commit 8280d200ea6c39757783f02756eb45141d3e50fe
parent f250c5481302280360a89c25a5fd02607b91c53f
Author: Robin Schneider <ypid@riseup.net>
Date: Sat, 28 Dec 2019 22:52:01 +0100
Generate Dockerfiles from one source for maintainability. Closes #785.
Diffstat:
15 files changed, 615 insertions(+), 148 deletions(-)
diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2
@@ -0,0 +1,276 @@
+# Using multistage build:
+# https://docs.docker.com/develop/develop-images/multistage-build/
+# https://whitfin.io/speeding-up-rust-docker-builds/
+####################### VAULT BUILD IMAGE #######################
+{% if "alpine" in target_file %}
+{% set preferred_base_image = "alpine:3.11" %}
+{% set package_arch_name = "" %}
+{% elif "amd64" in target_file %}
+{% set preferred_base_image = "debian:buster-slim" %}
+{% set package_arch_name = "" %}
+{% elif "aarch64" in target_file %}
+{% set preferred_base_image = "balenalib/aarch64-debian:buster" %}
+{% set package_arch_name = "arm64" %}
+{% elif "armv6" in target_file %}
+{% set preferred_base_image = "balenalib/rpi-debian:buster" %}
+{% set package_arch_name = "armel" %}
+{% elif "armv7" in target_file %}
+{% set preferred_base_image = "balenalib/armv7hf-debian:buster" %}
+{% set package_arch_name = "armhf" %}
+{% endif %}
+{% set package_arch_prefix = ":" + package_arch_name %}
+{% if package_arch_name == "" %}
+{% set package_arch_prefix = "" %}
+{% endif %}
+FROM {{ preferred_base_image }} as vault
+
+ENV VAULT_VERSION "v2.12.0b"
+
+ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
+
+{% if "alpine" in target_file %}
+RUN apk add --no-cache --upgrade \
+ curl \
+ tar
+{% else %}
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
+{% endif %}
+
+RUN mkdir /web-vault
+WORKDIR /web-vault
+
+{% if "alpine" in target_file %}
+SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
+{% else %}
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
+{% endif %}
+
+RUN curl -L $URL | tar xz
+RUN ls
+
+########################## BUILD IMAGE ##########################
+{% if "alpine" in target_file %}
+# Musl build image for statically compiled binary
+FROM clux/muslrust:nightly-2019-12-19 as build
+{% else %}
+# We need to use the Rust build image, because
+# we need the Rust compiler and Cargo tooling
+FROM rust:1.40 as build
+{% endif %}
+
+{% if "sqlite" in target_file %}
+# set sqlite as default for DB ARG for backward compatibility
+ARG DB=sqlite
+{% elif "mysql" in target_file %}
+# set mysql backend
+ARG DB=mysql
+{% elif "postgresql" in target_file %}
+# set postgresql backend
+ARG DB=postgresql
+{% endif %}
+
+# Don't download rust docs
+RUN rustup set profile minimal
+
+{% if "alpine" in target_file %}
+ENV USER "root"
+
+{% endif %}
+{% if "aarch64" in target_file %}
+RUN apt-get update \
+ && apt-get install -y \
+ --no-install-recommends \
+ gcc-aarch64-linux-gnu \
+ && mkdir -p ~/.cargo \
+ && echo '[target.aarch64-unknown-linux-gnu]' >> ~/.cargo/config \
+ && echo 'linker = "aarch64-linux-gnu-gcc"' >> ~/.cargo/config
+
+ENV CARGO_HOME "/root/.cargo"
+ENV USER "root"
+
+{% elif "armv6" in target_file %}
+RUN apt-get update \
+ && apt-get install -y \
+ --no-install-recommends \
+ gcc-arm-linux-gnueabi \
+ && mkdir -p ~/.cargo \
+ && echo '[target.arm-unknown-linux-gnueabi]' >> ~/.cargo/config \
+ && echo 'linker = "arm-linux-gnueabi-gcc"' >> ~/.cargo/config
+
+ENV CARGO_HOME "/root/.cargo"
+ENV USER "root"
+
+{% elif "armv6" in target_file %}
+RUN apt-get update \
+ && apt-get install -y \
+ --no-install-recommends \
+ gcc-arm-linux-gnueabihf \
+ && mkdir -p ~/.cargo \
+ && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \
+ && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config
+
+ENV CARGO_HOME "/root/.cargo"
+ENV USER "root"
+
+{% endif %}
+{% if "mysql" in target_file %}
+# Install MySQL package
+RUN apt-get update && apt-get install -y \
+ --no-install-recommends \
+ libmariadb-dev{{ package_arch_prefix }} \
+ && rm -rf /var/lib/apt/lists/*
+
+{% elif "postgresql" in target_file %}
+# Install PostgreSQL package
+RUN apt-get update && apt-get install -y \
+ --no-install-recommends \
+ libpq-dev{{ package_arch_prefix }} \
+ && rm -rf /var/lib/apt/lists/*
+
+{% endif %}
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
+WORKDIR /app
+
+{% if "aarch64" in target_file or "armv" in target_file %}
+# Install required build libs for {{ package_arch_name }} architecture.
+RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
+ /etc/apt/sources.list.d/deb-src.list \
+ && dpkg --add-architecture {{ package_arch_name }} \
+ && apt-get update \
+ && apt-get install -y \
+ --no-install-recommends \
+ libssl-dev{{ package_arch_prefix }} \
+ libc6-dev{{ package_arch_prefix }}
+
+{% endif -%}
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+{% if "aarch64" in target_file %}
+ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
+ENV CROSS_COMPILE="1"
+ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
+ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
+{% elif "armv6" in target_file %}
+ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
+ENV CROSS_COMPILE="1"
+ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
+ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
+{% endif -%}
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
+
+# Copies the complete project
+# To avoid copying unneeded files, use .dockerignore
+COPY . .
+
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+{% if "alpine" in target_file %}
+RUN rustup target add x86_64-unknown-linux-musl
+
+{% endif %}
+# Builds again, this time it'll just be
+# your actual source files being built
+{% if "amd64" in target_file %}
+RUN cargo build --features ${DB} --release
+{% elif "aarch64" in target_file %}
+RUN rustup target add aarch64-unknown-linux-gnu
+RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
+{% endif %}
+
+######################## RUNTIME IMAGE ########################
+# Create a new stage with a minimal image
+# because we already have a binary built
+FROM {{ preferred_base_image }}
+
+ENV ROCKET_ENV "staging"
+ENV ROCKET_PORT=80
+ENV ROCKET_WORKERS=10
+{% if "alpine" in target_file %}
+ENV SSL_CERT_DIR=/etc/ssl/certs
+{% endif %}
+
+{% if "amd64" not in target_file %}
+RUN [ "cross-build-start" ]
+{% endif %}
+
+# Install needed libraries
+{% if "alpine" in target_file %}
+RUN apk add --no-cache \
+ openssl \
+ curl \
+{% if "sqlite" in target_file %}
+ sqlite \
+{% elif "mysql" in target_file %}
+ mariadb-connector-c \
+{% elif "postgresql" in target_file %}
+ postgresql-libs \
+{% endif %}
+ ca-certificates
+{% else %}
+RUN apt-get update && apt-get install -y \
+ --no-install-recommends \
+ openssl \
+ ca-certificates \
+ curl \
+{% if "sqlite" in target_file %}
+ sqlite3 \
+{% elif "mysql" in target_file %}
+ libmariadbclient-dev \
+{% elif "postgresql" in target_file %}
+ libpq5 \
+{% endif %}
+ && rm -rf /var/lib/apt/lists/*
+{% endif %}
+
+RUN mkdir /data
+{% if "amd64" not in target_file %}
+
+RUN [ "cross-build-end" ]
+
+{% endif %}
+VOLUME /data
+EXPOSE 80
+EXPOSE 3012
+
+# Copies the files from the context (Rocket.toml file and web-vault)
+# and the binary from the "build" stage to the current stage
+COPY Rocket.toml .
