commit d722328f05f65910e00d01c7b156d30ab9ac8986
parent cb4b683dcd51eff4508bcf50e34d657b8d2225d4
Author: Mathijs van Veluw <black.dex@gmail.com>
Date: Mon, 23 Oct 2023 00:18:38 +0200
Container building changes (#3958)
* WIP: Container building changes
* Small updates
- Updated to rust 1.73.0
- Updated crates
- Updated documentation
- Added a bake.sh script to make baking easier
* Update GitHub Actions Workflow
- Updated workflow to use qemu and buildx bake
In the future i would like to extract the alpine based binaries and add
them as artifacts to the release.
* Address review remarks and small updates
- Addressed review remarks
- Added `podman-bake.sh` script to build Vaultwarden with podman
- Updated README
- Updated crates
- Added `VW_VERSION` support
- Added annotations
- Updated web-vault to v2023.9.1
Diffstat:
43 files changed, 1745 insertions(+), 2950 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,6 +12,7 @@ on:
- "rustfmt.toml"
- "diesel.toml"
- "docker/Dockerfile.j2"
+ - "docker/DockerSettings.yaml"
pull_request:
paths:
- ".github/workflows/build.yml"
@@ -23,6 +24,7 @@ on:
- "rustfmt.toml"
- "diesel.toml"
- "docker/Dockerfile.j2"
+ - "docker/DockerSettings.yaml"
jobs:
build:
@@ -32,7 +34,6 @@ jobs:
# This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes.
env:
RUSTFLAGS: "-D warnings"
- CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
strategy:
fail-fast: false
matrix:
@@ -113,46 +114,46 @@ jobs:
prefix-key: "v2023.07-rust"
# End Enable Rust Caching
- # Run cargo tests (In release mode to speed up future builds)
+ # Run cargo tests
# First test all features together, afterwards test them separately.
- name: "test features: sqlite,mysql,postgresql,enable_mimalloc"
id: test_sqlite_mysql_postgresql_mimalloc
if: $${{ always() }}
run: |
- cargo test --release --features sqlite,mysql,postgresql,enable_mimalloc
+ cargo test --features sqlite,mysql,postgresql,enable_mimalloc
- name: "test features: sqlite,mysql,postgresql"
id: test_sqlite_mysql_postgresql
if: $${{ always() }}
run: |
- cargo test --release --features sqlite,mysql,postgresql
+ cargo test --features sqlite,mysql,postgresql
- name: "test features: sqlite"
id: test_sqlite
if: $${{ always() }}
run: |
- cargo test --release --features sqlite
+ cargo test --features sqlite
- name: "test features: mysql"
id: test_mysql
if: $${{ always() }}
run: |
- cargo test --release --features mysql
+ cargo test --features mysql
- name: "test features: postgresql"
id: test_postgresql
if: $${{ always() }}
run: |
- cargo test --release --features postgresql
+ cargo test --features postgresql
# End Run cargo tests
- # Run cargo clippy, and fail on warnings (In release mode to speed up future builds)
+ # Run cargo clippy, and fail on warnings
- name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc"
id: clippy
if: ${{ always() && matrix.channel == 'rust-toolchain' }}
run: |
- cargo clippy --release --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
+ cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings
# End Run cargo clippy
@@ -194,21 +195,3 @@ jobs:
run: |
echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
-
-
- # Build the binary to upload to the artifacts
- - name: "build features: sqlite,mysql,postgresql"
- if: ${{ matrix.channel == 'rust-toolchain' }}
- run: |
- cargo build --release --features sqlite,mysql,postgresql
- # End Build the binary
-
-
- # Upload artifact to Github Actions
- - name: "Upload artifact"
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- if: ${{ matrix.channel == 'rust-toolchain' }}
- with:
- name: vaultwarden
- path: target/release/vaultwarden
- # End Upload artifact to Github Actions
diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml
@@ -16,7 +16,6 @@ jobs:
uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
# End Checkout the repo
-
# Download hadolint - https://github.com/hadolint/hadolint/releases
- name: Download hadolint
shell: bash
@@ -30,5 +29,5 @@ jobs:
# Test Dockerfiles
- name: Run hadolint
shell: bash
- run: git ls-files --exclude='docker/*/Dockerfile*' --ignored --cached | xargs hadolint
+ run: hadolint docker/Dockerfile.{debian,alpine}
# End Test Dockerfiles
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -6,7 +6,6 @@ on:
- ".github/workflows/release.yml"
- "src/**"
- "migrations/**"
- - "hooks/**"
- "docker/**"
- "Cargo.*"
- "build.rs"
@@ -15,6 +14,7 @@ on:
branches: # Only on paths above
- main
+ - release-build-revision
tags: # Always, regardless of paths above
- '*'
@@ -35,23 +35,20 @@ jobs:
with:
cancel_others: 'true'
# Only run this when not creating a tag
- if: ${{ startsWith(github.ref, 'refs/heads/') }}
+ if: ${{ github.ref_type == 'branch' }}
docker-build:
runs-on: ubuntu-22.04
timeout-minutes: 120
needs: skip_check
- # Start a local docker registry to be used to generate multi-arch images.
- services:
- registry:
- image: registry:2
- ports:
- - 5000:5000
+ if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
+ # TODO: Start a local docker registry to be used to extract the final Alpine static build images
+ # services:
+ # registry:
+ # image: registry:2
+ # ports:
+ # - 5000:5000
env:
- # Use BuildKit (https://docs.docker.com/build/buildkit/) for better
- # build performance and the ability to copy extended file attributes
- # (e.g., for executable capabilities) across build phases.
- DOCKER_BUILDKIT: 1
SOURCE_COMMIT: ${{ github.sha }}
SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}"
# The *_REPO variables need to be configured as repository variables
@@ -65,7 +62,6 @@ jobs:
# QUAY_REPO needs to be 'quay.io/<user>/<repo>'
# Check for Quay.io credentials in secrets
HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }}
- if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }}
strategy:
matrix:
base_image: ["debian","alpine"]
@@ -77,18 +73,43 @@ jobs:
with:
fetch-depth: 0
- # Determine Docker Tag
- - name: Init Variables
- id: vars
+ - name: Initialize QEMU binfmt support
+ uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+ with:
+ platforms: "arm64,arm"
+
+ # Start Docker Buildx
+ - name: Setup Docker Buildx
+ uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+ # https://github.com/moby/buildkit/issues/3969
+ # Also set max parallelism to 2, the default of 4 breaks GitHub Actions
+ with:
+ config-inline: |
+ [worker.oci]
+ max-parallelism = 2
+ driver-opts: |
+ network=host
+
+ # Determine Base Tags and Source Version
+ - name: Determine Base Tags and Source Version
shell: bash
run: |
- # Check which main tag we are going to build determined by github.ref
- if [[ "${{ github.ref }}" == refs/tags/* ]]; then
- echo "DOCKER_TAG=${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_OUTPUT}"
- elif [[ "${{ github.ref }}" == refs/heads/* ]]; then
- echo "DOCKER_TAG=testing" | tee -a "${GITHUB_OUTPUT}"
+ # Check which main tag we are going to build determined by github.ref_type
+ if [[ "${{ github.ref_type }}" == "tag" ]]; then
+ echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}"
+ elif [[ "${{ github.ref_type }}" == "branch" ]]; then
+ echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}"
+ fi
+
+ # Get the Source Version for this release
+ GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)"
+ if [[ -n "${GIT_EXACT_TAG}" ]]; then
+ echo "SOURCE_VERSION=${GIT_EXACT_TAG}" | tee -a "${GITHUB_ENV}"
+ else
+ GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
+ echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}"
fi
- # End Determine Docker Tag
+ # End Determine Base Tags
# Login to Docker Hub
- name: Login to Docker Hub
@@ -98,6 +119,12 @@ jobs:
password: ${{ secrets.DOCKERHUB_TOKEN }}
if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+ - name: Add registry for DockerHub
+ if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }}
+ shell: bash
+ run: |
+ echo "CONTAINER_REGISTRIES=${{ vars.DOCKERHUB_REPO }}" | tee -a "${GITHUB_ENV}"
+
# Login to GitHub Container Registry
- name: Login to GitHub Container Registry
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
@@ -107,6 +134,12 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}
if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
+ - name: Add registry for ghcr.io
+ if: ${{ env.HAVE_GHCR_LOGIN == 'true' }}
+ shell: bash
+ run: |
+ echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}"
+
# Login to Quay.io
- name: Login to Quay.io
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
