mirror of
https://github.com/hoernschen/dendrite.git
synced 2024-12-27 07:28:27 +00:00
Multi-stage Docker builds (#2850)
This builds on @S7evinK's work to make multi-stage Docker builds. Now that we can build SQLite without Cgo this should be much simpler and should make Docker builds in CI significantly faster. Co-authored-by: Till Faelligen <tfaelligen@gmail.com> Co-authored-by: Till Faelligen <davidf@element.io> Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
This commit is contained in:
parent
51ab0a8ccf
commit
ca8bc87380
13 changed files with 254 additions and 146 deletions
6
.github/workflows/dendrite.yml
vendored
6
.github/workflows/dendrite.yml
vendored
|
@ -297,7 +297,7 @@ jobs:
|
||||||
SYTEST_BRANCH: ${{ github.head_ref }}
|
SYTEST_BRANCH: ${{ github.head_ref }}
|
||||||
CGO_ENABLED: ${{ matrix.cgo && 1 }}
|
CGO_ENABLED: ${{ matrix.cgo && 1 }}
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v3
|
||||||
- name: Run Sytest
|
- name: Run Sytest
|
||||||
run: /bootstrap.sh dendrite
|
run: /bootstrap.sh dendrite
|
||||||
working-directory: /src
|
working-directory: /src
|
||||||
|
@ -364,8 +364,8 @@ jobs:
|
||||||
sudo apt-get update && sudo apt-get install -y libolm3 libolm-dev
|
sudo apt-get update && sudo apt-get install -y libolm3 libolm-dev
|
||||||
go get -v github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest
|
go get -v github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest
|
||||||
|
|
||||||
- name: Run actions/checkout@v2 for dendrite
|
- name: Run actions/checkout@v3 for dendrite
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
path: dendrite
|
path: dendrite
|
||||||
|
|
||||||
|
|
151
.github/workflows/docker.yml
vendored
151
.github/workflows/docker.yml
vendored
|
@ -21,26 +21,32 @@ jobs:
|
||||||
monolith:
|
monolith:
|
||||||
name: Monolith image
|
name: Monolith image
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
needs: build-flags
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
packages: write
|
packages: write
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
- name: Get release tag
|
- name: Get release tag & build flags
|
||||||
if: github.event_name == 'release' # Only for GitHub releases
|
if: github.event_name == 'release' # Only for GitHub releases
|
||||||
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
|
run: |
|
||||||
|
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
|
||||||
|
echo "BUILD=$(git rev-parse --short HEAD || "") >> $GITHUB_ENV
|
||||||
|
BRANCH=$(git symbolic-ref --short HEAD | tr -d \/)
|
||||||
|
[ ${BRANCH} == "main" ] && BRANCH=""
|
||||||
|
echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
|
||||||
- name: Set up QEMU
|
- name: Set up QEMU
|
||||||
uses: docker/setup-qemu-action@v1
|
uses: docker/setup-qemu-action@v1
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v1
|
uses: docker/setup-buildx-action@v2
|
||||||
- name: Login to Docker Hub
|
- name: Login to Docker Hub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v2
|
||||||
with:
|
with:
|
||||||
username: ${{ env.DOCKER_HUB_USER }}
|
username: ${{ env.DOCKER_HUB_USER }}
|
||||||
password: ${{ secrets.DOCKER_TOKEN }}
|
password: ${{ secrets.DOCKER_TOKEN }}
|
||||||
- name: Login to GitHub Containers
|
- name: Login to GitHub Containers
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v2
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
|
@ -49,27 +55,41 @@ jobs:
|
||||||
- name: Build main monolith image
|
- name: Build main monolith image
|
||||||
if: github.ref_name == 'main'
|
if: github.ref_name == 'main'
|
||||||
id: docker_build_monolith
|
id: docker_build_monolith
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=gha,mode=max
|
||||||
context: .
|
context: .