+COPY --from=vault /web-vault ./web-vault
+{% if "alpine" in target_file %}
+COPY --from=build /app/target/x86_64-unknown-linux-musl/release/bitwarden_rs .
+{% elif "aarch64" in target_file %}
+COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/bitwarden_rs .
+{% elif "armv6" in target_file %}
+COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/bitwarden_rs .
+{% elif "armv7" in target_file %}
+COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/bitwarden_rs .
+{% else %}
+COPY --from=build app/target/release/bitwarden_rs .
+{% endif %}
+
+COPY docker/healthcheck.sh ./healthcheck.sh
+
+HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
+
+# Configures the startup!
+WORKDIR /
+CMD ["/bitwarden_rs"]
diff --git a/docker/Makefile b/docker/Makefile
@@ -0,0 +1,9 @@
+OBJECTS := $(shell find -mindepth 2 -name 'Dockerfile*')
+
+all: $(OBJECTS)
+
+%/Dockerfile: Dockerfile.j2 render_template
+ ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
+
+%/Dockerfile.alpine: Dockerfile.j2 render_template
+ ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
diff --git a/docker/aarch64/mysql/Dockerfile b/docker/aarch64/mysql/Dockerfile
@@ -1,21 +1,27 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
-FROM alpine:3.11 as vault
+FROM balenalib/aarch64-debian:buster as vault
ENV VAULT_VERSION "v2.12.0b"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-RUN apk add --no-cache --upgrade \
- curl \
- tar
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -42,9 +48,17 @@ RUN apt-get update \
ENV CARGO_HOME "/root/.cargo"
ENV USER "root"
+# Install MySQL package
+RUN apt-get update && apt-get install -y \
+ --no-install-recommends \
+ libmariadb-dev:arm64 \
+ && rm -rf /var/lib/apt/lists/*
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
-# Prepare openssl arm64 libs
+# Install required build libs for arm64 architecture.
RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
/etc/apt/sources.list.d/deb-src.list \
&& dpkg --add-architecture arm64 \
@@ -52,19 +66,32 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
&& apt-get install -y \
--no-install-recommends \
libssl-dev:arm64 \
- libc6-dev:arm64 \
- libmariadb-dev:arm64
+ libc6-dev:arm64
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
ENV CROSS_COMPILE="1"
ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-# Build
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
RUN rustup target add aarch64-unknown-linux-gnu
RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
@@ -86,14 +113,15 @@ RUN apt-get update && apt-get install -y \
ca-certificates \
curl \
libmariadbclient-dev \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/*
RUN mkdir /data
-RUN [ "cross-build-end" ]
+RUN [ "cross-build-end" ]
VOLUME /data
EXPOSE 80
+EXPOSE 3012
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
diff --git a/docker/aarch64/sqlite/Dockerfile b/docker/aarch64/sqlite/Dockerfile
@@ -1,21 +1,27 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
-FROM alpine:3.11 as vault
+FROM balenalib/aarch64-debian:buster as vault
ENV VAULT_VERSION "v2.12.0b"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-RUN apk add --no-cache --upgrade \
- curl \
- tar
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -25,7 +31,7 @@ RUN ls
# we need the Rust compiler and Cargo tooling
FROM rust:1.40 as build
-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
ARG DB=sqlite
# Don't download rust docs
@@ -42,9 +48,11 @@ RUN apt-get update \
ENV CARGO_HOME "/root/.cargo"
ENV USER "root"
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
-# Prepare openssl arm64 libs
+# Install required build libs for arm64 architecture.
RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
/etc/apt/sources.list.d/deb-src.list \
&& dpkg --add-architecture arm64 \
@@ -54,16 +62,30 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
libssl-dev:arm64 \
libc6-dev:arm64
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc"
ENV CROSS_COMPILE="1"
ENV OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu"
ENV OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-# Build
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
RUN rustup target add aarch64-unknown-linux-gnu
RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
@@ -85,14 +107,15 @@ RUN apt-get update && apt-get install -y \
ca-certificates \
curl \
sqlite3 \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/*
RUN mkdir /data
-RUN [ "cross-build-end" ]
+RUN [ "cross-build-end" ]
VOLUME /data
EXPOSE 80
+EXPOSE 3012
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
diff --git a/docker/amd64/mysql/Dockerfile b/docker/amd64/mysql/Dockerfile
@@ -1,21 +1,27 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
-FROM alpine:3.11 as vault
+FROM debian:buster-slim as vault
ENV VAULT_VERSION "v2.12.0b"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-RUN apk add --no-cache --upgrade \
- curl \
- tar
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -72,6 +78,7 @@ ENV ROCKET_ENV "staging"
ENV ROCKET_PORT=80
ENV ROCKET_WORKERS=10
+
# Install needed libraries
RUN apt-get update && apt-get install -y \
--no-install-recommends \
diff --git a/docker/amd64/mysql/Dockerfile.alpine b/docker/amd64/mysql/Dockerfile.alpine
@@ -1,4 +1,4 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
@@ -15,7 +15,7 @@ RUN apk add --no-cache --upgrade \
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -32,24 +32,38 @@ RUN rustup set profile minimal
ENV USER "root"
-# Install needed libraries
+# Install MySQL package
RUN apt-get update && apt-get install -y \
--no-install-recommends \
- libmysqlclient-dev \
+ libmariadb-dev \
&& rm -rf /var/lib/apt/lists/*
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
+
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-RUN rustup target add x86_64-unknown-linux-musl
-
# Make sure that we actually build the project
RUN touch src/main.rs
-# Build
+RUN rustup target add x86_64-unknown-linux-musl
+
+# Builds again, this time it'll just be
+# your actual source files being built
RUN cargo build --features ${DB} --release
######################## RUNTIME IMAGE ########################
@@ -62,11 +76,12 @@ ENV ROCKET_PORT=80
ENV ROCKET_WORKERS=10
ENV SSL_CERT_DIR=/etc/ssl/certs
+
# Install needed libraries
RUN apk add --no-cache \
openssl \
- mariadb-connector-c \
curl \
+ mariadb-connector-c \
ca-certificates
RUN mkdir /data
diff --git a/docker/amd64/postgresql/Dockerfile b/docker/amd64/postgresql/Dockerfile
@@ -1,21 +1,27 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
-FROM alpine:3.11 as vault
+FROM debian:buster-slim as vault
ENV VAULT_VERSION "v2.12.0b"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-RUN apk add --no-cache --upgrade \
- curl \
- tar
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -25,19 +31,13 @@ RUN ls
# we need the Rust compiler and Cargo tooling
FROM rust:1.40 as build
-# set mysql backend
+# set postgresql backend
ARG DB=postgresql
# Don't download rust docs
RUN rustup set profile minimal
-# Using bundled SQLite, no need to install it
-# RUN apt-get update && apt-get install -y\
-# --no-install-recommends \
-# sqlite3\
-# && rm -rf /var/lib/apt/lists/*
-
-# Install MySQL package
+# Install PostgreSQL package
RUN apt-get update && apt-get install -y \
--no-install-recommends \
libpq-dev \
@@ -78,13 +78,13 @@ ENV ROCKET_ENV "staging"
ENV ROCKET_PORT=80
ENV ROCKET_WORKERS=10
+
# Install needed libraries
RUN apt-get update && apt-get install -y \
--no-install-recommends \
openssl \
ca-certificates \
curl \
- sqlite3 \
libpq5 \
&& rm -rf /var/lib/apt/lists/*
