From 6f7ea116aa5b876a16077ae8cb6062a4ddbed300 Mon Sep 17 00:00:00 2001 From: Ellie Date: Fri, 4 Aug 2023 02:40:39 +1000 Subject: [PATCH 1/9] Add ARM64 Docker image support --- .woodpecker.yml | 4 +- docker/Dockerfile | 140 +++++++++++++++++++++++++++++++++++----------- 2 files changed, 110 insertions(+), 34 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index a3c1f1194a..2cbdd2a050 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -239,7 +239,7 @@ pipeline: settings: repo: dessalines/lemmy dockerfile: docker/Dockerfile - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 build_args: - RUST_RELEASE_MODE=release auto_tag: true @@ -252,7 +252,7 @@ pipeline: settings: repo: dessalines/lemmy dockerfile: docker/Dockerfile - platforms: linux/amd64 + platforms: linux/amd64,linux/arm64 build_args: - RUST_RELEASE_MODE=release tag: dev diff --git a/docker/Dockerfile b/docker/Dockerfile index 02c2e572c9..96594591b7 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,45 +1,121 @@ -FROM clux/muslrust:1.70.0 as builder -WORKDIR /app -ARG CARGO_BUILD_TARGET=x86_64-unknown-linux-musl - -# comma-seperated list of features to enable +ARG RUST_VERSION=1.71.0 +ARG ALPINE_VERSION=3.18 ARG CARGO_BUILD_FEATURES=default +ARG RUST_RELEASE_MODE=debug +ARG UID=911 +ARG GID=911 + +#################################################################################################### +## AMD64 builder base +#################################################################################################### +FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:x86_64-musl-stable-${RUST_VERSION} AS base-amd64 + +ENV DEBIAN_FRONTEND=noninteractive +ENV CARGO_HOME=/root/.cargo + +RUN apt update && apt install -y \ + --no-install-recommends \ + git + +RUN mkdir -pv "${CARGO_HOME}" && \ + rustup set profile minimal && \ + rustup target add x86_64-unknown-linux-musl + +#################################################################################################### +## ARM64 builder base +#################################################################################################### +FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION} AS base-arm64 + +ENV DEBIAN_FRONTEND=noninteractive +ENV CARGO_HOME=/root/.cargo + +RUN apt update && apt install -y \ + --no-install-recommends \ + git + +RUN mkdir -pv "${CARGO_HOME}" && \ + rustup set profile minimal && \ + rustup target add aarch64-unknown-linux-musl + +#################################################################################################### +## AMD64 builder +#################################################################################################### +FROM base-amd64 AS build-amd64 + +ARG CARGO_BUILD_FEATURES +ARG RUST_RELEASE_MODE + +WORKDIR /lemmy -# This can be set to release using --build-arg -ARG RUST_RELEASE_MODE="debug" +COPY . ./ -COPY . . +# Debug build +RUN --mount=type=cache,target=/lemmy/target \ + if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ + echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ + cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" && \ + mv target/x86_64-unknown-linux-musl/release/lemmy_server ./lemmy \ + fi + +# Realease build +RUN if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ + echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ + cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release && \ + mv target/x86_64-unknown-linux-musl/release/lemmy_server ./lemmy \ + fi + +#################################################################################################### +## ARM64 builder +#################################################################################################### +FROM base-arm64 AS build-arm64 + +ARG CARGO_BUILD_FEATURES +ARG RUST_RELEASE_MODE + +WORKDIR /lemmy -# Build the project - -# Debug mode build -RUN --mount=type=cache,target=/app/target \ - if [ "$RUST_RELEASE_MODE" = "debug" ] ; then \ - echo "pub const VERSION: &str = \"$(git describe --tag)\";" > "crates/utils/src/version.rs" \ - && cargo build --target ${CARGO_BUILD_TARGET} --features ${CARGO_BUILD_FEATURES} \ - && cp ./target/$CARGO_BUILD_TARGET/$RUST_RELEASE_MODE/lemmy_server /app/lemmy_server; \ +COPY . ./ + +# Debug build +RUN --mount=type=cache,target=/lemmy/target \ + if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ + echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ + cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" && \ + mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy \ fi -# Release mode build -RUN \ - if [ "$RUST_RELEASE_MODE" = "release" ] ; then \ - echo "pub const VERSION: &str = \"$(git describe --tag)\";" > "crates/utils/src/version.rs" \ - && cargo build --target ${CARGO_BUILD_TARGET} --features ${CARGO_BUILD_FEATURES} --release \ - && cp ./target/$CARGO_BUILD_TARGET/$RUST_RELEASE_MODE/lemmy_server /app/lemmy_server; \ +# Realease build +RUN if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ + echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ + cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release && \ + mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy \ fi -# The alpine runner -FROM alpine:3 as lemmy +#################################################################################################### +## Get target binary +#################################################################################################### +FROM build-${TARGETARCH} AS build + +#################################################################################################### +### Final image +#################################################################################################### +FROM alpine:${ALPINE_VERSION} + +ARG UID +ARG GID -# Install libpq for postgres -RUN apk add --no-cache libpq +RUN apk add --no-cache \ + ca-certificates -# Copy resources -COPY --from=builder /app/lemmy_server /app/lemmy +COPY --from=build --chmod=0755 /lemmy/lemmy /usr/local/bin + +RUN addgroup -S -g ${GID} lemmy && \ + adduser -S -H -D -G lemmy -u ${UID} -g "" -s /sbin/nologin lemmy -# Create non-privileged user -RUN adduser -h /app -s sh -S -u 1000 lemmy -RUN chown -R lemmy /app USER lemmy -CMD ["/app/lemmy"] +CMD ["lemmy"] + +EXPOSE 8536 + +STOPSIGNAL SIGTERM \ No newline at end of file From f10d3cca029dbe618a9f74a89dd105ed72808d7c Mon Sep 17 00:00:00 2001 From: Ellie Date: Fri, 4 Aug 2023 02:43:44 +1000 Subject: [PATCH 2/9] Fix --- docker/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 96594591b7..d1f3720ca8 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -54,7 +54,7 @@ RUN --mount=type=cache,target=/lemmy/target \ if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" && \ - mv target/x86_64-unknown-linux-musl/release/lemmy_server ./lemmy \ + mv target/x86_64-unknown-linux-musl/debug/lemmy_server ./lemmy \ fi # Realease build @@ -81,7 +81,7 @@ RUN --mount=type=cache,target=/lemmy/target \ if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" && \ - mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy \ + mv target/aarch64-unknown-linux-musl/debug/lemmy_server ./lemmy \ fi # Realease build From 53c0634ff50436eb32e528bf57d6c51a0a969507 Mon Sep 17 00:00:00 2001 From: Ellie Date: Fri, 4 Aug 2023 04:02:01 +1000 Subject: [PATCH 3/9] Fix Docker build --- docker/Dockerfile | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index d1f3720ca8..054e9332ad 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -50,18 +50,19 @@ WORKDIR /lemmy COPY . ./ # Debug build -RUN --mount=type=cache,target=/lemmy/target \ +RUN --mount=type=cache,target=/lemmy/target set -ex; \ if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ - echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ - cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" && \ - mv target/x86_64-unknown-linux-musl/debug/lemmy_server ./lemmy \ + echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ + cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \ + mv target/x86_64-unknown-linux-musl/debug/lemmy_server ./lemmy; \ fi -# Realease build -RUN if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ - echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ - cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release && \ - mv target/x86_64-unknown-linux-musl/release/lemmy_server ./lemmy \ +# Release build +RUN set -ex; \ + if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ + echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ + cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \ + mv target/x86_64-unknown-linux-musl/release/lemmy_server ./lemmy; \ fi #################################################################################################### @@ -77,18 +78,19 @@ WORKDIR /lemmy COPY . ./ # Debug build -RUN --mount=type=cache,target=/lemmy/target \ +RUN --mount=type=cache,target=/lemmy/target set -ex; \ if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \ - echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ - cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" && \ - mv target/aarch64-unknown-linux-musl/debug/lemmy_server ./lemmy \ + echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ + cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \ + mv target/aarch64-unknown-linux-musl/debug/lemmy_server ./lemmy; \ fi -# Realease build -RUN if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ +# Release build +RUN set -ex; \ + if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release && \ - mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy \ + mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy; \ fi #################################################################################################### From 6e1d55b3b7a1211169e8c737401782dca1b5e882 Mon Sep 17 00:00:00 2001 From: Ellie Date: Fri, 4 Aug 2023 04:05:05 +1000 Subject: [PATCH 4/9] Fix typo --- docker/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 054e9332ad..eaf8fbb829 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -88,8 +88,8 @@ RUN --mount=type=cache,target=/lemmy/target set -ex; \ # Release build RUN set -ex; \ if [ "${RUST_RELEASE_MODE}" = "release" ]; then \ - echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs && \ - cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release && \ + echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \ + cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \ mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy; \ fi From 75398f4ed255574d24a45a2654e1f27e15267d11 Mon Sep 17 00:00:00 2001 From: Ellie Date: Fri, 4 Aug 2023 04:53:04 +1000 Subject: [PATCH 5/9] Use OpenSSL 3 and PostgreSQL Lib v15 in Docker builder --- docker/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index eaf8fbb829..e3493e74f0 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -8,10 +8,11 @@ ARG GID=911 #################################################################################################### ## AMD64 builder base #################################################################################################### -FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:x86_64-musl-stable-${RUST_VERSION} AS base-amd64 +FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:x86_64-musl-stable-${RUST_VERSION}-openssl3 AS base-amd64 ENV DEBIAN_FRONTEND=noninteractive ENV CARGO_HOME=/root/.cargo +ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib RUN apt update && apt install -y \ --no-install-recommends \ @@ -24,10 +25,11 @@ RUN mkdir -pv "${CARGO_HOME}" && \ #################################################################################################### ## ARM64 builder base #################################################################################################### -FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION} AS base-arm64 +FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION}-openssl3 AS base-arm64 ENV DEBIAN_FRONTEND=noninteractive ENV CARGO_HOME=/root/.cargo +ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib RUN apt update && apt install -y \ --no-install-recommends \ From 1bc568b9838b31ada45e6be03851fb7bacba0ae6 Mon Sep 17 00:00:00 2001 From: Ellie Date: Sat, 5 Aug 2023 14:20:10 +1000 Subject: [PATCH 6/9] Use simple comments in Dockerfile --- docker/Dockerfile | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index e3493e74f0..8a714d0e9d 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -5,9 +5,7 @@ ARG RUST_RELEASE_MODE=debug ARG UID=911 ARG GID=911 -#################################################################################################### -## AMD64 builder base -#################################################################################################### +# AMD64 builder base FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:x86_64-musl-stable-${RUST_VERSION}-openssl3 AS base-amd64 ENV DEBIAN_FRONTEND=noninteractive @@ -22,9 +20,7 @@ RUN mkdir -pv "${CARGO_HOME}" && \ rustup set profile minimal && \ rustup target add x86_64-unknown-linux-musl -#################################################################################################### -## ARM64 builder base -#################################################################################################### +# ARM64 builder base FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION}-openssl3 AS base-arm64 ENV DEBIAN_FRONTEND=noninteractive @@ -39,9 +35,7 @@ RUN mkdir -pv "${CARGO_HOME}" && \ rustup set profile minimal && \ rustup target add aarch64-unknown-linux-musl -#################################################################################################### -## AMD64 builder -#################################################################################################### +# AMD64 builder FROM base-amd64 AS build-amd64 ARG CARGO_BUILD_FEATURES @@ -67,9 +61,7 @@ RUN set -ex; \ mv target/x86_64-unknown-linux-musl/release/lemmy_server ./lemmy; \ fi -#################################################################################################### -## ARM64 builder -#################################################################################################### +# ARM64 builder FROM base-arm64 AS build-arm64 ARG