@@ -116,120 +149,22 @@ jobs:
password: ${{ secrets.QUAY_TOKEN }}
if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
- # Debian
-
- # Docker Hub
- - name: Build Debian based images (docker.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
- run: |
- ./hooks/build
- if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
- - name: Push Debian based images (docker.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
- run: |
- ./hooks/push
- if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
- # GitHub Container Registry
- - name: Build Debian based images (ghcr.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.GHCR_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
- run: |
- ./hooks/build
- if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
-
- - name: Push Debian based images (ghcr.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.GHCR_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
- run: |
- ./hooks/push
- if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }}
-
- # Quay.io
- - name: Build Debian based images (quay.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.QUAY_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
- run: |
- ./hooks/build
- if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
-
- - name: Push Debian based images (quay.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.QUAY_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}"
- run: |
- ./hooks/push
- if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }}
-
- # Alpine
-
- # Docker Hub
- - name: Build Alpine based images (docker.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
- run: |
- ./hooks/build
- if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
- - name: Push Alpine based images (docker.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
- run: |
- ./hooks/push
- if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }}
-
- # GitHub Container Registry
- - name: Build Alpine based images (ghcr.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.GHCR_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
- run: |
- ./hooks/build
- if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
-
- - name: Push Alpine based images (ghcr.io)
- shell: bash
- env:
- DOCKER_REPO: "${{ vars.GHCR_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
- run: |
- ./hooks/push
- if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }}
-
- # Quay.io
- - name: Build Alpine based images (quay.io)
+ - name: Add registry for Quay.io
+ if: ${{ env.HAVE_QUAY_LOGIN == 'true' }}
shell: bash
- env:
- DOCKER_REPO: "${{ vars.QUAY_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
run: |
- ./hooks/build
- if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
+ echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.QUAY_REPO }}" | tee -a "${GITHUB_ENV}"
- - name: Push Alpine based images (quay.io)
- shell: bash
+ - name: Bake ${{ matrix.base_image }} containers
+ uses: docker/bake-action@511fde2517761e303af548ec9e0ea74a8a100112 # v4.0.0
env:
- DOCKER_REPO: "${{ vars.QUAY_REPO }}"
- DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine"
- run: |
- ./hooks/push
- if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }}
+ BASE_TAGS: "${{ env.BASE_TAGS }}"
+ SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}"
+ SOURCE_VERSION: "${{ env.SOURCE_VERSION }}"
+ SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}"
+ CONTAINER_REGISTRIES: "${{ env.CONTAINER_REGISTRIES }}"
+ with:
+ pull: true
+ push: true
+ files: docker/docker-bake.hcl
+ targets: "${{ matrix.base_image }}-multi"
diff --git a/.hadolint.yaml b/.hadolint.yaml
@@ -1,10 +1,12 @@
ignored:
+ # To prevent issues and make clear some images only work on linux/amd64, we ignore this
+ - DL3029
# disable explicit version for apt install
- DL3008
# disable explicit version for apk install
- DL3018
- # disable check for consecutive `RUN` instructions
- - DL3059
+ # Ignore shellcheck info message
+ - SC1091
trustedRegistries:
- docker.io
- ghcr.io
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,7 +1,7 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.4.0
+ rev: v4.5.0
hooks:
- id: check-yaml
- id: check-json
diff --git a/Cargo.lock b/Cargo.lock
@@ -18,10 +18,32 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
[[package]]
+name = "ahash"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47"
+dependencies = [
+ "getrandom",
+ "once_cell",
+ "version_check",
+]
+
+[[package]]
+name = "ahash"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f"
+dependencies = [
+ "cfg-if",
+ "once_cell",
+ "version_check",
+]
+
+[[package]]
name = "aho-corasick"
-version = "1.0.5"
+version = "1.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c378d78423fdad8089616f827526ee33c19f2fddbd5de1629152c9593ba4783"
+checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0"
dependencies = [
"memchr",
]
@@ -42,6 +64,12 @@ dependencies = [
]
[[package]]
+name = "allocator-api2"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5"
+
+[[package]]
name = "android-tzdata"
version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -58,9 +86,9 @@ dependencies = [
[[package]]
name = "argon2"
-version = "0.5.1"
+version = "0.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2e554a8638bdc1e4eae9984845306cc95f8a9208ba8d49c3859fd958b46774d"
+checksum = "17ba4cac0a46bc1d2912652a751c47f2a9f3a7fe89bcae2275d418f5270402f9"
dependencies = [
"base64ct",
"blake2",
@@ -75,15 +103,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35"
dependencies = [
"concurrent-queue",
- "event-listener",
+ "event-listener 2.5.3",
"futures-core",
]
[[package]]
name = "async-compression"
-version = "0.4.2"
+version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d495b6dc0184693324491a5ac05f559acc97bf937ab31d7a1c33dd0016be6d2b"
+checksum = "f658e2baef915ba0f26f1f7c42bfb8e12f532a01f449a090ded75ae7a07e9ba2"
dependencies = [
"brotli",
"flate2",
@@ -95,14 +123,14 @@ dependencies = [
[[package]]
name = "async-executor"
-version = "1.5.1"
+version = "1.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fa3dc5f2a8564f07759c008b9109dc0d39de92a88d5588b8a5036d286383afb"
+checksum = "4b0c4a4f319e45986f347ee47fef8bf5e81c9abc3f6f58dc2391439f30df65f0"
dependencies = [
"async-lock",
"async-task",
"concurrent-queue",
- "fastrand 1.9.0",
+ "fastrand 2.0.1",
"futures-lite",
"slab",
]
@@ -136,9 +164,9 @@ dependencies = [
"log",
"parking",
"polling",
- "rustix 0.37.23",
+ "rustix 0.37.26",
"slab",
- "socket2 0.4.9",
+ "socket2 0.4.10",
"waker-fn",
]
@@ -148,24 +176,41 @@ version = "2.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "287272293e9d8c41773cec55e365490fe034813a2f172f502d6ddcf75b2f582b"
dependencies = [
- "event-listener",
+ "event-listener 2.5.3",
]
[[package]]
name = "async-process"
-version = "1.7.0"
+version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a9d28b1d97e08915212e2e45310d47854eafa69600756fc735fb788f75199c9"
+checksum = "ea6438ba0a08d81529c69b36700fa2f95837bfe3e776ab39cde9c14d9149da88"
dependencies = [
"async-io",
"async-lock",
- "autocfg",
+ "async-signal",
"blocking",
"cfg-if",
- "event-listener",
+ "event-listener 3.0.0",
"futures-lite",
- "rustix 0.37.23",
- "signal-hook",
+ "rustix 0.38.20",
+ "windows-sys",
+]
+
+[[package]]
+name = "async-signal"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2a5415b7abcdc9cd7d63d6badba5288b2ca017e3fbd4173b8f405449f1a2399"
+dependencies = [
+ "async-io",
+ "async-lock",
+ "atomic-waker",
+ "cfg-if",
+ "futures-core",
+ "futures-io",
+ "rustix 0.38.20",
+ "signal-hook-registry",
+ "slab",
"windows-sys",
]
@@ -215,24 +260,24 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
name = "async-task"
-version = "4.4.0"
+version = "4.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ecc7ab41815b3c653ccd2978ec3255c81349336702dfdf62ee6f7069b12a3aae"
+checksum = "b4eb2cdb97421e01129ccb49169d8279ed21e829929144f4a22a6e54ac549ca1"
[[package]]
name = "async-trait"
-version = "0.1.73"
+version = "0.1.74"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0"
+checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
@@ -242,10 +287,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c59bdb34bc650a32731b31bd8f0829cc15d24a708ee31559e0bb34f2bc320cba"
[[package]]
+name = "atomic"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8d818003e740b63afc82337e3160717f4f63078720a810b7b903e70a5d1d2994"
+dependencies = [
+ "bytemuck",
+]
+
+[[package]]
name = "atomic-waker"
-version = "1.1.1"
