rev-parse HEAD)" -fi +# Load build env's +source "${BASEDIR}/bake_env.sh" -GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" -if [ -n "${GIT_EXACT_TAG}" ]; then - SOURCE_VERSION="${GIT_EXACT_TAG}" -else - GIT_LAST_TAG="$(git describe --tags --abbrev=0)" - SOURCE_VERSION="${GIT_LAST_TAG}-$(printf '%s' "${SOURCE_COMMIT}" | cut -c 8)" -fi - -# Export the rendered variables above so bake will use them -export SOURCE_COMMIT -export SOURCE_VERSION +# Be verbose on what is being executed +set -x # Make sure we set the context to `..` so it will go up one directory docker buildx bake --progress plain --set "*.context=${BASEDIR}/.." -f "${BASEDIR}/docker-bake.hcl" "$@" diff --git a/docker/bake_env.sh b/docker/bake_env.sh new file mode 100644 index 00000000000..343f89520cf --- /dev/null +++ b/docker/bake_env.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +# If SOURCE_COMMIT is provided via env skip this +if [ -z "${SOURCE_COMMIT+x}" ]; then + SOURCE_COMMIT="$(git rev-parse HEAD)" +fi + +# If VW_VERSION is provided via env use it as SOURCE_VERSION +# Else define it using git +if [[ -n "${VW_VERSION}" ]]; then + SOURCE_VERSION="${VW_VERSION}" +else + GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" + if [[ -n "${GIT_EXACT_TAG}" ]]; then + SOURCE_VERSION="${GIT_EXACT_TAG}" + else + GIT_LAST_TAG="$(git describe --tags --abbrev=0)" + SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" + GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)" + case "${GIT_BRANCH}" in + main|master|HEAD) + # Do not add the branch name for these branches + ;; + *) + SOURCE_VERSION="${SOURCE_VERSION} (${GIT_BRANCH})" + ;; + esac + fi +fi + +# Export the rendered variables above so bake will use them +export SOURCE_COMMIT +export SOURCE_VERSION diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl index bc25ca590b0..332b46c901f 100644 --- a/docker/docker-bake.hcl +++ b/docker/docker-bake.hcl @@ -29,6 +29,12 @@ variable "SOURCE_VERSION" { default = null } +// This can be used to overwrite SOURCE_VERSION +// It will be used during the build.rs building stage +variable "VW_VERSION" { + default = null +} + // The base tag(s) to use // This can be a comma separated value like "testing,1.29.2" variable "BASE_TAGS" { @@ -51,9 +57,10 @@ group "default" { // ==== Shared Baking ==== - -target "_default_attributes" { - labels = { +function "labels" { + params = [] + result = { + "org.opencontainers.image.description" = "Unofficial Bitwarden compatible server written in Rust - ${SOURCE_VERSION}" "org.opencontainers.image.licenses" = "AGPL-3.0-only" "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki" "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden" @@ -62,9 +69,14 @@ target "_default_attributes" { "org.opencontainers.image.revision" = "${SOURCE_COMMIT}" "org.opencontainers.image.version" = "${SOURCE_VERSION}" } +} + +target "_default_attributes" { + labels = labels() args = { DB = "${DB}" CARGO_PROFILE = "${CARGO_PROFILE}" + VW_VERSION = "${VW_VERSION}" } } @@ -75,8 +87,8 @@ target "_default_attributes" { target "debian" { inherits = ["_default_attributes"] dockerfile = "docker/Dockerfile.debian" - output = ["type=docker"] tags = generate_tags("", platform_tag()) + output = [join(",", flatten([["type=docker"], image_index_annotations()]))] } // Multi Platform target, will build one tagged manifest with all supported architectures @@ -85,7 +97,7 @@ target "debian-multi" { inherits = ["debian"] platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] tags = generate_tags("", "") - output = ["type=registry"] + output = [join(",", flatten([["type=registry"], image_index_annotations()]))] } // Per platform targets, to individually test building per platform locally @@ -125,8 +137,8 @@ group "debian-all" { target "alpine" { inherits = ["_default_attributes"] dockerfile = "docker/Dockerfile.alpine" - output = ["type=docker"] tags = generate_tags("-alpine", platform_tag()) + output = [join(",", flatten([["type=docker"], image_index_annotations()]))] } // Multi Platform target, will build one tagged manifest with all supported architectures @@ -135,7 +147,7 @@ target "alpine-multi" { inherits = ["alpine"] platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] tags = generate_tags("-alpine", "") - output = ["type=registry"] + output = [join(",", flatten([["type=registry"], image_index_annotations()]))] } // Per platform targets, to individually test building per platform locally @@ -207,3 +219,11 @@ function "generate_tags" { concat(["${registry}:${base_tag}${suffix}${platform}"])] ]) } + +function "image_index_annotations" { + params = [] + result = flatten([ + for key, value in labels() : + value != null ? formatlist("annotation-index.