|
||||||
file: ./build/docker/Dockerfile.monolith
|
build-args: FLAGS="-X github.com/matrix-org/dendrite/internal.branch=${{ env.BRANCH }} -X github.com/matrix-org/dendrite/internal.build=${{ env.BUILD }}"
|
||||||
|
target: monolith
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: |
|
tags: |
|
||||||
${{ env.DOCKER_NAMESPACE }}/dendrite-monolith:${{ github.ref_name }}
|
${{ env.DOCKER_NAMESPACE }}/dendrite-monolith:${{ github.ref_name }}
|
||||||
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-monolith:${{ github.ref_name }}
|
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-monolith:${{ github.ref_name }}
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scanner
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-monolith:${{ github.ref_name }}
|
||||||
|
format: "sarif"
|
||||||
|
output: "trivy-results.sarif"
|
||||||
|
|
||||||
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
|
uses: github/codeql-action/upload-sarif@v1
|
||||||
|
with:
|
||||||
|
sarif_file: "trivy-results.sarif"
|
||||||
|
|
||||||
- name: Build release monolith image
|
- name: Build release monolith image
|
||||||
if: github.event_name == 'release' # Only for GitHub releases
|
if: github.event_name == 'release' # Only for GitHub releases
|
||||||
id: docker_build_monolith_release
|
id: docker_build_monolith_release
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=gha,mode=max
|
||||||
context: .
|
context: .
|
||||||
file: ./build/docker/Dockerfile.monolith
|
build-args: FLAGS="-X github.com/matrix-org/dendrite/internal.branch=${{ env.BRANCH }} -X github.com/matrix-org/dendrite/internal.build=${{ env.BUILD }}"
|
||||||
|
target: monolith
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: |
|
tags: |
|
||||||
|
@ -81,26 +101,32 @@ jobs:
|
||||||
polylith:
|
polylith:
|
||||||
name: Polylith image
|
name: Polylith image
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
needs: build-flags
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
packages: write
|
packages: write
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
- name: Get release tag
|
- name: Get release tag & build flags
|
||||||
if: github.event_name == 'release' # Only for GitHub releases
|
if: github.event_name == 'release' # Only for GitHub releases
|
||||||
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
|
run: |
|
||||||
|
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
|
||||||
|
echo "BUILD=$(git rev-parse --short HEAD || "") >> $GITHUB_ENV
|
||||||
|
BRANCH=$(git symbolic-ref --short HEAD | tr -d \/)
|
||||||
|
[ ${BRANCH} == "main" ] && BRANCH=""
|
||||||
|
echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
|
||||||
- name: Set up QEMU
|
- name: Set up QEMU
|
||||||
uses: docker/setup-qemu-action@v1
|
uses: docker/setup-qemu-action@v1
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v1
|
uses: docker/setup-buildx-action@v2
|
||||||
- name: Login to Docker Hub
|
- name: Login to Docker Hub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v2
|
||||||
with:
|
with:
|
||||||
username: ${{ env.DOCKER_HUB_USER }}
|
username: ${{ env.DOCKER_HUB_USER }}
|
||||||
password: ${{ secrets.DOCKER_TOKEN }}
|
password: ${{ secrets.DOCKER_TOKEN }}
|
||||||
- name: Login to GitHub Containers
|
- name: Login to GitHub Containers
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v2
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
|
@ -109,27 +135,40 @@ jobs:
|
||||||
- name: Build main polylith image
|
- name: Build main polylith image
|
||||||
if: github.ref_name == 'main'
|
if: github.ref_name == 'main'
|
||||||
id: docker_build_polylith
|
id: docker_build_polylith
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=gha,mode=max
|
||||||
context: .
|
context: .
|
||||||
file: ./build/docker/Dockerfile.polylith
|
build-args: FLAGS="-X github.com/matrix-org/dendrite/internal.branch=${{ env.BRANCH }} -X github.com/matrix-org/dendrite/internal.build=${{ env.BUILD }}"
|
||||||
|
target: polylith
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: |
|
tags: |
|
||||||
${{ env.DOCKER_NAMESPACE }}/dendrite-polylith:${{ github.ref_name }}
|
${{ env.DOCKER_NAMESPACE }}/dendrite-polylith:${{ github.ref_name }}
|
||||||
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-polylith:${{ github.ref_name }}
|
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-polylith:${{ github.ref_name }}
|
||||||
|
|
||||||
|
- name: Run Trivy vulnerability scanner
|
||||||
|
uses: aquasecurity/trivy-action@master
|
||||||
|
with:
|
||||||
|
image-ref: ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-polylith:${{ github.ref_name }}
|
||||||
|
format: "sarif"
|
||||||
|
output: "trivy-results.sarif"
|
||||||
|
|
||||||
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
|
uses: github/codeql-action/upload-sarif@v1
|
||||||
|
with:
|
||||||
|
sarif_file: "trivy-results.sarif"
|
||||||
|
|
||||||
- name: Build release polylith image
|
- name: Build release polylith image
|
||||||
if: github.event_name == 'release' # Only for GitHub releases
|
if: github.event_name == 'release' # Only for GitHub releases
|
||||||
id: docker_build_polylith_release
|
id: docker_build_polylith_release
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=gha,mode=max
|
||||||
context: .