+version = "1.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1181e1e0d1fce796a03db1ae795d67167da795f9cf4a39c37589e85ef57f26d3"
+checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
[[package]]
name = "autocfg"
@@ -276,9 +330,9 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8"
[[package]]
name = "base64"
-version = "0.21.3"
+version = "0.21.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "414dcefbc63d77c526a76b3afcf6fbb9b5e2791c19c3aa2297733208750c6e53"
+checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2"
[[package]]
name = "base64ct"
@@ -300,9 +354,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
[[package]]
name = "bitflags"
-version = "2.4.0"
+version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635"
+checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07"
[[package]]
name = "blake2"
@@ -324,24 +378,25 @@ dependencies = [
[[package]]
name = "blocking"
-version = "1.3.1"
+version = "1.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77231a1c8f801696fc0123ec6150ce92cffb8e164a02afb9c8ddee0e9b65ad65"
+checksum = "8c36a4d0d48574b3dd360b4b7d95cc651d2b6557b6402848a27d4b228a473e2a"
dependencies = [
"async-channel",
"async-lock",
"async-task",
- "atomic-waker",
- "fastrand 1.9.0",
+ "fastrand 2.0.1",
+ "futures-io",
"futures-lite",
- "log",
+ "piper",
+ "tracing",
]
[[package]]
name = "brotli"
-version = "3.3.4"
+version = "3.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1a0b1dbcc8ae29329621f8d4f0d835787c1c38bb1401979b49d13b0b305ff68"
+checksum = "516074a47ef4bce09577a3b379392300159ce5b1ba2e501ff1c819950066100f"
dependencies = [
"alloc-no-stdlib",
"alloc-stdlib",
@@ -350,9 +405,9 @@ dependencies = [
[[package]]
name = "brotli-decompressor"
-version = "2.3.4"
+version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4b6561fd3f895a11e8f72af2cb7d22e08366bebc2b6b57f7744c4bda27034744"
+checksum = "da74e2b81409b1b743f8f0c62cc6254afefb8b8e50bbfe3735550f7aeefa3448"
dependencies = [
"alloc-no-stdlib",
"alloc-stdlib",
@@ -360,33 +415,40 @@ dependencies = [
[[package]]
name = "bumpalo"
-version = "3.13.0"
+version = "3.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec"
+
+[[package]]
+name = "bytemuck"
+version = "1.14.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1"
+checksum = "374d28ec25809ee0e23827c2ab573d729e293f281dfe393500e7ad618baa61c6"
[[package]]
name = "byteorder"
-version = "1.4.3"
+version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
+checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
[[package]]
name = "bytes"
-version = "1.4.0"
+version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be"
+checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223"
[[package]]
name = "cached"
-version = "0.44.0"
+version = "0.46.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b195e4fbc4b6862bbd065b991a34750399c119797efff72492f28a5864de8700"
+checksum = "8cead8ece0da6b744b2ad8ef9c58a4cdc7ef2921e60a6ddfb9eaaa86839b5fc5"
dependencies = [
+ "ahash 0.8.3",
"async-trait",
"cached_proc_macro",
"cached_proc_macro_types",
"futures",
- "hashbrown 0.13.2",
+ "hashbrown 0.14.2",
"instant",
"once_cell",
"thiserror",
@@ -395,11 +457,10 @@ dependencies = [
[[package]]
name = "cached_proc_macro"
-version = "0.17.0"
+version = "0.18.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b48814962d2fd604c50d2b9433c2a41a0ab567779ee2c02f7fba6eca1221f082"
+checksum = "7da8245dd5f576a41c3b76247b54c15b0e43139ceeb4f732033e15be7c005176"
dependencies = [
- "cached_proc_macro_types",
"darling",
"proc-macro2",
"quote",
@@ -429,9 +490,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "chrono"
-version = "0.4.28"
+version = "0.4.31"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "95ed24df0632f708f5f6d8082675bef2596f7084dee3dd55f632290bf35bfe0f"
+checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38"
dependencies = [
"android-tzdata",
"iana-time-zone",
@@ -463,10 +524,20 @@ dependencies = [
]
[[package]]
+name = "chumsky"
+version = "0.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23170228b96236b5a7299057ac284a321457700bc8c41a4476052f0f4ba5349d"
+dependencies = [
+ "hashbrown 0.12.3",
+ "stacker",
+]
+
+[[package]]
name = "concurrent-queue"
-version = "2.2.0"
+version = "2.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62ec6771ecfa0762d24683ee5a32ad78487a3d3afdc0fb8cae19d2c5deb50b7c"
+checksum = "f057a694a54f12365049b0958a1685bb52d567f5593b355fbf685838e873d400"
dependencies = [
"crossbeam-utils",
]
@@ -545,9 +616,9 @@ checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa"
[[package]]
name = "cpufeatures"
-version = "0.2.9"
+version = "0.2.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1"
+checksum = "3fbc60abd742b35f2492f808e1abbb83d45f72db402e14c55057edc9c7b1e9e4"
dependencies = [
"libc",
]
@@ -633,7 +704,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856"
dependencies = [
"cfg-if",
- "hashbrown 0.14.0",
+ "hashbrown 0.14.2",
"lock_api",
"once_cell",
"parking_lot_core",
@@ -653,9 +724,12 @@ checksum = "41b319d1b62ffbd002e057f36bebd1f42b9f97927c9577461d855f3513c4289f"
[[package]]
name = "deranged"
-version = "0.3.8"
+version = "0.3.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946"
+checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3"
+dependencies = [
+ "powerfmt",
+]
[[package]]
name = "devise"
@@ -683,20 +757,20 @@ version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "35b50dba0afdca80b187392b24f2499a88c336d5a8493e4b4ccfb608708be56a"
dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
"proc-macro2",
"proc-macro2-diagnostics",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
name = "diesel"
-version = "2.1.1"
+version = "2.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d98235fdc2f355d330a8244184ab6b4b33c28679c0b4158f63138e51d6cf7e88"
+checksum = "2268a214a6f118fce1838edba3d1561cf0e78d8de785475957a580a7f8c69d33"
dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
"byteorder",
"chrono",
"diesel_derives",
@@ -712,14 +786,14 @@ dependencies = [
[[package]]
name = "diesel_derives"
-version = "2.1.1"
+version = "2.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e054665eaf6d97d1e7125512bb2d35d07c73ac86cc6920174cb42d1ab697a554"
+checksum = "ef8337737574f55a468005a83499da720f20c65586241ffea339db9ecdfd2b44"
dependencies = [
"diesel_table_macro_syntax",
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
@@ -749,7 +823,7 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fc5557efc453706fed5e4fa85006fe9817c224c3f480a34c7e5959fd700921c5"
dependencies = [
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
@@ -781,7 +855,7 @@ version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dbfb21b9878cf7a348dcb8559109aabc0ec40d69924bd706fa5149846c4fef75"
dependencies = [
- "base64 0.21.3",
+ "base64 0.21.4",
"memchr",
]
@@ -805,14 +879,14 @@ dependencies = [
[[package]]
name = "enum-as-inner"
-version = "0.5.1"
+version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116"
+checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a"
dependencies = [
"heck",
"proc-macro2",
"quote",
- "syn 1.0.109",
+ "syn 2.0.38",
]
[[package]]
@@ -823,26 +897,15 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"
[[package]]
name = "errno"
-version = "0.3.3"
+version = "0.3.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd"
+checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860"
dependencies = [
- "errno-dragonfly",
"libc",
"windows-sys",
]
[[package]]
-name = "errno-dragonfly"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
-dependencies = [
- "cc",
- "libc",
-]
-
-[[package]]
name = "error-chain"
version = "0.12.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -858,6 +921,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0"
[[package]]
+name = "event-listener"
+version = "3.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "29e56284f00d94c1bc7fd3c77027b4623c88c1f53d8d2394c6199f2921dea325"
+dependencies = [
+ "concurrent-queue",
+ "parking",
+ "pin-project-lite",
+]
+
+[[package]]
name = "fastrand"
version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -868,9 +942,9 @@ dependencies = [
[[package]]
name = "fastrand"
-version = "2.0.0"
+version = "2.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764"
+checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5"
[[package]]
name = "fern"
@@ -886,23 +960,23 @@ dependencies = [
[[package]]
name = "figment"
-version = "0.10.10"