CARGO_BUILD_FEATURES @@ -95,14 +87,10 @@ RUN set -ex; \ mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy; \ fi -#################################################################################################### -## Get target binary -#################################################################################################### +# Get target binary FROM build-${TARGETARCH} AS build -#################################################################################################### -### Final image -#################################################################################################### +## Final image FROM alpine:${ALPINE_VERSION} ARG UID From 8599cc446b6fd544f4a305ac5ac7b9a2dca78213 Mon Sep 17 00:00:00 2001 From: Ellie Date: Fri, 11 Aug 2023 22:29:31 +1000 Subject: [PATCH 7/9] Add comment explaining Docker image cross build --- docker/Dockerfile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docker/Dockerfile b/docker/Dockerfile index 8a714d0e9d..9f21aaf9be 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,3 +1,15 @@ +# +# Docker multiarch image: +# We build the Lemmy binary for amd64 and arm64 in individual stages using the blackdex/rust-musl image (github.com/blackdex/rust-musl). +# This image uses musl-cross-make (github.com/richfelker/musl-cross-make) to build a musl cross compilation toolchain for the target +# architecture. It also includes pre-built static libraries such as libpq. These libraries can improve the compile time and eliminate +# the requirement for extra dependencies in the final image. +# +# During each build stage, we use the blackdex/rust-musl openssl 3 images and configure PQ_LIB_DIR=/usr/local/musl/pq15/lib to use +# libpq v15. We also ensure the installation of the Rust toolchain corresponding to the target architecture using: +# `rustup target add $TARGET-unknown-linux-musl`. +# + ARG RUST_VERSION=1.71.0 ARG ALPINE_VERSION=3.18 ARG CARGO_BUILD_FEATURES=default From d6fb50c076227905028497f00b80630d8b1c4fee Mon Sep 17 00:00:00 2001 From: Ellie Date: Wed, 23 Aug 2023 01:15:42 +1000 Subject: [PATCH 8/9] Move docker step above tests for testing --- .woodpecker.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index a13361e371..4b76663f29 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -91,6 +91,19 @@ steps: [MINIO_ENDPOINT, MINIO_WRITE_USER, MINIO_WRITE_PASSWORD, MINIO_BUCKET] when: *slow_check_paths + publish_release_docker: + image: woodpeckerci/plugin-docker-buildx + secrets: [docker_username, docker_password] + settings: + repo: dessalines/lemmy + dockerfile: docker/Dockerfile + platforms: linux/amd64,linux/arm64 + build_args: + - RUST_RELEASE_MODE=release + auto_tag: true + when: + event: tag + # make sure api builds with default features (used by other crates relying on lemmy api) check_api_common_default_features: image: *muslrust_image @@ -233,19 +246,6 @@ steps: - event: push branch: main - publish_release_docker: - image: woodpeckerci/plugin-docker-buildx - secrets: [docker_username, docker_password] - settings: - repo: dessalines/lemmy - dockerfile: docker/Dockerfile - platforms: linux/amd64,linux/arm64 - build_args: - - RUST_RELEASE_MODE=release - auto_tag: true - when: - event: tag - nightly_build: image: woodpeckerci/plugin-docker-buildx secrets: [docker_username, docker_password] From a0515d6ab77452557915c46eb448c936818de678 Mon Sep 17 00:00:00 2001 From: Ellie Date: Thu, 31 Aug 2023 21:12:35 +1000 Subject: [PATCH 9/9] Move docker build step back to normal position --- .woodpecker.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.woodpecker.yml b/.woodpecker.yml index 9a911bc86e..49fbe3db2d 100644 --- a/.woodpecker.yml +++ b/.woodpecker.yml @@ -91,19 +91,6 @@ steps: [MINIO_ENDPOINT, MINIO_WRITE_USER, MINIO_WRITE_PASSWORD, MINIO_BUCKET] when: *slow_check_paths - publish_release_docker: - image: woodpeckerci/plugin-docker-buildx - secrets: [docker_username, docker_password] - settings: - repo: dessalines/lemmy - dockerfile: docker/Dockerfile - platforms: linux/amd64,linux/arm64 - build_args: - - RUST_RELEASE_MODE=release - auto_tag: true - when: - event: tag - # make sure api builds with default features (used by other crates relying on lemmy api) check_api_common_default_features: image: *muslrust_image @@ -246,6 +233,19 @@ steps: - event: push branch: main + publish_release_docker: + image: woodpeckerci/plugin-docker-buildx + secrets: [docker_username, docker_password] + settings: + repo: dessalines/lemmy + dockerfile: docker/Dockerfile + platforms: linux/amd64,linux/arm64 + build_args: + - RUST_RELEASE_MODE=release + auto_tag: true + when: + event: tag + nightly_build: image: woodpeckerci/plugin-docker-buildx secrets: [docker_username, docker_password]