|
context: .
|
||||||
file: ./build/docker/Dockerfile.polylith
|
target: polylith
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: |
|
tags: |
|
||||||
|
@ -141,59 +180,99 @@ jobs:
|
||||||
demo-pinecone:
|
demo-pinecone:
|
||||||
name: Pinecone demo image
|
name: Pinecone demo image
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
needs: build-flags
|
||||||
permissions:
|
permissions:
|
||||||
contents: read
|
contents: read
|
||||||
packages: write
|
packages: write
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v3
|
||||||
- name: Get release tag
|
- name: Get release tag & build flags
|
||||||
if: github.event_name == 'release' # Only for GitHub releases
|
if: github.event_name == 'release' # Only for GitHub releases
|
||||||
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
|
run: |
|
||||||
|
echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
|
||||||
|
echo "BUILD=$(git rev-parse --short HEAD || "") >> $GITHUB_ENV
|
||||||
|
BRANCH=$(git symbolic-ref --short HEAD | tr -d \/)
|
||||||
|
[ ${BRANCH} == "main" ] && BRANCH=""
|
||||||
|
echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
|
||||||
- name: Set up QEMU
|
- name: Set up QEMU
|
||||||
uses: docker/setup-qemu-action@v1
|
uses: docker/setup-qemu-action@v1
|
||||||
- name: Set up Docker Buildx
|
- name: Set up Docker Buildx
|
||||||
uses: docker/setup-buildx-action@v1
|
uses: docker/setup-buildx-action@v2
|
||||||
- name: Login to Docker Hub
|
- name: Login to Docker Hub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v2
|
||||||
with:
|
with:
|
||||||
username: ${{ env.DOCKER_HUB_USER }}
|
username: ${{ env.DOCKER_HUB_USER }}
|
||||||
password: ${{ secrets.DOCKER_TOKEN }}
|
password: ${{ secrets.DOCKER_TOKEN }}
|
||||||
- name: Login to GitHub Containers
|
- name: Login to GitHub Containers
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v2
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
password: ${{ secrets.GITHUB_TOKEN }}
|
password: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Build main pinecone demo image
|
- name: Build main Pinecone demo image
|
||||||
if: github.ref_name == 'main'
|
if: github.ref_name == 'main'
|
||||||
id: docker_build_demo_pinecone
|
id: docker_build_demo_pinecone
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=gha,mode=max
|
||||||
context: .
|
context: .
|
||||||
file: ./build/docker/Dockerfile.demo-pinecone
|
target: demo-pinecone
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: |
|
tags: |
|
||||||
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-pinecone:${{ github.ref_name }}
|
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-pinecone:${{ github.ref_name }}
|
||||||
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-pinecone:${{ github.ref_name }}
|
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-pinecone:${{ github.ref_name }}
|
||||||
|
|
||||||
- name: Build release pinecone demo image
|
- name: Build release Pinecone demo image
|
||||||
if: github.event_name == 'release' # Only for GitHub releases
|
if: github.event_name == 'release' # Only for GitHub releases
|
||||||
id: docker_build_demo_pinecone_release
|
id: docker_build_demo_pinecone_release
|
||||||
uses: docker/build-push-action@v2
|
uses: docker/build-push-action@v3
|
||||||
with:
|
with:
|
||||||
cache-from: type=gha
|
cache-from: type=gha
|
||||||
cache-to: type=gha,mode=max
|
cache-to: type=gha,mode=max
|
||||||
context: .
|
context: .