diff --git a/docker/amd64/postgresql/Dockerfile.alpine b/docker/amd64/postgresql/Dockerfile.alpine
@@ -1,4 +1,4 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
@@ -15,7 +15,7 @@ RUN apk add --no-cache --upgrade \
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -32,24 +32,38 @@ RUN rustup set profile minimal
ENV USER "root"
-# Install needed libraries
+# Install PostgreSQL package
RUN apt-get update && apt-get install -y \
--no-install-recommends \
libpq-dev \
&& rm -rf /var/lib/apt/lists/*
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
+
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-RUN rustup target add x86_64-unknown-linux-musl
-
# Make sure that we actually build the project
RUN touch src/main.rs
-# Build
+RUN rustup target add x86_64-unknown-linux-musl
+
+# Builds again, this time it'll just be
+# your actual source files being built
RUN cargo build --features ${DB} --release
######################## RUNTIME IMAGE ########################
@@ -62,12 +76,12 @@ ENV ROCKET_PORT=80
ENV ROCKET_WORKERS=10
ENV SSL_CERT_DIR=/etc/ssl/certs
+
# Install needed libraries
RUN apk add --no-cache \
openssl \
- postgresql-libs \
curl \
- sqlite \
+ postgresql-libs \
ca-certificates
RUN mkdir /data
diff --git a/docker/amd64/sqlite/Dockerfile b/docker/amd64/sqlite/Dockerfile
@@ -1,4 +1,4 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
@@ -31,7 +31,7 @@ RUN ls
# we need the Rust compiler and Cargo tooling
FROM rust:1.40 as build
-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
ARG DB=sqlite
# Don't download rust docs
@@ -72,6 +72,7 @@ ENV ROCKET_ENV "staging"
ENV ROCKET_PORT=80
ENV ROCKET_WORKERS=10
+
# Install needed libraries
RUN apt-get update && apt-get install -y \
--no-install-recommends \
diff --git a/docker/amd64/sqlite/Dockerfile.alpine b/docker/amd64/sqlite/Dockerfile.alpine
@@ -1,4 +1,4 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
@@ -15,7 +15,7 @@ RUN apk add --no-cache --upgrade \
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/ash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -24,7 +24,7 @@ RUN ls
# Musl build image for statically compiled binary
FROM clux/muslrust:nightly-2019-12-19 as build
-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
ARG DB=sqlite
# Don't download rust docs
@@ -32,18 +32,32 @@ RUN rustup set profile minimal
ENV USER "root"
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
+
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-RUN rustup target add x86_64-unknown-linux-musl
-
# Make sure that we actually build the project
RUN touch src/main.rs
-# Build
+RUN rustup target add x86_64-unknown-linux-musl
+
+# Builds again, this time it'll just be
+# your actual source files being built
RUN cargo build --features ${DB} --release
######################## RUNTIME IMAGE ########################
@@ -56,6 +70,7 @@ ENV ROCKET_PORT=80
ENV ROCKET_WORKERS=10
ENV SSL_CERT_DIR=/etc/ssl/certs
+
# Install needed libraries
RUN apk add --no-cache \
openssl \
@@ -78,7 +93,6 @@ COPY docker/healthcheck.sh ./healthcheck.sh
HEALTHCHECK --interval=30s --timeout=3s CMD sh healthcheck.sh || exit 1
-
# Configures the startup!
WORKDIR /
CMD ["/bitwarden_rs"]
diff --git a/docker/armv6/mysql/Dockerfile b/docker/armv6/mysql/Dockerfile
@@ -1,21 +1,27 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
-FROM alpine:3.11 as vault
+FROM balenalib/rpi-debian:buster as vault
ENV VAULT_VERSION "v2.12.0b"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-RUN apk add --no-cache --upgrade \
- curl \
- tar
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -42,9 +48,17 @@ RUN apt-get update \
ENV CARGO_HOME "/root/.cargo"
ENV USER "root"
+# Install MySQL package
+RUN apt-get update && apt-get install -y \
+ --no-install-recommends \
+ libmariadb-dev:armel \
+ && rm -rf /var/lib/apt/lists/*
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
-# Prepare openssl armel libs
+# Install required build libs for armel architecture.
RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
/etc/apt/sources.list.d/deb-src.list \
&& dpkg --add-architecture armel \
@@ -52,21 +66,32 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
&& apt-get install -y \
--no-install-recommends \
libssl-dev:armel \
- libc6-dev:armel \
- libmariadb-dev:armel
+ libc6-dev:armel
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
ENV CROSS_COMPILE="1"
ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-# Build
-RUN rustup target add arm-unknown-linux-gnueabi
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
@@ -90,10 +115,11 @@ RUN apt-get update && apt-get install -y \
RUN mkdir /data
-RUN [ "cross-build-end" ]
+RUN [ "cross-build-end" ]
VOLUME /data
EXPOSE 80
+EXPOSE 3012
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
diff --git a/docker/armv6/sqlite/Dockerfile b/docker/armv6/sqlite/Dockerfile
@@ -1,21 +1,27 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
-FROM alpine:3.11 as vault
+FROM balenalib/rpi-debian:buster as vault
ENV VAULT_VERSION "v2.12.0b"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-RUN apk add --no-cache --upgrade \
- curl \
- tar
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -25,7 +31,7 @@ RUN ls
# we need the Rust compiler and Cargo tooling
FROM rust:1.40 as build
-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
ARG DB=sqlite
# Don't download rust docs
@@ -42,9 +48,11 @@ RUN apt-get update \
ENV CARGO_HOME "/root/.cargo"
ENV USER "root"
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
-# Prepare openssl armel libs
+# Install required build libs for armel architecture.
RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
/etc/apt/sources.list.d/deb-src.list \
&& dpkg --add-architecture armel \
@@ -54,18 +62,30 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
libssl-dev:armel \
libc6-dev:armel
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc"
ENV CROSS_COMPILE="1"
ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi"
ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-# Build
-RUN rustup target add arm-unknown-linux-gnueabi
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
@@ -89,10 +109,11 @@ RUN apt-get update && apt-get install -y \
RUN mkdir /data
-RUN [ "cross-build-end" ]
+RUN [ "cross-build-end" ]
VOLUME /data
EXPOSE 80
+EXPOSE 3012
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
diff --git a/docker/armv7/mysql/Dockerfile b/docker/armv7/mysql/Dockerfile
@@ -1,21 +1,27 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
-FROM alpine:3.11 as vault
+FROM balenalib/armv7hf-debian:buster as vault
ENV VAULT_VERSION "v2.12.0b"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-RUN apk add --no-cache --upgrade \
- curl \
- tar
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -31,20 +37,17 @@ ARG DB=mysql
# Don't download rust docs
RUN rustup set profile minimal
-RUN apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- gcc-arm-linux-gnueabihf \
- && mkdir -p ~/.cargo \
- && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \
- && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config
-
-ENV CARGO_HOME "/root/.cargo"
-ENV USER "root"
+# Install MySQL package
+RUN apt-get update && apt-get install -y \
+ --no-install-recommends \
+ libmariadb-dev:armhf \
+ && rm -rf /var/lib/apt/lists/*
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
-# Prepare openssl armhf libs
+# Install required build libs for armhf architecture.
RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
/etc/apt/sources.list.d/deb-src.list \
&& dpkg --add-architecture armhf \
@@ -52,22 +55,28 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
&& apt-get install -y \
--no-install-recommends \
libssl-dev:armhf \
- libc6-dev:armhf \
- libmariadb-dev:armhf
+ libc6-dev:armhf
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
-ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc"
-ENV CROSS_COMPILE="1"
-ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf"
-ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-# Build
-RUN rustup target add armv7-unknown-linux-gnueabihf
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
@@ -91,10 +100,11 @@ RUN apt-get update && apt-get install -y \
RUN mkdir /data
-RUN [ "cross-build-end" ]
+RUN [ "cross-build-end" ]
VOLUME /data
EXPOSE 80
+EXPOSE 3012
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
diff --git a/docker/armv7/sqlite/Dockerfile b/docker/armv7/sqlite/Dockerfile
@@ -1,21 +1,27 @@
-# Using multistage build:
+# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
####################### VAULT BUILD IMAGE #######################
-FROM alpine:3.11 as vault
+FROM balenalib/armv7hf-debian:buster as vault
ENV VAULT_VERSION "v2.12.0b"
ENV URL "https://github.com/dani-garcia/bw_web_builds/releases/download/$VAULT_VERSION/bw_web_$VAULT_VERSION.tar.gz"
-RUN apk add --no-cache --upgrade \
- curl \
- tar
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color
+
+RUN apt update -y \
+ && apt install -y \
+ curl \
+ tar
RUN mkdir /web-vault
WORKDIR /web-vault
-SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+SHELL ["/bin/bash", "-o", "nounset", "-o", "pipefail", "-o", "errexit", "-c"]
RUN curl -L $URL | tar xz
RUN ls
@@ -25,26 +31,17 @@ RUN ls
# we need the Rust compiler and Cargo tooling
FROM rust:1.40 as build
-# set sqlite as default for DB ARG for backward comaptibility
+# set sqlite as default for DB ARG for backward compatibility
ARG DB=sqlite
# Don't download rust docs
RUN rustup set profile minimal
-RUN apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- gcc-arm-linux-gnueabihf \
- && mkdir -p ~/.cargo \
- && echo '[target.armv7-unknown-linux-gnueabihf]' >> ~/.cargo/config \
- && echo 'linker = "arm-linux-gnueabihf-gcc"' >> ~/.cargo/config
-
-ENV CARGO_HOME "/root/.cargo"
-ENV USER "root"
-
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin app
WORKDIR /app
-# Prepare openssl armhf libs
+# Install required build libs for armhf architecture.
RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
/etc/apt/sources.list.d/deb-src.list \
&& dpkg --add-architecture armhf \
@@ -54,18 +51,26 @@ RUN sed 's/^deb/deb-src/' /etc/apt/sources.list > \
libssl-dev:armhf \
libc6-dev:armhf
-ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc"
-ENV CROSS_COMPILE="1"
-ENV OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf"
-ENV OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain ./rust-toolchain
+COPY ./build.rs ./build.rs
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN cargo build --features ${DB} --release
+RUN find . -not -path "./target*" -delete
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-# Build
-RUN rustup target add armv7-unknown-linux-gnueabihf
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
+# Make sure that we actually build the project
+RUN touch src/main.rs
+
+# Builds again, this time it'll just be
+# your actual source files being built
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
@@ -89,10 +94,11 @@ RUN apt-get update && apt-get install -y \
RUN mkdir /data
-RUN [ "cross-build-end" ]
+RUN [ "cross-build-end" ]
VOLUME /data
EXPOSE 80
+EXPOSE 3012
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
diff --git a/docker/render_template b/docker/render_template
@@ -0,0 +1,17 @@
+#!/usr/bin/env python3
+
+import os, argparse, json
+
+import jinja2
+
+args_parser = argparse.ArgumentParser()
+args_parser.add_argument('template_file', help='Jinja2 template file to render.')
+args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.')
+cli_args = args_parser.parse_args()
+
+render_vars = json.loads(cli_args.render_vars)
+environment = jinja2.Environment(
+ loader=jinja2.FileSystemLoader(os.getcwd()),
+ trim_blocks=True,
+)
+print(environment.get_template(cli_args.template_file).render(render_vars))