+version = "0.10.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4547e226f4c9ab860571e070a9034192b3175580ecea38da34fcdb53a018c9a5"
+checksum = "a014ac935975a70ad13a3bff2463b1c1b083b35ae4cb6309cfc59476aa7a181f"
dependencies = [
- "atomic",
+ "atomic 0.6.0",
"pear",
"serde",
- "toml",
+ "toml 0.8.2",
"uncased",
"version_check",
]
[[package]]
name = "flate2"
-version = "1.0.27"
+version = "1.0.28"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010"
+checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
dependencies = [
"crc32fast",
"miniz_oxide",
@@ -1009,7 +1083,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
@@ -1151,9 +1225,9 @@ checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7"
[[package]]
name = "handlebars"
-version = "4.3.7"
+version = "4.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83c3372087601b532857d332f5957cbae686da52bb7810bf038c3e3c3cc2fa0d"
+checksum = "c39b3bc2a8f715298032cf5087e58573809374b08160aa7d750582bdb82d2683"
dependencies = [
"log",
"pest",
@@ -1169,18 +1243,19 @@ name = "hashbrown"
version = "0.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+dependencies = [
+ "ahash 0.7.6",
+]
[[package]]
name = "hashbrown"
-version = "0.13.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e"
-
-[[package]]
-name = "hashbrown"
-version = "0.14.0"
+version = "0.14.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2c6201b9ff9fd90a5a3bac2e56a830d0caa509576f0e503818ee82c181b3437a"
+checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156"
+dependencies = [
+ "ahash 0.8.3",
+ "allocator-api2",
+]
[[package]]
name = "heck"
@@ -1190,9 +1265,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8"
[[package]]
name = "hermit-abi"
-version = "0.3.2"
+version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b"
+checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7"
[[package]]
name = "hmac"
@@ -1204,6 +1279,15 @@ dependencies = [
]
[[package]]
+name = "home"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb"
+dependencies = [
+ "windows-sys",
+]
+
+[[package]]
name = "hostname"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1274,7 +1358,7 @@ dependencies = [
"httpdate",
"itoa",
"pin-project-lite",
- "socket2 0.4.9",
+ "socket2 0.4.10",
"tokio",
"tower-service",
"tracing",
@@ -1296,16 +1380,16 @@ dependencies = [
[[package]]
name = "iana-time-zone"
-version = "0.1.57"
+version = "0.1.58"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2fad5b825842d2b38bd206f3e81d6957625fd7f0a361e345c30e01a0ae2dd613"
+checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20"
dependencies = [
"android_system_properties",
"core-foundation-sys",
"iana-time-zone-haiku",
"js-sys",
"wasm-bindgen",
- "windows",
+ "windows-core",
]
[[package]]
@@ -1367,12 +1451,12 @@ dependencies = [
[[package]]
name = "indexmap"
-version = "2.0.0"
+version = "2.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d"
+checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897"
dependencies = [
"equivalent",
- "hashbrown 0.14.0",
+ "hashbrown 0.14.2",
]
[[package]]
@@ -1407,7 +1491,7 @@ version = "0.3.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f"
dependencies = [
- "socket2 0.5.3",
+ "socket2 0.5.5",
"widestring",
"windows-sys",
"winreg",
@@ -1426,7 +1510,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b"
dependencies = [
"hermit-abi",
- "rustix 0.38.11",
+ "rustix 0.38.20",
"windows-sys",
]
@@ -1464,13 +1548,13 @@ dependencies = [
[[package]]
name = "jsonwebtoken"
-version = "8.3.0"
+version = "9.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378"
+checksum = "1e863f95209c79b9b8b001c4b03463385f890a765dbc4e0802cb8d4177e3e410"
dependencies = [
- "base64 0.21.3",
+ "base64 0.21.4",
"pem",
- "ring",
+ "ring 0.17.5",
"serde",
"serde_json",
"simple_asn1",
@@ -1493,44 +1577,46 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "lettre"
-version = "0.10.4"
+version = "0.11.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d"
+checksum = "d47084ad58f99c26816d174702f60e873f861fcef3f9bd6075b4ad2dd72d07d5"
dependencies = [
"async-std",
"async-trait",
- "base64 0.21.3",
+ "base64 0.21.4",
+ "chumsky",
"email-encoding",
"email_address",
- "fastrand 1.9.0",
+ "fastrand 2.0.1",
"futures-io",
"futures-util",
"hostname",
"httpdate",
- "idna 0.3.0",
+ "idna 0.4.0",
"mime",
"native-tls",
"nom",
"once_cell",
"quoted_printable",
"serde",
- "socket2 0.4.9",
+ "socket2 0.5.5",
"tokio",
"tokio-native-tls",
"tracing",
+ "url",
]
[[package]]
name = "libc"
-version = "0.2.147"
+version = "0.2.149"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3"
+checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b"
[[package]]
name = "libmimalloc-sys"
-version = "0.1.34"
+version = "0.1.35"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25d058a81af0d1c22d7a1c948576bee6d673f7af3c0f35564abd6c81122f513d"
+checksum = "3979b5c37ece694f1f5e51e7ecc871fdb0f517ed04ee45f88d15d6d553cb9664"
dependencies = [
"cc",
"libc",
@@ -1561,15 +1647,15 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519"
[[package]]
name = "linux-raw-sys"
-version = "0.4.5"
+version = "0.4.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503"
+checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f"
[[package]]
name = "lock_api"
-version = "0.4.10"
+version = "0.4.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16"
+checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45"
dependencies = [
"autocfg",
"scopeguard",
@@ -1640,9 +1726,9 @@ checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5"
[[package]]
name = "memchr"
-version = "2.6.2"
+version = "2.6.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5486aed0026218e61b8a01d5fbd5a0a134649abb71a0e53b7bc088529dced86e"
+checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167"
[[package]]
name = "migrations_internals"
@@ -1651,7 +1737,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0f23f71580015254b020e856feac3df5878c2c7a8812297edd6c0a485ac9dada"
dependencies = [
"serde",
- "toml",
+ "toml 0.7.8",
]
[[package]]
@@ -1667,9 +1753,9 @@ dependencies = [
[[package]]
name = "mimalloc"
-version = "0.1.38"
+version = "0.1.39"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "972e5f23f6716f62665760b0f4cbf592576a80c7b879ba9beaafc0e558894127"
+checksum = "fa01922b5ea280a911e323e4d2fd24b7fe5cc4042e0d2cda3c40775cdc4bdc9c"
dependencies = [
"libmimalloc-sys",
]
@@ -1799,13 +1885,13 @@ dependencies = [
[[package]]
name = "num-derive"
-version = "0.4.0"
+version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9e6a0fd4f737c707bd9086cc16c925f294943eb62eb71499e9fd4cf71f8b9f4e"
+checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
@@ -1820,9 +1906,9 @@ dependencies = [
[[package]]
name = "num-traits"
-version = "0.2.16"
+version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2"
+checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c"
dependencies = [
"autocfg",
]
@@ -1848,9 +1934,9 @@ dependencies = [
[[package]]
name = "object"
-version = "0.32.0"
+version = "0.32.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "77ac5bbd07aea88c60a577a1ce218075ffd59208b2d7ca97adf9bfc5aeb21ebe"
+checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0"
dependencies = [
"memchr",
]
@@ -1867,7 +1953,7 @@ version = "0.10.57"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c"
dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
"cfg-if",
"foreign-types",
"libc",
@@ -1884,7 +1970,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
@@ -1895,9 +1981,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
[[package]]
name = "openssl-src"
-version = "111.27.0+1.1.1v"
+version = "111.28.0+1.1.1w"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "06e8f197c82d7511c5b014030c9b1efeda40d7d5f99d23b4ceed3524a5e63f02"
+checksum = "3ce95ee1f6f999dfb95b8afd43ebe442758ea2104d1ccb99a94c30db22ae701f"
dependencies = [
"cc",
]
@@ -1923,9 +2009,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
[[package]]
name = "parking"
-version = "2.1.0"
+version = "2.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "14f2252c834a40ed9bb5422029649578e63aa341ac401f74e719dd1afda8394e"
+checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae"
[[package]]
name = "parking_lot"
@@ -1939,13 +2025,13 @@ dependencies = [
[[package]]
name = "parking_lot_core"
-version = "0.9.8"
+version = "0.9.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447"
+checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e"
dependencies = [
"cfg-if",
"libc",
- "redox_syscall",
+ "redox_syscall 0.4.1",