|
||||||
file: ./build/docker/Dockerfile.demo-pinecone
|
build-args: FLAGS="-X github.com/matrix-org/dendrite/internal.branch=${{ env.BRANCH }} -X github.com/matrix-org/dendrite/internal.build=${{ env.BUILD }}"
|
||||||
|
target: demo-pinecone
|
||||||
platforms: ${{ env.PLATFORMS }}
|
platforms: ${{ env.PLATFORMS }}
|
||||||
push: true
|
push: true
|
||||||
tags: |
|
tags: |
|
||||||
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-pinecone:latest
|
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-yggdrasil:latest
|
||||||
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-pinecone:${{ env.RELEASE_VERSION }}
|
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-yggdrasil:${{ env.RELEASE_VERSION }}
|
||||||
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-pinecone:latest
|
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-yggdrasil:latest
|
||||||
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-pinecone:${{ env.RELEASE_VERSION }}
|
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-yggdrasil:${{ env.RELEASE_VERSION }}
|
||||||
|
|
||||||
|
- name: Build main Yggdrasil demo image
|
||||||
|
if: github.ref_name == 'main'
|
||||||
|
id: docker_build_demo_yggdrasil
|
||||||
|
uses: docker/build-push-action@v3
|
||||||
|
with:
|
||||||
|
cache-from: type=gha
|
||||||
|
cache-to: type=gha,mode=max
|
||||||
|
context: .
|
||||||
|
target: demo-yggdrasil
|
||||||
|
platforms: ${{ env.PLATFORMS }}
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-yggdrasil:${{ github.ref_name }}
|
||||||
|
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-yggdrasil:${{ github.ref_name }}
|
||||||
|
|
||||||
|
- name: Build release Yggdrasil demo image
|
||||||
|
if: github.event_name == 'release' # Only for GitHub releases
|
||||||
|
id: docker_build_demo_yggdrasil_release
|
||||||
|
uses: docker/build-push-action@v3
|
||||||
|
with:
|
||||||
|
cache-from: type=gha
|
||||||
|
cache-to: type=gha,mode=max
|
||||||
|
context: .
|
||||||
|
build-args: FLAGS="-X github.com/matrix-org/dendrite/internal.branch=${{ env.BRANCH }} -X github.com/matrix-org/dendrite/internal.build=${{ env.BUILD }}"
|
||||||
|
target: demo-yggdrasil
|
||||||
|
platforms: ${{ env.PLATFORMS }}
|
||||||
|
push: true
|
||||||
|
tags: |
|
||||||
|
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-yggdrasil:latest
|
||||||
|
${{ env.DOCKER_NAMESPACE }}/dendrite-demo-yggdrasil:${{ env.RELEASE_VERSION }}
|
||||||
|
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-yggdrasil:latest
|
||||||
|
ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-demo-yggdrasil:${{ env.RELEASE_VERSION }}
|
||||||
|
|
122
Dockerfile
Normal file
122
Dockerfile
Normal file
|
@ -0,0 +1,122 @@
|
||||||
|
#syntax=docker/dockerfile:1.2
|
||||||
|
|
||||||
|
#
|
||||||
|
# base installs required dependencies and runs go mod download to cache dependencies
|
||||||
|
#
|
||||||
|
FROM --platform=${BUILDPLATFORM} docker.io/golang:1.19-alpine AS base
|
||||||
|
RUN apk --update --no-cache add bash build-base curl
|
||||||
|
|
||||||
|
#
|
||||||
|
# build creates all needed binaries
|
||||||
|
#
|
||||||
|
FROM base AS build
|
||||||
|
WORKDIR /src
|
||||||
|
ARG TARGETOS
|
||||||
|
ARG TARGETARCH
|
||||||
|
ARG FLAGS
|
||||||
|
RUN --mount=target=. \
|
||||||
|
--mount=type=cache,target=/root/.cache/go-build \
|
||||||
|
USERARCH=`go env GOARCH` \
|
||||||
|
GOARCH="$TARGETARCH" \
|
||||||
|
GOOS="linux" \
|
||||||
|
CGO_ENABLED=$([ "$TARGETARCH" = "$USERARCH" ] && echo "1" || echo "0") \
|
||||||
|
go build -v -ldflags="${FLAGS}" -trimpath -o /out/ ./cmd/...
