vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit 4f86517501846a164c9d06630b3d1de840c49f91
parent b8010be26b4e2d489f55ba01622f9b6e1685b3b1
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Sat,  8 May 2021 18:40:41 +0200

Merge pull request #1679 from BlackDex/gh-workflows

Updated Pipelines and fixed new Hadolints
Diffstat:
M.github/workflows/build.yml | 59+++++++++++++++++++++++++++++++++++++----------------------
M.github/workflows/hadolint.yml | 2+-
Dazure-pipelines.yml | 22----------------------
Mdocker/Dockerfile.j2 | 45+++++++++++++++++++++------------------------
Mdocker/amd64/Dockerfile | 12+++++++-----
Mdocker/amd64/Dockerfile.alpine | 12+++++++-----
Mdocker/arm64/Dockerfile | 38+++++++++++++++++---------------------
Mdocker/armv6/Dockerfile | 38+++++++++++++++++---------------------
Mdocker/armv7/Dockerfile | 38+++++++++++++++++---------------------
Mdocker/armv7/Dockerfile.alpine | 14++++++++------
10 files changed, 132 insertions(+), 148 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml @@ -5,8 +5,8 @@ on: pull_request: # Ignore when there are only changes done too one of these paths paths-ignore: - - "**.md" - - "**.txt" + - "*.md" + - "*.txt" - ".dockerignore" - ".env.template" - ".gitattributes" @@ -20,6 +20,10 @@ on: jobs: build: + # Make warnings errors, this is to prevent warnings slipping through. + # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes. + env: + RUSTFLAGS: "-D warnings" strategy: fail-fast: false matrix: @@ -32,7 +36,7 @@ jobs: include: - target-triple: x86_64-unknown-linux-gnu host-triple: x86_64-unknown-linux-gnu - features: "sqlite,mysql,postgresql" + features: [sqlite,mysql,postgresql] # Remember to update the `cargo test` to match the amount of features channel: nightly os: ubuntu-18.04 ext: @@ -42,18 +46,6 @@ jobs: # channel: stable # os: ubuntu-18.04 # ext: - # - target-triple: x86_64-unknown-linux-musl - # host-triple: x86_64-unknown-linux-gnu - # features: "sqlite,postgresql" - # channel: nightly - # os: ubuntu-18.04 - # ext: - # - target-triple: x86_64-unknown-linux-musl - # host-triple: x86_64-unknown-linux-gnu - # features: "sqlite,postgresql" - # channel: stable - # os: ubuntu-18.04 - # ext: name: Building ${{ matrix.channel }}-${{ matrix.target-triple }} runs-on: ${{ matrix.os }} @@ -94,20 +86,43 @@ jobs: # Run cargo tests (In release mode to speed up future builds) - - name: '`cargo test --release --features ${{ matrix.features }} --target ${{ matrix.target-triple }}`' + # First test all features together, afterwards test them separately. + - name: "`cargo test --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }}`" + uses: actions-rs/cargo@v1 + with: + command: test + args: --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }} + # Test single features + # 0: sqlite + - name: "`cargo test --release --features ${{ matrix.features[0] }} --target ${{ matrix.target-triple }}`" + uses: actions-rs/cargo@v1 + with: + command: test + args: --release --features ${{ matrix.features[0] }} --target ${{ matrix.target-triple }} + if: ${{ matrix.features[0] != '' }} + # 1: mysql + - name: "`cargo test --release --features ${{ matrix.features[1] }} --target ${{ matrix.target-triple }}`" + uses: actions-rs/cargo@v1 + with: + command: test + args: --release --features ${{ matrix.features[1] }} --target ${{ matrix.target-triple }} + if: ${{ matrix.features[1] != '' }} + # 2: postgresql + - name: "`cargo test --release --features ${{ matrix.features[2] }} --target ${{ matrix.target-triple }}`" uses: actions-rs/cargo@v1 with: command: test - args: --release --features ${{ matrix.features }} --target ${{ matrix.target-triple }} + args: --release --features ${{ matrix.features[2] }} --target ${{ matrix.target-triple }} + if: ${{ matrix.features[2] != '' }} # End Run cargo tests - # Run cargo clippy (In release mode to speed up future builds) - - name: '`cargo clippy --release --features ${{ matrix.features }} --target ${{ matrix.target-triple }}`' + # Run cargo clippy, and fail on warnings (In release mode to speed up future builds) + - name: "`cargo clippy --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }}`" uses: actions-rs/cargo@v1 with: command: clippy - args: --release --features ${{ matrix.features }} --target ${{ matrix.target-triple }} + args: --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }} -- -D warnings # End Run cargo clippy @@ -121,11 +136,11 @@ jobs: # Build the binary - - name: '`cargo build --release --features ${{ matrix.features }} --target ${{ matrix.target-triple }}`' + - name: "`cargo build --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }}`" uses: actions-rs/cargo@v1 with: command: build - args: --release --features ${{ matrix.features }} --target ${{ matrix.target-triple }} + args: --release --features ${{ join(matrix.features, ',') }} --target ${{ matrix.target-triple }} # End Build the binary diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml @@ -25,7 +25,7 @@ jobs: sudo curl -L https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint && \ sudo chmod +x /usr/local/bin/hadolint env: - HADOLINT_VERSION: 2.0.0 + HADOLINT_VERSION: 2.3.0 # End Download hadolint # Test Dockerfiles diff --git a/azure-pipelines.yml b/azure-pipelines.yml @@ -1,22 +0,0 @@ -pool: - vmImage: 'Ubuntu-18.04' - -steps: -- script: | - ls -la - curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain $(cat rust-toolchain) --profile=minimal - echo "##vso[task.prependpath]$HOME/.cargo/bin" - displayName: 'Install Rust' - -- script: | - sudo apt-get update - sudo apt-get install -y --no-install-recommends build-essential libmariadb-dev-compat libpq-dev libssl-dev pkgconf - displayName: 'Install build libraries.' - -- script: | - rustc -Vv - cargo -V - displayName: Query rust and cargo versions - -- script : cargo test --features "sqlite,mysql,postgresql" - displayName: 'Test project with sqlite, mysql and postgresql backends' diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 @@ -110,11 +110,7 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ libpq5{{ package_arch_prefix }} \ libpq-dev \ libmariadb-dev{{ package_arch_prefix }} \ - libmariadb-dev-compat{{ package_arch_prefix }} - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ + libmariadb-dev-compat{{ package_arch_prefix }} \ gcc-{{ package_cross_compiler }} \ && mkdir -p ~/.cargo \ && echo '[target.{{ package_arch_target }}]' >> ~/.cargo/config \ @@ -150,16 +146,15 @@ COPY ./build.rs ./build.rs # We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) # We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the {{ package_arch_prefix }} version. # What we can do is a force install, because nothing important is overlapping each other. -RUN apt-get install -y --no-install-recommends libmariadb3:amd64 && \ - apt-get download libmariadb-dev-compat:amd64 && \ - dpkg --force-all -i ./libmariadb-dev-compat*.deb && \ - rm -rvf ./libmariadb-dev-compat*.deb - -# For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. -# The libpq5{{ package_arch_prefix }} package seems to not provide a symlink to libpq.so.5 with the name libpq.so. -# This is only provided by the libpq-dev package which can't be installed for both arch at the same time. -# Without this specific file the ld command will fail and compilation fails with it. -RUN ln -sfnr /usr/lib/{{ package_cross_compiler }}/libpq.so.5 /usr/lib/{{ package_cross_compiler }}/libpq.so +RUN apt-get install -y --no-install-recommends libmariadb3:amd64 \ + && apt-get download libmariadb-dev-compat:amd64 \ + && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ + && rm -rvf ./libmariadb-dev-compat*.deb \ + # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. + # The libpq5{{ package_arch_prefix }} package seems to not provide a symlink to libpq.so.5 with the name libpq.so. + # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. + # Without this specific file the ld command will fail and compilation fails with it. + && ln -sfnr /usr/lib/{{ package_cross_compiler }}/libpq.so.5 /usr/lib/{{ package_cross_compiler }}/libpq.so ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" ENV CROSS_COMPILE="1" @@ -174,8 +169,8 @@ RUN rustup target add {{ package_arch_target }} # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release{{ package_arch_target_param }} -RUN find . -not -path "./target*" -delete +RUN cargo build --features ${DB} --release{{ package_arch_target_param }} \ + && find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore @@ -189,6 +184,7 @@ RUN touch src/main.rs RUN cargo build --features ${DB} --release{{ package_arch_target_param }} {% if "alpine" in target_file %} {% if "armv7" in target_file %} +# hadolint ignore=DL3059 RUN musl-strip target/{{ package_arch_target }}/release/vaultwarden {% endif %} {% endif %} @@ -206,12 +202,14 @@ ENV SSL_CERT_DIR=/etc/ssl/certs {% endif %} {% if "amd64" not in target_file %} +# hadolint ignore=DL3059 RUN [ "cross-build-start" ] - {% endif %} -# Install needed libraries + +# Create data folder and Install needed libraries +RUN mkdir /data \ {% if "alpine" in runtime_stage_base_image %} -RUN apk add --no-cache \ + && apk add --no-cache \ openssl \ curl \ dumb-init \ @@ -223,7 +221,7 @@ RUN apk add --no-cache \ {% endif %} ca-certificates {% else %} -RUN apt-get update && apt-get install -y \ + && apt-get update && apt-get install -y \ --no-install-recommends \ openssl \ ca-certificates \ @@ -234,12 +232,11 @@ RUN apt-get update && apt-get install -y \ && rm -rf /var/lib/apt/lists/* {% endif %} -RUN mkdir /data {% if "amd64" not in target_file %} - +# hadolint ignore=DL3059 RUN [ "cross-build-end" ] - {% endif %} + VOLUME /data EXPOSE 80 EXPOSE 3012 diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile @@ -56,8 +56,8 @@ COPY ./build.rs ./build.rs # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release -RUN find . -not -path "./target*" -delete +RUN cargo build --features ${DB} --release \ + && find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore @@ -79,8 +79,10 @@ ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 -# Install needed libraries -RUN apt-get update && apt-get install -y \ + +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apt-get update && apt-get install -y \ --no-install-recommends \ openssl \ ca-certificates \ @@ -90,7 +92,7 @@ RUN apt-get update && apt-get install -y \ libpq5 \ && rm -rf /var/lib/apt/lists/* -RUN mkdir /data + VOLUME /data EXPOSE 80 EXPOSE 3012 diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine @@ -53,8 +53,8 @@ RUN rustup target add x86_64-unknown-linux-musl # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl -RUN find . -not -path "./target*" -delete +RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \ + && find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore @@ -77,15 +77,17 @@ ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 ENV SSL_CERT_DIR=/etc/ssl/certs -# Install needed libraries -RUN apk add --no-cache \ + +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apk add --no-cache \ openssl \ curl \ dumb-init \ postgresql-libs \ ca-certificates -RUN mkdir /data + VOLUME /data EXPOSE 80 EXPOSE 3012 diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile @@ -49,11 +49,7 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ libpq5:arm64 \ libpq-dev \ libmariadb-dev:arm64 \ - libmariadb-dev-compat:arm64 - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ + libmariadb-dev-compat:arm64 \ gcc-aarch64-linux-gnu \ && mkdir -p ~/.cargo \ && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \ @@ -77,16 +73,15 @@ COPY ./build.rs ./build.rs # We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) # We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :arm64 version. # What we can do is a force install, because nothing important is overlapping each other. -RUN apt-get install -y --no-install-recommends libmariadb3:amd64 && \ - apt-get download libmariadb-dev-compat:amd64 && \ - dpkg --force-all -i ./libmariadb-dev-compat*.deb && \ - rm -rvf ./libmariadb-dev-compat*.deb - -# For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. -# The libpq5:arm64 package seems to not provide a symlink to libpq.so.5 with the name libpq.so. -# This is only provided by the libpq-dev package which can't be installed for both arch at the same time. -# Without this specific file the ld command will fail and compilation fails with it. -RUN ln -sfnr /usr/lib/aarch64-linux-gnu/libpq.so.5 /usr/lib/aarch64-linux-gnu/libpq.so +RUN apt-get install -y --no-install-recommends libmariadb3:amd64 \ + && apt-get download libmariadb-dev-compat:amd64 \ + && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ + && rm -rvf ./libmariadb-dev-compat*.deb \ + # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. + # The libpq5:arm64 package seems to not provide a symlink to libpq.so.5 with the name libpq.so. + # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. + # Without this specific file the ld command will fail and compilation fails with it. + && ln -sfnr /usr/lib/aarch64-linux-gnu/libpq.so.5 /usr/lib/aarch64-linux-gnu/libpq.so ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" ENV CROSS_COMPILE="1" @@ -97,8 +92,8 @@ RUN rustup target add aarch64-unknown-linux-gnu # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu -RUN find . -not -path "./target*" -delete +RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \ + && find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore @@ -120,10 +115,12 @@ ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 +# hadolint ignore=DL3059 RUN [ "cross-build-start" ] -# Install needed libraries -RUN apt-get update && apt-get install -y \ +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apt-get update && apt-get install -y \ --no-install-recommends \ openssl \ ca-certificates \ @@ -133,8 +130,7 @@ RUN apt-get update && apt-get install -y \ libpq5 \ && rm -rf /var/lib/apt/lists/* -RUN mkdir /data - +# hadolint ignore=DL3059 RUN [ "cross-build-end" ] VOLUME /data diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile @@ -49,11 +49,7 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ libpq5:armel \ libpq-dev \ libmariadb-dev:armel \ - libmariadb-dev-compat:armel - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ + libmariadb-dev-compat:armel \ gcc-arm-linux-gnueabi \ && mkdir -p ~/.cargo \ && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \ @@ -77,16 +73,15 @@ COPY ./build.rs ./build.rs # We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) # We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :armel version. # What we can do is a force install, because nothing important is overlapping each other. -RUN apt-get install -y --no-install-recommends libmariadb3:amd64 && \ - apt-get download libmariadb-dev-compat:amd64 && \ - dpkg --force-all -i ./libmariadb-dev-compat*.deb && \ - rm -rvf ./libmariadb-dev-compat*.deb - -# For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. -# The libpq5:armel package seems to not provide a symlink to libpq.so.5 with the name libpq.so. -# This is only provided by the libpq-dev package which can't be installed for both arch at the same time. -# Without this specific file the ld command will fail and compilation fails with it. -RUN ln -sfnr /usr/lib/arm-linux-gnueabi/libpq.so.5 /usr/lib/arm-linux-gnueabi/libpq.so +RUN apt-get install -y --no-install-recommends libmariadb3:amd64 \ + && apt-get download libmariadb-dev-compat:amd64 \ + && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ + && rm -rvf ./libmariadb-dev-compat*.deb \ + # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. + # The libpq5:armel package seems to not provide a symlink to libpq.so.5 with the name libpq.so. + # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. + # Without this specific file the ld command will fail and compilation fails with it. + && ln -sfnr /usr/lib/arm-linux-gnueabi/libpq.so.5 /usr/lib/arm-linux-gnueabi/libpq.so ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" ENV CROSS_COMPILE="1" @@ -97,8 +92,8 @@ RUN rustup target add arm-unknown-linux-gnueabi # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi -RUN find . -not -path "./target*" -delete +RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \ + && find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore @@ -120,10 +115,12 @@ ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 +# hadolint ignore=DL3059 RUN [ "cross-build-start" ] -# Install needed libraries -RUN apt-get update && apt-get install -y \ +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apt-get update && apt-get install -y \ --no-install-recommends \ openssl \ ca-certificates \ @@ -133,8 +130,7 @@ RUN apt-get update && apt-get install -y \ libpq5 \ && rm -rf /var/lib/apt/lists/* -RUN mkdir /data - +# hadolint ignore=DL3059 