vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 4c324e11606b25b8bec7396af56d5c252c3f04e8
parent 0365b7c6a4d8aa88fd9328fcc14beef300fe33a2
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Wed, 19 Aug 2020 00:02:14 +0200

Change Dockerfiles to make the AMD image multidb

Diffstat:
M.dockerignore | 12++++++++++++
MDockerfile | 4++--
Mdocker/Dockerfile.j2 | 54+++++++++++++++++-------------------------------------
Adocker/amd64/Dockerfile | 103+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Adocker/amd64/Dockerfile.alpine | 104+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ddocker/amd64/mysql/Dockerfile | 102-------------------------------------------------------------------------------
Ddocker/amd64/mysql/Dockerfile.alpine | 105-------------------------------------------------------------------------------
Ddocker/amd64/postgresql/Dockerfile | 102-------------------------------------------------------------------------------
Ddocker/amd64/postgresql/Dockerfile.alpine | 105-------------------------------------------------------------------------------
Ddocker/amd64/sqlite/Dockerfile | 96-------------------------------------------------------------------------------
Ddocker/amd64/sqlite/Dockerfile.alpine | 99-------------------------------------------------------------------------------
Adocker/arm32v6/Dockerfile | 126+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ddocker/arm32v6/mysql/Dockerfile | 134-------------------------------------------------------------------------------
Ddocker/arm32v6/sqlite/Dockerfile | 128-------------------------------------------------------------------------------
Adocker/arm32v7/Dockerfile | 126+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ddocker/arm32v7/mysql/Dockerfile | 133-------------------------------------------------------------------------------
Ddocker/arm32v7/sqlite/Dockerfile | 127-------------------------------------------------------------------------------
Adocker/arm64v8/Dockerfile | 126+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ddocker/arm64v8/mysql/Dockerfile | 134-------------------------------------------------------------------------------
Ddocker/arm64v8/sqlite/Dockerfile | 128-------------------------------------------------------------------------------
Mhooks/arches.sh | 5-----
Mhooks/build | 2+-
22 files changed, 617 insertions(+), 1438 deletions(-)

diff --git a/.dockerignore b/.dockerignore @@ -3,6 +3,7 @@ target # Data folder data +.env # IDE files .vscode @@ -10,5 +11,15 @@ data *.iml # Documentation +.github *.md +*.txt +*.yml +*.yaml +# Docker folders +hooks +tools + +# Web vault +web-vault +\ No newline at end of file diff --git a/Dockerfile b/Dockerfile @@ -1 +1 @@ -docker/amd64/sqlite/Dockerfile -\ No newline at end of file +docker/amd64/Dockerfile +\ No newline at end of file diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 @@ -1,10 +1,10 @@ # This file was generated using a Jinja2 template. # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. -{% set build_stage_base_image = "rust:1.40" %} +{% set build_stage_base_image = "rust:1.45" %} {% if "alpine" in target_file %} -{% set build_stage_base_image = "clux/muslrust:nightly-2020-03-09" %} -{% set runtime_stage_base_image = "alpine:3.11" %} +{% set build_stage_base_image = "clux/muslrust:nightly-2020-07-09" %} +{% set runtime_stage_base_image = "alpine:3.12" %} {% set package_arch_name = "" %} {% elif "amd64" in target_file %} {% set runtime_stage_base_image = "debian:buster-slim" %} @@ -42,25 +42,19 @@ FROM bitwardenrs/web-vault@{{ vault_image_hash }} as vault ########################## BUILD IMAGE ########################## -{% if "musl" in build_stage_base_image %} -# Musl build image for statically compiled binary -{% else %} -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -{% endif %} FROM {{ build_stage_base_image }} as build -{% if "sqlite" in target_file %} -# set sqlite as default for DB ARG for backward compatibility +{% if "alpine" in target_file %} +# Alpine only works on SQlite ARG DB=sqlite -{% elif "mysql" in target_file %} -# set mysql backend -ARG DB=mysql +{% elif "amd64" in target_file %} +# AMD64 supports all +ARG DB=sqlite,mysql,postgresql -{% elif "postgresql" in target_file %} -# set postgresql backend -ARG DB=postgresql +{% else %} +# ARM only supports SQLite for now +ARG DB=sqlite {% endif %} # Build time options to avoid dpkg warnings and help with reproducible builds. @@ -73,7 +67,7 @@ RUN rustup set profile minimal ENV USER "root" ENV RUSTFLAGS='-C link-arg=-s' -{% elif "arm32" in target_file or "arm64" in target_file %} +{% elif "arm" in target_file %} # Install required build libs for {{ package_arch_name }} architecture. RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ /etc/apt/sources.list.d/deb-src.list \ @@ -96,7 +90,6 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" - {% elif "arm32v6" in target_file %} RUN apt-get update \ && apt-get install -y \ @@ -108,7 +101,6 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" - {% elif "arm32v7" in target_file %} RUN apt-get update \ && apt-get install -y \ @@ -120,27 +112,16 @@ RUN apt-get update \ ENV CARGO_HOME "/root/.cargo" ENV USER "root" - {% endif %} -{% if "mysql" in target_file %} -# Install MySQL package +{% if "amd64" in target_file %} +# Install DB packages RUN apt-get update && apt-get install -y \ --no-install-recommends \ -{% if "musl" in build_stage_base_image %} - libmysqlclient-dev{{ package_arch_prefix }} \ -{% else %} libmariadb-dev{{ package_arch_prefix }} \ -{% endif %} - && rm -rf /var/lib/apt/lists/* - -{% elif "postgresql" in target_file %} -# Install PostgreSQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ libpq-dev{{ package_arch_prefix }} \ && rm -rf /var/lib/apt/lists/* - {% endif %} + # Creates a dummy project used to grab dependencies RUN USER=root cargo new --bin /app WORKDIR /app @@ -178,6 +159,7 @@ RUN rustup target add arm-unknown-linux-gnueabi {% elif "arm32v7" in target_file %} RUN rustup target add armv7-unknown-linux-gnueabihf + {% endif %} # Builds your dependencies and removes the # dummy project, except the target folder @@ -239,11 +221,9 @@ RUN apt-get update && apt-get install -y \ openssl \ ca-certificates \ curl \ -{% if "sqlite" in target_file %} sqlite3 \ -{% elif "mysql" in target_file %} +{% if "amd64" in target_file %} libmariadbclient-dev \ -{% elif "postgresql" in target_file %} libpq5 \ {% endif %} && rm -rf /var/lib/apt/lists/* diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile @@ -0,0 +1,103 @@ +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### + +# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. +# It can be viewed in multiple ways: +# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. +# - From the console, with the following commands: +# docker pull bitwardenrs/web-vault:v2.15.1 +# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 +# +# - To do the opposite, and get the tag from the hash, you can do: +# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c +FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault + +########################## BUILD IMAGE ########################## +FROM rust:1.45 as build + +# AMD64 supports all +ARG DB=sqlite,mysql,postgresql + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color + +# Don't download rust docs +RUN rustup set profile minimal + +# Install DB packages +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev \ + libpq-dev \ + && rm -rf /var/lib/apt/lists/* + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +RUN cargo build --features ${DB} --release + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM debian:buster-slim + +ENV ROCKET_ENV "staging" +ENV ROCKET_PORT=80 +ENV ROCKET_WORKERS=10 + +# Install needed libraries +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + openssl \ + ca-certificates \ + curl \ + sqlite3 \ + libmariadbclient-dev \ + libpq5 \ + && rm -rf /var/lib/apt/lists/* + +RUN mkdir /data +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build app/target/release/bitwarden_rs . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +WORKDIR / +CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine @@ -0,0 +1,104 @@ +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### + +# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. +# It can be viewed in multiple ways: +# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. +# - From the console, with the following commands: +# docker pull bitwardenrs/web-vault:v2.15.1 +# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 +# +# - To do the opposite, and get the tag from the hash, you can do: +# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c +FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault + +########################## BUILD IMAGE ########################## +FROM clux/muslrust:nightly-2020-07-09 as build + +# Alpine only works on SQlite +ARG DB=sqlite + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color + +# Don't download rust docs +RUN rustup set profile minimal + +ENV USER "root" +ENV RUSTFLAGS='-C link-arg=-s' + +# Install DB packages +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + libmariadb-dev \ + libpq-dev \ + && rm -rf /var/lib/apt/lists/* + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +RUN rustup target add x86_64-unknown-linux-musl + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +RUN cargo build --features ${DB} --release + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM alpine:3.12 + +ENV ROCKET_ENV "staging" +ENV ROCKET_PORT=80 +ENV ROCKET_WORKERS=10 +ENV SSL_CERT_DIR=/etc/ssl/certs + +# Install needed libraries +RUN apk add --no-cache \ + openssl \ + curl \ + ca-certificates + +RUN mkdir /data +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +WORKDIR / +CMD ["/start.sh"] diff --git a/docker/amd64/mysql/Dockerfile b/docker/amd64/mysql/Dockerfile @@ -1,102 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM debian:buster-slim - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build app/target/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/amd64/mysql/Dockerfile.alpine b/docker/amd64/mysql/Dockerfile.alpine @@ -1,105 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# Musl build image for statically compiled binary -FROM clux/muslrust:nightly-2020-03-09 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -ENV USER "root" -ENV RUSTFLAGS='-C link-arg=-s' - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmysqlclient-dev \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -RUN rustup target add x86_64-unknown-linux-musl - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM alpine:3.11 - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs - -# Install needed libraries -RUN apk add --no-cache \ - openssl \ - curl \ - mariadb-connector-c \ - ca-certificates - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/amd64/postgresql/Dockerfile b/docker/amd64/postgresql/Dockerfile @@ -1,102 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set postgresql backend -ARG DB=postgresql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install PostgreSQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libpq-dev \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM debian:buster-slim - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libpq5 \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build app/target/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/amd64/postgresql/Dockerfile.alpine b/docker/amd64/postgresql/Dockerfile.alpine @@ -1,105 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# Musl build image for statically compiled binary -FROM clux/muslrust:nightly-2020-03-09 as build - -# set postgresql backend -ARG DB=postgresql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -ENV USER "root" -ENV RUSTFLAGS='-C link-arg=-s' - -# Install PostgreSQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libpq-dev \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -RUN rustup target add x86_64-unknown-linux-musl - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM alpine:3.11 - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs - -# Install needed libraries -RUN apk add --no-cache \ - openssl \ - curl \ - postgresql-libs \ - ca-certificates - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/amd64/sqlite/Dockerfile b/docker/amd64/sqlite/Dockerfile @@ -1,96 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set sqlite as default for DB ARG for backward compatibility -ARG DB=sqlite - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM debian:buster-slim - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - sqlite3 \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build app/target/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/amd64/sqlite/Dockerfile.alpine b/docker/amd64/sqlite/Dockerfile.alpine @@ -1,99 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# Musl build image for statically compiled binary -FROM clux/muslrust:nightly-2020-03-09 as build - -# set sqlite as default for DB ARG for backward compatibility -ARG DB=sqlite - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -ENV USER "root" -ENV RUSTFLAGS='-C link-arg=-s' - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -RUN rustup target add x86_64-unknown-linux-musl - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM alpine:3.11 - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 -ENV SSL_CERT_DIR=/etc/ssl/certs - -# Install needed libraries -RUN apk add --no-cache \ - openssl \ - curl \ - sqlite \ - ca-certificates - -RUN mkdir /data -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm32v6/Dockerfile b/docker/arm32v6/Dockerfile @@ -0,0 +1,126 @@ +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### + +# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. +# It can be viewed in multiple ways: +# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. +# - From the console, with the following commands: +# docker pull bitwardenrs/web-vault:v2.15.1 +# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 +# +# - To do the opposite, and get the tag from the hash, you can do: +# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c +FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault + +########################## BUILD IMAGE ########################## +FROM rust:1.45 as build + +# ARM only supports SQLite for now +ARG DB=sqlite + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color + +# Don't download rust docs +RUN rustup set profile minimal + +# Install required build libs for armel architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture armel \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:armel \ + libc6-dev:armel + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-arm-linux-gnueabi \ + && mkdir -p ~/.cargo \ + && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \ + && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" +ENV CROSS_COMPILE="1" +ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" +ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" +RUN rustup target add arm-unknown-linux-gnueabi + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM balenalib/rpi-debian:buster + +ENV ROCKET_ENV "staging" +ENV ROCKET_PORT=80 +ENV ROCKET_WORKERS=10 + +RUN [ "cross-build-start" ] + +# Install needed libraries +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + openssl \ + ca-certificates \ + curl \ + sqlite3 \ + && rm -rf /var/lib/apt/lists/* + +RUN mkdir /data + +RUN [ "cross-build-end" ] + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +WORKDIR / +CMD ["/start.sh"] diff --git a/docker/arm32v6/mysql/Dockerfile b/docker/arm32v6/mysql/Dockerfile @@ -1,134 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for armel architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armel \ - libc6-dev:armel - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - && mkdir -p ~/.cargo \ - && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev:armel \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" -RUN rustup target add arm-unknown-linux-gnueabi - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/rpi-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm32v6/sqlite/Dockerfile b/docker/arm32v6/sqlite/Dockerfile @@ -1,128 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set sqlite as default for DB ARG for backward compatibility -ARG DB=sqlite - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for