|
||||||
|
|
||||||
|
#
|
||||||
|
# The dendrite base image; mainly creates a user and switches to it
|
||||||
|
#
|
||||||
|
FROM alpine:latest AS dendrite-base
|
||||||
|
LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
|
||||||
|
LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
|
||||||
|
LABEL org.opencontainers.image.licenses="Apache-2.0"
|
||||||
|
LABEL org.opencontainers.image.documentation="https://matrix-org.github.io/dendrite/"
|
||||||
|
LABEL org.opencontainers.image.vendor="The Matrix.org Foundation C.I.C."
|
||||||
|
RUN addgroup dendrite && adduser dendrite -G dendrite -u 1337 -D
|
||||||
|
USER dendrite
|
||||||
|
WORKDIR /home/dendrite
|
||||||
|
|
||||||
|
#
|
||||||
|
# Builds the polylith image and only contains the polylith binary
|
||||||
|
#
|
||||||
|
FROM dendrite-base AS polylith
|
||||||
|
LABEL org.opencontainers.image.title="Dendrite (Polylith)"
|
||||||
|
|
||||||
|
COPY --from=build /out/dendrite-polylith-multi /usr/bin/
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/bin/dendrite-polylith-multi"]
|
||||||
|
|
||||||
|
#
|
||||||
|
# Builds the monolith image and contains all required binaries
|
||||||
|
#
|
||||||
|
FROM dendrite-base AS monolith
|
||||||
|
LABEL org.opencontainers.image.title="Dendrite (Monolith)"
|
||||||
|
|
||||||
|
COPY --from=build /out/create-account /usr/bin/create-account
|
||||||
|
COPY --from=build /out/generate-config /usr/bin/generate-config
|
||||||
|
COPY --from=build /out/generate-keys /usr/bin/generate-keys
|
||||||
|
COPY --from=build /out/dendrite-monolith-server /usr/bin/dendrite-monolith-server
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/bin/dendrite-monolith-server"]
|
||||||
|
EXPOSE 8008 8448
|
||||||
|
|
||||||
|
#
|
||||||
|
# Builds the Pinecone P2P demo image and contains all required binaries
|
||||||
|
#
|
||||||
|
FROM dendrite-base AS demo-pinecone
|
||||||
|
LABEL org.opencontainers.image.title="Dendrite (Pinecone P2P Demo)"
|
||||||
|
|
||||||
|
COPY --from=build /out/create-account /usr/bin/create-account
|
||||||
|
COPY --from=build /out/generate-config /usr/bin/generate-config
|
||||||
|
COPY --from=build /out/generate-keys /usr/bin/generate-keys
|
||||||
|
COPY --from=build /out/dendrite-demo-pinecone /usr/bin/dendrite-demo-pinecone
|
||||||
|
|
||||||
|
VOLUME /etc/dendrite
|
||||||
|
WORKDIR /etc/dendrite
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/bin/dendrite-demo-pinecone"]
|
||||||
|
EXPOSE 8008 8448
|
||||||
|
|
||||||
|
#
|
||||||
|
# Builds the Yggdrasil P2P demo image and contains all required binaries
|
||||||
|
#
|
||||||
|
FROM dendrite-base AS demo-yggdrasil
|
||||||
|
LABEL org.opencontainers.image.title="Dendrite (Yggdrasil P2P Demo)"
|
||||||
|
|
||||||
|
COPY --from=build /out/create-account /usr/bin/create-account
|
||||||
|
COPY --from=build /out/generate-config /usr/bin/generate-config
|
||||||
|
COPY --from=build /out/generate-keys /usr/bin/generate-keys
|
||||||
|
COPY --from=build /out/dendrite-demo-yggdrasil /usr/bin/dendrite-demo-yggdrasil
|
||||||
|
|
||||||
|
VOLUME /etc/dendrite
|
||||||
|
WORKDIR /etc/dendrite
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/bin/dendrite-demo-yggdrasil"]
|
||||||
|
EXPOSE 8008 8448
|
||||||
|
|
||||||
|
#
|
||||||
|
# Builds the Complement image, used for integration tests
|
||||||
|
#
|
||||||
|
FROM base AS complement
|
||||||
|
LABEL org.opencontainers.image.title="Dendrite (Complement)"
|
||||||
|
RUN apk add --no-cache sqlite openssl ca-certificates
|
||||||
|
|
||||||
|