"smallvec",
"windows-targets",
]
@@ -1996,16 +2082,17 @@ dependencies = [
"proc-macro2",
"proc-macro2-diagnostics",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
name = "pem"
-version = "1.1.1"
+version = "3.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8"
+checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923"
dependencies = [
- "base64 0.13.1",
+ "base64 0.21.4",
+ "serde",
]
[[package]]
@@ -2016,9 +2103,9 @@ checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94"
[[package]]
name = "pest"
-version = "2.7.3"
+version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7a4d085fd991ac8d5b05a147b437791b4260b76326baf0fc60cf7c9c27ecd33"
+checksum = "c022f1e7b65d6a24c0dbbd5fb344c66881bc01f3e5ae74a1c8100f2f985d98a4"
dependencies = [
"memchr",
"thiserror",
@@ -2027,9 +2114,9 @@ dependencies = [
[[package]]
name = "pest_derive"
-version = "2.7.3"
+version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a2bee7be22ce7918f641a33f08e3f43388c7656772244e2bbb2477f44cc9021a"
+checksum = "35513f630d46400a977c4cb58f78e1bfbe01434316e60c37d27b9ad6139c66d8"
dependencies = [
"pest",
"pest_generator",
@@ -2037,22 +2124,22 @@ dependencies = [
[[package]]
name = "pest_generator"
-version = "2.7.3"
+version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d1511785c5e98d79a05e8a6bc34b4ac2168a0e3e92161862030ad84daa223141"
+checksum = "bc9fc1b9e7057baba189b5c626e2d6f40681ae5b6eb064dc7c7834101ec8123a"
dependencies = [
"pest",
"pest_meta",
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
name = "pest_meta"
-version = "2.7.3"
+version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b42f0394d3123e33353ca5e1e89092e533d2cc490389f2bd6131c43c634ebc5f"
+checksum = "1df74e9e7ec4053ceb980e7c0c8bd3594e977fde1af91daba9c928e8e8c6708d"
dependencies = [
"once_cell",
"pest",
@@ -2116,6 +2203,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
[[package]]
+name = "piper"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4"
+dependencies = [
+ "atomic-waker",
+ "fastrand 2.0.1",
+ "futures-io",
+]
+
+[[package]]
name = "pkg-config"
version = "0.3.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2138,6 +2236,12 @@ dependencies = [
]
[[package]]
+name = "powerfmt"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
+
+[[package]]
name = "ppv-lite86"
version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2154,9 +2258,9 @@ dependencies = [
[[package]]
name = "proc-macro2"
-version = "1.0.66"
+version = "1.0.69"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9"
+checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da"
dependencies = [
"unicode-ident",
]
@@ -2169,7 +2273,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
"version_check",
"yansi 1.0.0-rc.1",
]
@@ -2181,6 +2285,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac"
[[package]]
+name = "psm"
+version = "0.1.21"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5787f7cda34e3033a72192c018bc5883100330f362ef279a8cbccfce8bb4e874"
+dependencies = [
+ "cc",
+]
+
+[[package]]
name = "publicsuffix"
version = "2.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2223,9 +2336,9 @@ dependencies = [
[[package]]
name = "quoted_printable"
-version = "0.4.8"
+version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5a3866219251662ec3b26fc217e3e05bf9c4f84325234dfb96bf0bf840889e49"
+checksum = "79ec282e887b434b68c18fe5c121d38e72a5cf35119b59e54ec5b992ea9c8eb0"
[[package]]
name = "r2d2"
@@ -2287,6 +2400,15 @@ dependencies = [
]
[[package]]
+name = "redox_syscall"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
+dependencies = [
+ "bitflags 1.3.2",
+]
+
+[[package]]
name = "ref-cast"
version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2303,19 +2425,19 @@ checksum = "7f7473c2cfcf90008193dd0e3e16599455cb601a9fce322b5bb55de799664925"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
name = "regex"
-version = "1.9.4"
+version = "1.10.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12de2eff854e5fa4b1295edd650e227e9d8fb0c9e90b12e7f36d6a6811791a29"
+checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343"
dependencies = [
"aho-corasick",
"memchr",
- "regex-automata 0.3.7",
- "regex-syntax 0.7.5",
+ "regex-automata 0.4.3",
+ "regex-syntax 0.8.2",
]
[[package]]
@@ -2329,13 +2451,13 @@ dependencies = [
[[package]]
name = "regex-automata"
-version = "0.3.7"
+version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "49530408a136e16e5b486e883fbb6ba058e8e4e8ae6621a77b048b314336e629"
+checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f"
dependencies = [
"aho-corasick",
"memchr",
- "regex-syntax 0.7.5",
+ "regex-syntax 0.8.2",
]
[[package]]
@@ -2346,9 +2468,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
[[package]]
name = "regex-syntax"
-version = "0.7.5"
+version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da"
+checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
[[package]]
name = "reopen"
@@ -2363,12 +2485,12 @@ dependencies = [
[[package]]
name = "reqwest"
-version = "0.11.20"
+version = "0.11.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3e9ad3fe7488d7e34558a2033d45a0c90b72d97b4f80705666fea71472e2e6a1"
+checksum = "046cd98826c46c2ac8ddecae268eb5c2e58628688a5fc7a2643704a73faba95b"
dependencies = [
"async-compression",
- "base64 0.21.3",
+ "base64 0.21.4",
"bytes",
"cookie 0.16.2",
"cookie_store 0.16.2",
@@ -2391,6 +2513,7 @@ dependencies = [
"serde",
"serde_json",
"serde_urlencoded",
+ "system-configuration",
"tokio",
"tokio-native-tls",
"tokio-socks",
@@ -2425,12 +2548,26 @@ dependencies = [
"libc",
"once_cell",
"spin 0.5.2",
- "untrusted",
+ "untrusted 0.7.1",
"web-sys",
"winapi",
]
[[package]]
+name = "ring"
+version = "0.17.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b"
+dependencies = [
+ "cc",
+ "getrandom",
+ "libc",
+ "spin 0.9.8",
+ "untrusted 0.9.0",
+ "windows-sys",
+]
+
+[[package]]
name = "rmp"
version = "0.8.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2458,7 +2595,7 @@ source = "git+https://github.com/SergioBenitez/Rocket?rev=ce441b5f46fdf5cd99cb32
dependencies = [
"async-stream",
"async-trait",
- "atomic",
+ "atomic 0.5.3",
"binascii",
"bytes",
"either",
@@ -2500,7 +2637,7 @@ dependencies = [
"proc-macro2",
"quote",
"rocket_http",
- "syn 2.0.29",
+ "syn 2.0.38",
"unicode-xid",
]
@@ -2571,9 +2708,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
[[package]]
name = "rustix"
-version = "0.37.23"
+version = "0.37.26"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4d69718bf81c6127a49dc64e44a742e8bb9213c0ff8869a22c308f84c1d4ab06"
+checksum = "84f3f8f960ed3b5a59055428714943298bf3fa2d4a1d53135084e0544829d995"
dependencies = [
"bitflags 1.3.2",
"errno",
@@ -2585,14 +2722,14 @@ dependencies = [
[[package]]
name = "rustix"
-version = "0.38.11"
+version = "0.38.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0c3dde1fc030af041adc40e79c0e7fbcf431dd24870053d187d7c66e4b87453"
+checksum = "67ce50cb2e16c2903e30d1cbccfd8387a74b9d4c938b6a4c5ec6cc7556f7a8a0"
dependencies = [
- "bitflags 2.4.0",
+ "bitflags 2.4.1",
"errno",
"libc",
- "linux-raw-sys 0.4.5",
+ "linux-raw-sys 0.4.10",
"windows-sys",
]
@@ -2603,7 +2740,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8"
dependencies = [
"log",
- "ring",
+ "ring 0.16.20",
"rustls-webpki",
"sct",
]
@@ -2614,17 +2751,17 @@ version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2"
dependencies = [
- "base64 0.21.3",
+ "base64 0.21.4",
]
[[package]]
name = "rustls-webpki"
-version = "0.101.4"
+version = "0.101.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d"
+checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe"
dependencies = [
- "ring",
- "untrusted",
+ "ring 0.16.20",
+ "untrusted 0.7.1",
]
[[package]]
@@ -2684,8 +2821,8 @@ version = "0.7.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
dependencies = [
- "ring",
- "untrusted",
+ "ring 0.16.20",
+ "untrusted 0.7.1",
]
[[package]]
@@ -2713,15 +2850,15 @@ dependencies = [
[[package]]
name = "semver"
-version = "1.0.18"
+version = "1.0.20"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918"
+checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090"
[[package]]
name = "serde"
-version = "1.0.188"
+version = "1.0.189"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e"
+checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537"
dependencies = [
"serde_derive",
]
@@ -2738,20 +2875,20 @@ dependencies = [
[[package]]
name = "serde_derive"
-version = "1.0.188"