%s=%s", "${key}", "${value}") : [] + ]) +} diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh index ee95d57d684..5021b187dc5 100755 --- a/docker/healthcheck.sh +++ b/docker/healthcheck.sh @@ -10,7 +10,7 @@ CONFIG_FILE="${DATA_FOLDER}"/config.json # Given a config key, return the corresponding config value from the # config file. If the key doesn't exist, return an empty string. get_config_val() { - local key="$1" + key="$1" # Extract a line of the form: # "domain": "https://bw.example.com/path", grep "\"${key}\":" "${CONFIG_FILE}" | diff --git a/docker/podman-bake.sh b/docker/podman-bake.sh new file mode 100755 index 00000000000..9c97825ef7f --- /dev/null +++ b/docker/podman-bake.sh @@ -0,0 +1,105 @@ +#!/usr/bin/env bash + +# Determine the basedir of this script. +# It should be located in the same directory as the docker-bake.hcl +# This ensures you can run this script from both inside and outside of the docker directory +BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")") + +# Load build env's +source "${BASEDIR}/bake_env.sh" + +# Check if a target is given as first argument +# If not we assume the defaults and pass the given arguments to the podman command +case "${1}" in + alpine*|debian*) + TARGET="${1}" + # Now shift the $@ array so we only have the rest of the arguments + # This allows us too append these as extra arguments too the podman buildx build command + shift + ;; +esac + +LABEL_ARGS=( + --label org.opencontainers.image.description="Unofficial Bitwarden compatible server written in Rust" + --label org.opencontainers.image.licenses="AGPL-3.0-only" + --label org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki" + --label org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden" + --label org.opencontainers.image.created="$(date --utc --iso-8601=seconds)" +) +if [[ -n "${SOURCE_REPOSITORY_URL}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}") +fi +if [[ -n "${SOURCE_COMMIT}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.revision="${SOURCE_COMMIT}") +fi +if [[ -n "${SOURCE_VERSION}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.version="${SOURCE_VERSION}") +fi + +# Check if and which --build-arg arguments we need to configure +BUILD_ARGS=() +if [[ -n "${DB}" ]]; then + BUILD_ARGS+=(--build-arg DB="${DB}") +fi +if [[ -n "${CARGO_PROFILE}" ]]; then + BUILD_ARGS+=(--build-arg CARGO_PROFILE="${CARGO_PROFILE}") +fi +if [[ -n "${VW_VERSION}" ]]; then + BUILD_ARGS+=(--build-arg VW_VERSION="${VW_VERSION}") +fi + +# Set the default BASE_TAGS if non are provided +if [[ -z "${BASE_TAGS}" ]]; then + BASE_TAGS="testing" +fi + +# Set the default CONTAINER_REGISTRIES if non are provided +if [[ -z "${CONTAINER_REGISTRIES}" ]]; then + CONTAINER_REGISTRIES="vaultwarden/server" +fi + +# Check which Dockerfile we need to use, default is debian +case "${TARGET}" in + alpine*) + BASE_TAGS="${BASE_TAGS}-alpine" + DOCKERFILE="Dockerfile.alpine" + ;; + *) + DOCKERFILE="Dockerfile.debian" + ;; +esac + +# Check which platform we need to build and append the BASE_TAGS with the architecture +case "${TARGET}" in + *-arm64) + BASE_TAGS="${BASE_TAGS}-arm64" + PLATFORM="linux/arm64" + ;; + *-armv7) + BASE_TAGS="${BASE_TAGS}-armv7" + PLATFORM="linux/arm/v7" + ;; + *-armv6) + BASE_TAGS="${BASE_TAGS}-armv6" + PLATFORM="linux/arm/v6" + ;; + *) + BASE_TAGS="${BASE_TAGS}-amd64" + PLATFORM="linux/amd64" + ;; +esac + +# Be verbose on what is being executed +set -x + +# Build the image with podman +# We use the docker format here since we are using `SHELL`, which is not supported by OCI +# shellcheck disable=SC2086 +podman buildx build \ + --platform="${PLATFORM}" \ + --tag="${CONTAINER_REGISTRIES}:${BASE_TAGS}" \ + --format=docker \ + "${LABEL_ARGS[@]}" \ + "${BUILD_ARGS[@]}" \ + --file="${BASEDIR}/${DOCKERFILE}" "$@" \ + "${BASEDIR}/.."