RUN [ "cross-build-end" ] VOLUME /data diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile @@ -49,11 +49,7 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \ libpq5:armhf \ libpq-dev \ libmariadb-dev:armhf \ - libmariadb-dev-compat:armhf - -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ + libmariadb-dev-compat:armhf \ gcc-arm-linux-gnueabihf \ && mkdir -p ~/.cargo \ && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \ @@ -77,16 +73,15 @@ COPY ./build.rs ./build.rs # We at least need libmariadb3:amd64 installed for the x86_64 version of libmariadb.so (client) # We also need the libmariadb-dev-compat:amd64 but it can not be installed together with the :armhf version. # What we can do is a force install, because nothing important is overlapping each other. -RUN apt-get install -y --no-install-recommends libmariadb3:amd64 && \ - apt-get download libmariadb-dev-compat:amd64 && \ - dpkg --force-all -i ./libmariadb-dev-compat*.deb && \ - rm -rvf ./libmariadb-dev-compat*.deb - -# For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. -# The libpq5:armhf package seems to not provide a symlink to libpq.so.5 with the name libpq.so. -# This is only provided by the libpq-dev package which can't be installed for both arch at the same time. -# Without this specific file the ld command will fail and compilation fails with it. -RUN ln -sfnr /usr/lib/arm-linux-gnueabihf/libpq.so.5 /usr/lib/arm-linux-gnueabihf/libpq.so +RUN apt-get install -y --no-install-recommends libmariadb3:amd64 \ + && apt-get download libmariadb-dev-compat:amd64 \ + && dpkg --force-all -i ./libmariadb-dev-compat*.deb \ + && rm -rvf ./libmariadb-dev-compat*.deb \ + # For Diesel-RS migrations_macros to compile with PostgreSQL we need to do some magic. + # The libpq5:armhf package seems to not provide a symlink to libpq.so.5 with the name libpq.so. + # This is only provided by the libpq-dev package which can't be installed for both arch at the same time. + # Without this specific file the ld command will fail and compilation fails with it. + && ln -sfnr /usr/lib/arm-linux-gnueabihf/libpq.so.5 /usr/lib/arm-linux-gnueabihf/libpq.so ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" ENV CROSS_COMPILE="1" @@ -97,8 +92,8 @@ RUN rustup target add armv7-unknown-linux-gnueabihf # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf -RUN find . -not -path "./target*" -delete +RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \ + && find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore @@ -120,10 +115,12 @@ ENV ROCKET_ENV "staging" ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 +# hadolint ignore=DL3059 RUN [ "cross-build-start" ] -# Install needed libraries -RUN apt-get update && apt-get install -y \ +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apt-get update && apt-get install -y \ --no-install-recommends \ openssl \ ca-certificates \ @@ -133,8 +130,7 @@ RUN apt-get update && apt-get install -y \ libpq5 \ && rm -rf /var/lib/apt/lists/* -RUN mkdir /data - +# hadolint ignore=DL3059 RUN [ "cross-build-end" ] VOLUME /data diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine @@ -54,8 +54,8 @@ RUN rustup target add armv7-unknown-linux-musleabihf # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf -RUN find . -not -path "./target*" -delete +RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \ + && find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore @@ -67,6 +67,7 @@ RUN touch src/main.rs # Builds again, this time it'll just be # your actual source files being built RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf +# hadolint ignore=DL3059 RUN musl-strip target/armv7-unknown-linux-musleabihf/release/vaultwarden ######################## RUNTIME IMAGE ######################## @@ -79,17 +80,18 @@ ENV ROCKET_PORT=80 ENV ROCKET_WORKERS=10 ENV SSL_CERT_DIR=/etc/ssl/certs +# hadolint ignore=DL3059 RUN [ "cross-build-start" ] -# Install needed libraries -RUN apk add --no-cache \ +# Create data folder and Install needed libraries +RUN mkdir /data \ + && apk add --no-cache \ openssl \ curl \ dumb-init \ ca-certificates -RUN mkdir /data - +# hadolint ignore=DL3059 RUN [ "cross-build-end" ] VOLUME /data