+version = "1.0.189"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2"
+checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
name = "serde_json"
-version = "1.0.105"
+version = "1.0.107"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "693151e1ac27563d6dbcec9dee9fbd5da8539b20fa14ad3752b2e6d363ace360"
+checksum = "6b420ce6e3d8bd882e9b243c6eed35dbc9a6110c9769e74b584e0d68d1f20c65"
dependencies = [
"itoa",
"ryu",
@@ -2792,9 +2929,9 @@ dependencies = [
[[package]]
name = "sha1"
-version = "0.10.5"
+version = "0.10.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3"
+checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
dependencies = [
"cfg-if",
"cpufeatures",
@@ -2803,9 +2940,9 @@ dependencies = [
[[package]]
name = "sha2"
-version = "0.10.7"
+version = "0.10.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8"
+checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8"
dependencies = [
"cfg-if",
"cpufeatures",
@@ -2814,9 +2951,9 @@ dependencies = [
[[package]]
name = "sharded-slab"
-version = "0.1.4"
+version = "0.1.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31"
+checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6"
dependencies = [
"lazy_static",
]
@@ -2869,15 +3006,15 @@ dependencies = [
[[package]]
name = "smallvec"
-version = "1.11.0"
+version = "1.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9"
+checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a"
[[package]]
name = "socket2"
-version = "0.4.9"
+version = "0.4.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662"
+checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d"
dependencies = [
"libc",
"winapi",
@@ -2885,9 +3022,9 @@ dependencies = [
[[package]]
name = "socket2"
-version = "0.5.3"
+version = "0.5.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2538b18701741680e0322a2302176d3253a35388e2e62f172f64f4f16605f877"
+checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9"
dependencies = [
"libc",
"windows-sys",
@@ -2915,6 +3052,19 @@ dependencies = [
]
[[package]]
+name = "stacker"
+version = "0.1.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c886bd4480155fd3ef527d45e9ac8dd7118a898a46530b7b94c3e21866259fce"
+dependencies = [
+ "cc",
+ "cfg-if",
+ "libc",
+ "psm",
+ "winapi",
+]
+
+[[package]]
name = "state"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -2948,9 +3098,9 @@ dependencies = [
[[package]]
name = "syn"
-version = "2.0.29"
+version = "2.0.38"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c324c494eba9d92503e6f1ef2e6df781e78f6a7705a0202d9801b198807d518a"
+checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b"
dependencies = [
"proc-macro2",
"quote",
@@ -2971,36 +3121,57 @@ dependencies = [
]
[[package]]
+name = "system-configuration"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7"
+dependencies = [
+ "bitflags 1.3.2",
+ "core-foundation",
+ "system-configuration-sys",
+]
+
+[[package]]
+name = "system-configuration-sys"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
+[[package]]
name = "tempfile"
version = "3.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef"
dependencies = [
"cfg-if",
- "fastrand 2.0.0",
- "redox_syscall",
- "rustix 0.38.11",
+ "fastrand 2.0.1",
+ "redox_syscall 0.3.5",
+ "rustix 0.38.20",
"windows-sys",
]
[[package]]
name = "thiserror"
-version = "1.0.47"
+version = "1.0.50"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97a802ec30afc17eee47b2855fc72e0c4cd62be9b4efe6591edde0ec5bd68d8f"
+checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2"
dependencies = [
"thiserror-impl",
]
[[package]]
name = "thiserror-impl"
-version = "1.0.47"
+version = "1.0.50"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6bb623b56e39ab7dcd4b1b98bb6c8f8d907ed255b18de254088016b27a8ee19b"
+checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
@@ -3024,14 +3195,15 @@ dependencies = [
[[package]]
name = "time"
-version = "0.3.28"
+version = "0.3.30"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17f6bb557fd245c28e6411aa56b6403c689ad95061f50e4be16c274e70a17e48"
+checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5"
dependencies = [
"deranged",
"itoa",
"libc",
"num_threads",
+ "powerfmt",
"serde",
"time-core",
"time-macros",
@@ -3039,15 +3211,15 @@ dependencies = [
[[package]]
name = "time-core"
-version = "0.1.1"
+version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb"
+checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
[[package]]
name = "time-macros"
-version = "0.2.14"
+version = "0.2.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a942f44339478ef67935ab2bbaec2fb0322496cf3cbe84b261e06ac3814c572"
+checksum = "4ad70d68dba9e1f8aceda7aa6711965dfec1cac869f311a51bd08b3a2ccbce20"
dependencies = [
"time-core",
]
@@ -3069,9 +3241,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]]
name = "tokio"
-version = "1.32.0"
+version = "1.33.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17ed6077ed6cd6c74735e21f37eb16dc3935f96878b1fe961074089cc80893f9"
+checksum = "4f38200e3ef7995e5ef13baec2f432a6da0aa9ac495b2c0e8f3b7eec2c92d653"
dependencies = [
"backtrace",
"bytes",
@@ -3081,7 +3253,7 @@ dependencies = [
"parking_lot",
"pin-project-lite",
"signal-hook-registry",
- "socket2 0.5.3",
+ "socket2 0.5.5",
"tokio-macros",
"windows-sys",
]
@@ -3094,7 +3266,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
@@ -3154,9 +3326,9 @@ dependencies = [
[[package]]
name = "tokio-util"
-version = "0.7.8"
+version = "0.7.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "806fe8c2c87eccc8b3267cbae29ed3ab2d0bd37fca70ab622e46aaa9375ddb7d"
+checksum = "1d68074620f57a0b21594d9735eb2e98ab38b17f80d3fcb189fca266771ca60d"
dependencies = [
"bytes",
"futures-core",
@@ -3168,14 +3340,26 @@ dependencies = [
[[package]]
name = "toml"
-version = "0.7.6"
+version = "0.7.8"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542"
+checksum = "dd79e69d3b627db300ff956027cc6c3798cef26d22526befdfcd12feeb6d2257"
dependencies = [
"serde",
"serde_spanned",
"toml_datetime",
- "toml_edit",
+ "toml_edit 0.19.15",
+]
+
+[[package]]
+name = "toml"
+version = "0.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "185d8ab0dfbb35cf1399a6344d8484209c088f75f8f68230da55d48d95d43e3d"
+dependencies = [
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "toml_edit 0.20.2",
]
[[package]]
@@ -3189,11 +3373,24 @@ dependencies = [
[[package]]
name = "toml_edit"
-version = "0.19.14"
+version = "0.19.15"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8123f27e969974a3dfba720fdb560be359f57b44302d280ba72e76a74480e8a"
+checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421"
dependencies = [
- "indexmap 2.0.0",
+ "indexmap 2.0.2",
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "winnow",
+]
+
+[[package]]
+name = "toml_edit"
+version = "0.20.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "396e4d48bbb2b7554c944bde63101b5ae446cff6ec4a24227428f15eb72ef338"
+dependencies = [
+ "indexmap 2.0.2",
"serde",
"serde_spanned",
"toml_datetime",
@@ -3220,11 +3417,10 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
[[package]]
name = "tracing"
-version = "0.1.37"
+version = "0.1.40"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
+checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef"
dependencies = [
- "cfg-if",
"log",
"pin-project-lite",
"tracing-attributes",
@@ -3233,20 +3429,20 @@ dependencies = [
[[package]]
name = "tracing-attributes"
-version = "0.1.26"
+version = "0.1.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab"
+checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
]
[[package]]
name = "tracing-core"
-version = "0.1.31"
+version = "0.1.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a"
+checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54"
dependencies = [
"once_cell",
"valuable",
@@ -3283,9 +3479,9 @@ dependencies = [
[[package]]
name = "trust-dns-proto"
-version = "0.22.0"
+version = "0.23.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4f7f83d1e4a0e4358ac54c5c3681e5d7da5efc5a7a632c90bb6d6669ddd9bc26"
+checksum = "559ac980345f7f5020883dd3bcacf176355225e01916f8c2efecad7534f682c6"
dependencies = [
"async-trait",
"cfg-if",
@@ -3294,9 +3490,9 @@ dependencies = [
"futures-channel",
"futures-io",
"futures-util",
- "idna 0.2.3",
+ "idna 0.4.0",
"ipnet",
- "lazy_static",
+ "once_cell",
"rand",
"smallvec",
"thiserror",
@@ -3308,16 +3504,17 @@ dependencies = [
[[package]]
name = "trust-dns-resolver"
-version = "0.22.0"