armel architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armel \ - libc6-dev:armel - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - && mkdir -p ~/.cargo \ - && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" -RUN rustup target add arm-unknown-linux-gnueabi - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/rpi-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - sqlite3 \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm32v7/Dockerfile b/docker/arm32v7/Dockerfile @@ -0,0 +1,126 @@ +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### + +# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. +# It can be viewed in multiple ways: +# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. +# - From the console, with the following commands: +# docker pull bitwardenrs/web-vault:v2.15.1 +# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 +# +# - To do the opposite, and get the tag from the hash, you can do: +# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c +FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault + +########################## BUILD IMAGE ########################## +FROM rust:1.45 as build + +# ARM only supports SQLite for now +ARG DB=sqlite + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color + +# Don't download rust docs +RUN rustup set profile minimal + +# Install required build libs for armhf architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture armhf \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:armhf \ + libc6-dev:armhf + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-arm-linux-gnueabihf \ + && mkdir -p ~/.cargo \ + && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ + && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" +ENV CROSS_COMPILE="1" +ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" +ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" +RUN rustup target add armv7-unknown-linux-gnueabihf + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM balenalib/armv7hf-debian:buster + +ENV ROCKET_ENV "staging" +ENV ROCKET_PORT=80 +ENV ROCKET_WORKERS=10 + +RUN [ "cross-build-start" ] + +# Install needed libraries +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + openssl \ + ca-certificates \ + curl \ + sqlite3 \ + && rm -rf /var/lib/apt/lists/* + +RUN mkdir /data + +RUN [ "cross-build-end" ] + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +WORKDIR / +CMD ["/start.sh"] diff --git a/docker/arm32v7/mysql/Dockerfile b/docker/arm32v7/mysql/Dockerfile @@ -1,133 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for armhf architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armhf \ - libc6-dev:armhf - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - && mkdir -p ~/.cargo \ - && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev:armhf \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" -RUN rustup target add armv7-unknown-linux-gnueabihf -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/armv7hf-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm32v7/sqlite/Dockerfile b/docker/arm32v7/sqlite/Dockerfile @@ -1,127 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set sqlite as default for DB ARG for backward compatibility -ARG DB=sqlite - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for armhf architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:armhf \ - libc6-dev:armhf - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - && mkdir -p ~/.cargo \ - && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" -ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" -RUN rustup target add armv7-unknown-linux-gnueabihf -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/armv7hf-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - sqlite3 \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm64v8/Dockerfile b/docker/arm64v8/Dockerfile @@ -0,0 +1,126 @@ +# This file was generated using a Jinja2 template. +# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ +####################### VAULT BUILD IMAGE ####################### + +# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. +# It can be viewed in multiple ways: +# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. +# - From the console, with the following commands: +# docker pull bitwardenrs/web-vault:v2.15.1 +# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 +# +# - To do the opposite, and get the tag from the hash, you can do: +# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c +FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault + +########################## BUILD IMAGE ########################## +FROM rust:1.45 as build + +# ARM only supports SQLite for now +ARG DB=sqlite + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color + +# Don't download rust docs +RUN rustup set profile minimal + +# Install required build libs for arm64 architecture. +RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ + /etc/apt/sources.list.d/deb-src.list \ + && dpkg --add-architecture arm64 \ + && apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + libssl-dev:arm64 \ + libc6-dev:arm64 + +RUN apt-get update \ + && apt-get install -y \ + --no-install-recommends \ + gcc-aarch64-linux-gnu \ + && mkdir -p ~/.cargo \ + && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \ + && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config + +ENV CARGO_HOME "/root/.cargo" +ENV USER "root" + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain ./rust-toolchain +COPY ./build.rs ./build.rs + +ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" +ENV CROSS_COMPILE="1" +ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" +ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" +RUN rustup target add aarch64-unknown-linux-gnu + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN cargo build --features ${DB} --release +RUN find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Make sure that we actually build the project +RUN touch src/main.rs + +# Builds again, this time it'll just be +# your actual source files being built +RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +FROM balenalib/aarch64-debian:buster + +ENV ROCKET_ENV "staging" +ENV ROCKET_PORT=80 +ENV ROCKET_WORKERS=10 + +RUN [ "cross-build-start" ] + +# Install needed libraries +RUN apt-get update && apt-get install -y \ + --no-install-recommends \ + openssl \ + ca-certificates \ + curl \ + sqlite3 \ + && rm -rf /var/lib/apt/lists/* + +RUN mkdir /data + +RUN [ "cross-build-end" ] + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +COPY Rocket.toml . +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs . + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +# Configures the startup! +WORKDIR / +CMD ["/start.sh"] diff --git a/docker/arm64v8/mysql/Dockerfile b/docker/arm64v8/mysql/Dockerfile @@ -1,134 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set mysql backend -ARG DB=mysql - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for arm64 architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:arm64 \ - libc6-dev:arm64 - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - && mkdir -p ~/.cargo \ - && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Install MySQL package -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev:arm64 \ - && rm -rf /var/lib/apt/lists/* - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" -ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" -RUN rustup target add aarch64-unknown-linux-gnu - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/aarch64-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - libmariadbclient-dev \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/docker/arm64v8/sqlite/Dockerfile b/docker/arm64v8/sqlite/Dockerfile @@ -1,128 +0,0 @@ -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfile's. - -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### - -# This hash is extracted from the docker web-vault builds and it's prefered over a simple tag because it's immutable. -# It can be viewed in multiple ways: -# - From the https://hub.docker.com/repository/docker/bitwardenrs/web-vault/tags page, click the tag name and the digest should be there. -# - From the console, with the following commands: -# docker pull bitwardenrs/web-vault:v2.15.1 -# docker image inspect --format "{{.RepoDigests}}" bitwardenrs/web-vault:v2.15.1 -# -# - To do the opposite, and get the tag from the hash, you can do: -# docker image inspect --format "{{.RepoTags}}" bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c -FROM bitwardenrs/web-vault@sha256:afba1e3bded09dc0a6a0dbacb3363ac33b6f122b4b26d3682cafb9115bdf785c as vault - -########################## BUILD IMAGE ########################## -# We need to use the Rust build image, because -# we need the Rust compiler and Cargo tooling -FROM rust:1.40 as build - -# set sqlite as default for DB ARG for backward compatibility -ARG DB=sqlite - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive LANG=C.UTF-8 TZ=UTC TERM=xterm-256color - -# Don't download rust docs -RUN rustup set profile minimal - -# Install required build libs for arm64 architecture. -RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ - /etc/apt/sources.list.d/deb-src.list \ - && dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libssl-dev:arm64 \ - libc6-dev:arm64 - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - && mkdir -p ~/.cargo \ - && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config - -ENV CARGO_HOME "/root/.cargo" -ENV USER "root" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain ./rust-toolchain -COPY ./build.rs ./build.rs - -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" -ENV CROSS_COMPILE="1" -ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" -ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" -RUN rustup target add aarch64-unknown-linux-gnu - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM balenalib/aarch64-debian:buster - -ENV ROCKET_ENV "staging" -ENV ROCKET_PORT=80 -ENV ROCKET_WORKERS=10 - -RUN [ "cross-build-start" ] - -# Install needed libraries -RUN apt-get update && apt-get install -y \ - --no-install-recommends \ - openssl \ - ca-certificates \ - curl \ - sqlite3 \ - && rm -rf /var/lib/apt/lists/* - -RUN mkdir /data - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -COPY Rocket.toml . -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -# Configures the startup! -WORKDIR / -CMD ["/start.sh"] diff --git a/hooks/arches.sh b/hooks/arches.sh @@ -11,16 +11,11 @@ arches=( case "${DOCKER_REPO}" in *-mysql) - db=mysql arches=(amd64) ;; *-postgresql) - db=postgresql arches=(amd64) ;; - *) - db=sqlite - ;; esac if [[ "${DOCKER_TAG}" == *alpine ]]; then diff --git a/hooks/build b/hooks/build @@ -9,6 +9,6 @@ set -ex for arch in "${arches[@]}"; do docker build \ -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \ - -f docker/${arch}/${db}/Dockerfile${os_suffix} \ + -f docker/${arch}/Dockerfile${os_suffix} \ . done