COPY --from=build /out/generate-config /usr/bin/generate-config
|
||||||
|
COPY --from=build /out/generate-keys /usr/bin/generate-keys
|
||||||
|
COPY --from=build /out/dendrite-monolith-server /usr/bin/dendrite-monolith-server
|
||||||
|
|
||||||
|
WORKDIR /dendrite
|
||||||
|
RUN /usr/bin/generate-keys --private-key matrix_key.pem && \
|
||||||
|
mkdir /ca && \
|
||||||
|
openssl genrsa -out /ca/ca.key 2048 && \
|
||||||
|
openssl req -new -x509 -key /ca/ca.key -days 3650 -subj "/C=GB/ST=London/O=matrix.org/CN=Complement CA" -out /ca/ca.crt
|
||||||
|
|
||||||
|
ENV SERVER_NAME=localhost
|
||||||
|
ENV API=0
|
||||||
|
EXPOSE 8008 8448
|
||||||
|
|
||||||
|
# At runtime, generate TLS cert based on the CA now mounted at /ca
|
||||||
|
# At runtime, replace the SERVER_NAME with what we are told
|
||||||
|
CMD /usr/bin/generate-keys --server $SERVER_NAME --tls-cert server.crt --tls-key server.key --tls-authority-cert /ca/ca.crt --tls-authority-key /ca/ca.key && \
|
||||||
|
/usr/bin/generate-config -server $SERVER_NAME --ci > dendrite.yaml && \
|
||||||
|
cp /ca/ca.crt /usr/local/share/ca-certificates/ && update-ca-certificates && \
|
||||||
|
/usr/bin/dendrite-monolith-server --really-enable-open-registration --tls-cert server.crt --tls-key server.key --config dendrite.yaml -api=${API:-0}
|
|
@ -1,25 +0,0 @@
|
||||||
FROM docker.io/golang:1.19-alpine AS base
|
|
||||||
|
|
||||||
RUN apk --update --no-cache add bash build-base
|
|
||||||
|
|
||||||
WORKDIR /build
|
|
||||||
|
|
||||||
COPY . /build
|
|
||||||
|
|
||||||
RUN mkdir -p bin
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/dendrite-demo-pinecone
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/create-account
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/generate-keys
|
|
||||||
|
|
||||||
FROM alpine:latest
|
|
||||||
LABEL org.opencontainers.image.title="Dendrite (Pinecone demo)"
|
|
||||||
LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
|
|
||||||
LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
|
|
||||||
LABEL org.opencontainers.image.licenses="Apache-2.0"
|
|
||||||
|
|
||||||
COPY --from=base /build/bin/* /usr/bin/
|
|
||||||
|
|
||||||
VOLUME /etc/dendrite
|
|
||||||
WORKDIR /etc/dendrite
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/dendrite-demo-pinecone"]
|
|
|
@ -1,25 +0,0 @@
|
||||||
FROM docker.io/golang:1.19-alpine AS base
|
|
||||||
|
|
||||||
RUN apk --update --no-cache add bash build-base
|
|
||||||
|
|
||||||
WORKDIR /build
|
|
||||||
|
|
||||||
COPY . /build
|
|
||||||
|
|
||||||
RUN mkdir -p bin
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/dendrite-demo-yggdrasil
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/create-account
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/generate-keys
|
|
||||||
|
|
||||||
FROM alpine:latest
|
|
||||||
LABEL org.opencontainers.image.title="Dendrite (Yggdrasil demo)"
|
|
||||||
LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
|
|
||||||
LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
|
|
||||||
LABEL org.opencontainers.image.licenses="Apache-2.0"
|
|
||||||
|
|
||||||
COPY --from=base /build/bin/* /usr/bin/
|
|
||||||
|
|
||||||
VOLUME /etc/dendrite
|
|
||||||
WORKDIR /etc/dendrite
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/dendrite-demo-yggdrasil"]
|
|
|
@ -1,25 +0,0 @@
|
||||||
FROM docker.io/golang:1.19-alpine AS base
|
|
||||||
|
|
||||||
RUN apk --update --no-cache add bash build-base
|
|
||||||
|
|
||||||
WORKDIR /build
|
|
||||||
|
|
||||||
COPY . /build
|
|
||||||
|
|
||||||
RUN mkdir -p bin