+version = "0.23.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aff21aa4dcefb0a1afbfac26deb0adc93888c7d295fb63ab273ef276ba2b7cfe"
+checksum = "c723b0e608b24ad04c73b2607e0241b2c98fd79795a95e98b068b6966138a29d"
dependencies = [
"cfg-if",
"futures-util",
"ipconfig",
- "lazy_static",
"lru-cache",
+ "once_cell",
"parking_lot",
+ "rand",
"resolv-conf",
"smallvec",
"thiserror",
@@ -3353,15 +3550,15 @@ dependencies = [
[[package]]
name = "typenum"
-version = "1.16.0"
+version = "1.17.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
+checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
[[package]]
name = "ubyte"
-version = "0.10.3"
+version = "0.10.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c81f0dae7d286ad0d9366d7679a77934cfc3cf3a8d67e82669794412b2368fe6"
+checksum = "f720def6ce1ee2fc44d40ac9ed6d3a59c361c80a75a7aa8e75bb9baed31cf2ea"
dependencies = [
"serde",
]
@@ -3390,9 +3587,9 @@ checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460"
[[package]]
name = "unicode-ident"
-version = "1.0.11"
+version = "1.0.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c"
+checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
[[package]]
name = "unicode-normalization"
@@ -3416,6 +3613,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
[[package]]
+name = "untrusted"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
+
+[[package]]
name = "url"
version = "2.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3435,9 +3638,9 @@ checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"
[[package]]
name = "uuid"
-version = "1.4.1"
+version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d"
+checksum = "88ad59a7560b41a70d191093a945f0b87bc1deeda46fb237479708a1d6b6cdfc"
dependencies = [
"getrandom",
]
@@ -3450,9 +3653,9 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"
[[package]]
name = "value-bag"
-version = "1.4.1"
+version = "1.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d92ccd67fb88503048c01b59152a04effd0782d035a83a6d256ce6085f08f4a3"
+checksum = "4a72e1902dde2bd6441347de2b70b7f5d59bf157c6c62f0c44572607a1d55bbe"
[[package]]
name = "vaultwarden"
@@ -3488,13 +3691,14 @@ dependencies = [
"num-traits",
"once_cell",
"openssl",
+ "openssl-sys",
"paste",
"percent-encoding",
"pico-args",
"rand",
"regex",
"reqwest",
- "ring",
+ "ring 0.17.5",
"rmpv",
"rocket",
"rocket_ws",
@@ -3529,15 +3733,15 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
[[package]]
name = "waker-fn"
-version = "1.1.0"
+version = "1.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca"
+checksum = "f3c4517f54858c779bbcbf228f4fca63d121bf85fbecb2dc578cdf4a39395690"
[[package]]
name = "walkdir"
-version = "2.3.3"
+version = "2.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698"
+checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee"
dependencies = [
"same-file",
"winapi-util",
@@ -3579,7 +3783,7 @@ dependencies = [
"once_cell",
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
"wasm-bindgen-shared",
]
@@ -3613,7 +3817,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b"
dependencies = [
"proc-macro2",
"quote",
- "syn 2.0.29",
+ "syn 2.0.38",
"wasm-bindgen-backend",
"wasm-bindgen-shared",
]
@@ -3668,13 +3872,15 @@ dependencies = [
[[package]]
name = "which"
-version = "4.4.0"
+version = "5.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269"
+checksum = "9bf3ea8596f3a0dd5980b46430f2058dfe2c36a27ccfbb1845d6fbfcd9ba6e14"
dependencies = [
"either",
- "libc",
+ "home",
"once_cell",
+ "rustix 0.38.20",
+ "windows-sys",
]
[[package]]
@@ -3701,9 +3907,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
[[package]]
name = "winapi-util"
-version = "0.1.5"
+version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
+checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596"
dependencies = [
"winapi",
]
@@ -3724,6 +3930,15 @@ dependencies = [
]
[[package]]
+name = "windows-core"
+version = "0.51.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64"
+dependencies = [
+ "windows-targets",
+]
+
+[[package]]
name = "windows-sys"
version = "0.48.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -3791,9 +4006,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538"
[[package]]
name = "winnow"
-version = "0.5.15"
+version = "0.5.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c2e3184b9c4e92ad5167ca73039d0c42476302ab603e2fec4487511f38ccefc"
+checksum = "a3b801d0e0a6726477cc207f60162da452f3a95adb368399bef20a946e06f65c"
dependencies = [
"memchr",
]
diff --git a/Cargo.toml b/Cargo.toml
@@ -3,7 +3,7 @@ name = "vaultwarden"
version = "1.0.0"
authors = ["Daniel GarcÃa <dani-garcia@users.noreply.github.com>"]
edition = "2021"
-rust-version = "1.70.0"
+rust-version = "1.71.1"
resolver = "2"
repository = "https://github.com/dani-garcia/vaultwarden"
@@ -42,7 +42,7 @@ syslog = "6.1.0"
# Logging
log = "0.4.20"
fern = { version = "0.6.2", features = ["syslog-6", "reopen-1"] }
-tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
+tracing = { version = "0.1.40", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work
# A `dotenv` implementation for Rust
dotenvy = { version = "0.15.7", default-features = false }
@@ -51,8 +51,8 @@ dotenvy = { version = "0.15.7", default-features = false }
once_cell = "1.18.0"
# Numerical libraries
-num-traits = "0.2.16"
-num-derive = "0.4.0"
+num-traits = "0.2.17"
+num-derive = "0.4.1"
# Web framework
rocket = { version = "0.5.0-rc.3", features = ["tls", "json"], default-features = false }
@@ -68,14 +68,14 @@ dashmap = "5.5.3"
# Async futures
futures = "0.3.28"
-tokio = { version = "1.32.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
+tokio = { version = "1.33.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
# A generic serialization/deserialization framework
-serde = { version = "1.0.188", features = ["derive"] }
-serde_json = "1.0.105"
+serde = { version = "1.0.189", features = ["derive"] }
+serde_json = "1.0.107"
# A safe, extensible ORM and Query builder
-diesel = { version = "2.1.1", features = ["chrono", "r2d2"] }
+diesel = { version = "2.1.3", features = ["chrono", "r2d2"] }
diesel_migrations = "2.1.0"
diesel_logger = { version = "0.3.0", optional = true }
@@ -84,15 +84,15 @@ libsqlite3-sys = { version = "0.26.0", features = ["bundled"], optional = true }
# Crypto-related libraries
rand = { version = "0.8.5", features = ["small_rng"] }
-ring = "0.16.20"
+ring = "0.17.5"
# UUID generation
-uuid = { version = "1.4.1", features = ["v4"] }
+uuid = { version = "1.5.0", features = ["v4"] }
# Date and time libraries
-chrono = { version = "0.4.28", features = ["clock", "serde"], default-features = false }
+chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false }
chrono-tz = "0.8.3"
-time = "0.3.28"
+time = "0.3.30"
# Job scheduler
job_scheduler_ng = "2.0.4"
@@ -101,7 +101,7 @@ job_scheduler_ng = "2.0.4"
data-encoding = "2.4.0"
# JWT library
-jsonwebtoken = "8.3.0"
+jsonwebtoken = "9.0.0"
# TOTP library
totp-lite = "2.0.0"
@@ -116,24 +116,24 @@ webauthn-rs = "0.3.2"
url = "2.4.1"
# Email libraries
-lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
+lettre = { version = "0.11.0", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails
email_address = "0.2.4"
# HTML Template library
-handlebars = { version = "4.3.7", features = ["dir_source"] }
+handlebars = { version = "4.4.0", features = ["dir_source"] }
# HTTP client (Used for favicons, version check, DUO and HIBP API)
-reqwest = { version = "0.11.20", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] }
+reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] }
# Favicon extraction libraries
html5gum = "0.5.7"
-regex = { version = "1.9.4", features = ["std", "perf", "unicode-perl"], default-features = false }
+regex = { version = "1.10.2", features = ["std", "perf", "unicode-perl"], default-features = false }
data-url = "0.3.0"
-bytes = "1.4.0"
+bytes = "1.5.0"
# Cache function results (Used for version check and favicon fetching)
-cached = "0.44.0"
+cached = { version = "0.46.0", features = ["async"] }
# Used for custom short lived cookie jar during favicon extraction
cookie = "0.16.2"
@@ -141,6 +141,9 @@ cookie_store = "0.19.1"
# Used by U2F, JWT and PostgreSQL
openssl = "0.10.57"
+# Set openssl-sys fixed to v0.9.92 to prevent building issues with musl, arm and 32bit pointer width
+# It will force add a dynamically linked library which prevents the build from being static
+openssl-sys = "=0.9.92"
# CLI argument parsing
pico-args = "0.5.0"
@@ -150,34 +153,37 @@ paste = "1.0.14"
governor = "0.6.0"