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/dendrite-monolith-server
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/create-account
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/generate-keys
|
|
||||||
|
|
||||||
FROM alpine:latest
|
|
||||||
LABEL org.opencontainers.image.title="Dendrite (Monolith)"
|
|
||||||
LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
|
|
||||||
LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
|
|
||||||
LABEL org.opencontainers.image.licenses="Apache-2.0"
|
|
||||||
|
|
||||||
COPY --from=base /build/bin/* /usr/bin/
|
|
||||||
|
|
||||||
VOLUME /etc/dendrite
|
|
||||||
WORKDIR /etc/dendrite
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/dendrite-monolith-server"]
|
|
|
@ -1,25 +0,0 @@
|
||||||
FROM docker.io/golang:1.19-alpine AS base
|
|
||||||
|
|
||||||
RUN apk --update --no-cache add bash build-base
|
|
||||||
|
|
||||||
WORKDIR /build
|
|
||||||
|
|
||||||
COPY . /build
|
|
||||||
|
|
||||||
RUN mkdir -p bin
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/dendrite-polylith-multi
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/create-account
|
|
||||||
RUN go build -trimpath -o bin/ ./cmd/generate-keys
|
|
||||||
|
|
||||||
FROM alpine:latest
|
|
||||||
LABEL org.opencontainers.image.title="Dendrite (Polylith)"
|
|
||||||
LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
|
|
||||||
LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
|
|
||||||
LABEL org.opencontainers.image.licenses="Apache-2.0"
|
|
||||||
|
|
||||||
COPY --from=base /build/bin/* /usr/bin/
|
|
||||||
|
|
||||||
VOLUME /etc/dendrite
|
|
||||||
WORKDIR /etc/dendrite
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/bin/dendrite-polylith-multi"]
|
|
|
@ -9,11 +9,16 @@ They can be found on Docker Hub:
|
||||||
|
|
||||||
## Dockerfiles
|
## Dockerfiles
|
||||||
|
|
||||||
The `Dockerfile` builds the base image which contains all of the Dendrite
|
The `Dockerfile` is a multistage file which can build all four Dendrite
|
||||||
components. The `Dockerfile.component` file takes the given component, as
|
images depending on the supplied `--target`. From the root of the Dendrite
|
||||||
specified with `--buildarg component=` from the base image and produce
|
repository, run:
|
||||||
smaller component-specific images, which are substantially smaller and do
|
|
||||||
not contain the Go toolchain etc.
|
```
|
||||||
|
docker build . --target monolith -t matrixdotorg/dendrite-monolith
|
||||||
|
docker build . --target polylith -t matrixdotorg/dendrite-monolith
|
||||||
|
docker build . --target demo-pinecone -t matrixdotorg/dendrite-demo-pinecone
|
||||||
|
docker build . --target demo-yggdrasil -t matrixdotorg/dendrite-demo-yggdrasil
|
||||||
|
```
|
||||||
|
|
||||||
## Compose files
|
## Compose files
|
||||||
|
|
||||||
|
|
|
@ -6,5 +6,7 @@ TAG=${1:-latest}
|
||||||
|
|
||||||
echo "Building tag '${TAG}'"
|
echo "Building tag '${TAG}'"
|
||||||
|
|
||||||
docker build -t matrixdotorg/dendrite-monolith:${TAG} -f build/docker/Dockerfile.monolith .
|
docker build . --target monolith -t matrixdotorg/dendrite-monolith:${TAG}
|
||||||
docker build -t matrixdotorg/dendrite-polylith:${TAG} -f build/docker/Dockerfile.polylith .
|
docker build . --target polylith -t matrixdotorg/dendrite-monolith:${TAG}
|
||||||
|
docker build . --target demo-pinecone -t matrixdotorg/dendrite-demo-pinecone:${TAG}
|
||||||
|
docker build . --target demo-yggdrasil -t matrixdotorg/dendrite-demo-yggdrasil:${TAG}
|
Loading…
Reference in a new issue