# Check client versions for specific features.
-semver = "1.0.18"
+semver = "1.0.20"
# Allow overriding the default memory allocator
# Mainly used for the musl builds, since the default musl malloc is very slow
-mimalloc = { version = "0.1.38", features = ["secure"], default-features = false, optional = true }
-which = "4.4.0"
+mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true }
+which = "5.0.0"
# Argon2 library with support for the PHC format
-argon2 = "0.5.1"
+argon2 = "0.5.2"
# Reading a password from the cli for generating the Argon2id ADMIN_TOKEN
rpassword = "7.2.0"
+
[patch.crates-io]
rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch
# rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch
+
# Strip debuginfo from the release builds
# Also enable thin LTO for some optimizations
[profile.release]
strip = "debuginfo"
lto = "thin"
-# Always build argon2 using opt-level 3
-# This is a huge speed improvement during testing
-[profile.dev.package.argon2]
-opt-level = 3
# A little bit of a speedup
[profile.dev]
split-debuginfo = "unpacked"
+
+# Always build argon2 using opt-level 3
+# This is a huge speed improvement during testing
+[profile.dev.package.argon2]
+opt-level = 3
diff --git a/Dockerfile b/Dockerfile
@@ -1 +1 @@
-docker/amd64/Dockerfile
-\ No newline at end of file
+docker/Dockerfile.debian
+\ No newline at end of file
diff --git a/docker/DockerSettings.yaml b/docker/DockerSettings.yaml
@@ -0,0 +1,28 @@
+---
+vault_version: "v2023.9.1"
+vault_image_digest: "sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd"
+# Cross Compile Docker Helper Scripts v1.3.0
+# We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts
+xx_image_digest: "sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc"
+rust_version: 1.73.0 # Rust version to be used
+debian_version: bookworm # Debian release name to be used
+alpine_version: 3.18 # Alpine version to be used
+# For which platforms/architectures will we try to build images
+platforms: ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+# Determine the build images per OS/Arch
+build_stage_image:
+ debian:
+ image: "docker.io/library/rust:{{rust_version}}-slim-{{debian_version}}"
+ platform: "$BUILDPLATFORM"
+ alpine:
+ image: "build_${TARGETARCH}${TARGETVARIANT}"
+ platform: "linux/amd64" # The Alpine build images only have linux/amd64 images
+ arch_image:
+ amd64: "ghcr.io/blackdex/rust-musl:x86_64-musl-stable-{{rust_version}}"
+ arm64: "ghcr.io/blackdex/rust-musl:aarch64-musl-stable-{{rust_version}}"
+ armv7: "ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-{{rust_version}}"
+ armv6: "ghcr.io/blackdex/rust-musl:arm-musleabi-stable-{{rust_version}}"
+# The final image which will be used to distribute the container images
+runtime_stage_image:
+ debian: "docker.io/library/debian:{{debian_version}}-slim"
+ alpine: "docker.io/library/alpine:{{alpine_version}}"
diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine
@@ -0,0 +1,160 @@
+# syntax=docker/dockerfile:1
+
+# This file was generated using a Jinja2 template.
+# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make`
+# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine`
+
+# Using multistage build:
+# https://docs.docker.com/develop/develop-images/multistage-build/
+# https://whitfin.io/speeding-up-rust-docker-builds/
+
+####################### VAULT BUILD IMAGE #######################
+# The web-vault digest specifies a particular web-vault build on Docker Hub.
+# Using the digest instead of the tag name provides better security,
+# as the digest of an image is immutable, whereas a tag name can later
+# be changed to point to a malicious image.
+#
+# To verify the current digest for a given tag name:
+# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
+# click the tag name to view the digest of the image it currently points to.
+# - From the command line:
+# $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1
+# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1
+# [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd]
+#
+# - Conversely, to get the tag name from the digest:
+# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd
+# [docker.io/vaultwarden/web-vault:v2023.9.1]
+#
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault
+
+########################## ALPINE BUILD IMAGES ##########################
+## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
+## And for Alpine we define all build images here, they will only be loaded when actually used
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.73.0 as build_amd64
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.73.0 as build_arm64
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.73.0 as build_armv7
+FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.73.0 as build_armv6
+
+########################## BUILD IMAGE ##########################
+# hadolint ignore=DL3006
+FROM --platform=linux/amd64 build_${TARGETARCH}${TARGETVARIANT} as build
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG TARGETPLATFORM
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color \
+ CARGO_HOME="/root/.cargo" \
+ USER="root" \
+ # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
+ # Debian Bookworm already contains libpq v15
+ PQ_LIB_DIR="/usr/local/musl/pq15/lib"
+
+
+# Create CARGO_HOME folder and don't download rust docs
+RUN mkdir -pv "${CARGO_HOME}" \
+ && rustup set profile minimal
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
+WORKDIR /app
+
+# Shared variables across Debian and Alpine
+RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \
+ # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
+ if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi && \
+ # Output the current contents of the file
+ cat /env-cargo
+
+# Enable MiMalloc to improve performance on Alpine builds
+ARG DB=sqlite,mysql,postgresql,enable_mimalloc
+
+RUN source /env-cargo && \
+ rustup target add "${CARGO_TARGET}"
+
+ARG CARGO_PROFILE=release
+ARG VW_VERSION
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain.toml ./rust-toolchain.toml
+COPY ./build.rs ./build.rs
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN source /env-cargo && \
+ cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+ find . -not -path "./target*" -delete
+
+# Copies the complete project
+# To avoid copying unneeded files, use .dockerignore
+COPY . .
+
+# Builds again, this time it will be the actual source files being build
+RUN source /env-cargo && \
+ # Make sure that we actually build the project by updating the src/main.rs timestamp
+ touch src/main.rs && \
+ # Create a symlink to the binary target folder to easy copy the binary in the final stage
+ cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+ if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \
+ ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \
+ else \
+ ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \
+ fi
+
+
+######################## RUNTIME IMAGE ########################
+# Create a new stage with a minimal image
+# because we already have a binary built
+#
+# To build these images you need to have qemu binfmt support.
+# See the following pages to help install these tools locally
+# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
+# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
+#
+# Or use a Docker image which modifies your host system to support this.
+# The GitHub Actions Workflow uses the same image as used below.
+# See: https://github.com/tonistiigi/binfmt
+# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
+# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
+#
+# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
+FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.18
+
+ENV ROCKET_PROFILE="release" \
+ ROCKET_ADDRESS=0.0.0.0 \
+ ROCKET_PORT=80 \
+ SSL_CERT_DIR=/etc/ssl/certs
+
+# Create data folder and Install needed libraries
+RUN mkdir /data && \
+ apk --no-cache add \
+ ca-certificates \
+ curl \
+ openssl \
+ tzdata
+
+VOLUME /data
+EXPOSE 80
+EXPOSE 3012
+
+# Copies the files from the context (Rocket.toml file and web-vault)
+# and the binary from the "build" stage to the current stage
+WORKDIR /
+
+COPY docker/healthcheck.sh /healthcheck.sh
+COPY docker/start.sh /start.sh
+
+COPY --from=vault /web-vault ./web-vault
+COPY --from=build /app/target/final/vaultwarden .
+
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
+
+CMD ["/start.sh"]
diff --git a/docker/Dockerfile.buildx b/docker/Dockerfile.buildx
@@ -1,34 +0,0 @@
-# syntax=docker/dockerfile:1
-# The cross-built images have the build arch (`amd64`) embedded in the image
-# manifest, rather than the target arch. For example:
-#
-# $ docker inspect vaultwarden/server:latest-armv7 | jq -r '.[]|.Architecture'
-# amd64
-#
-# Recent versions of Docker have started printing a warning when the image's
-# claimed arch doesn't match the host arch. For example:
-#
-# WARNING: The requested image's platform (linux/amd64) does not match the
-# detected host platform (linux/arm/v7) and no specific platform was requested
-#
-# The image still works fine, but the spurious warning creates confusion.
-#
-# Docker doesn't seem to provide a way to directly set the arch of an image
-# at build time. To resolve the build vs. target arch discrepancy, we use
-# Docker Buildx to build a new set of images with the correct target arch.
-#
-# Docker Buildx uses this Dockerfile to build an image for each requested
-# platform. Since the Dockerfile basically consists of a single `FROM`
-# instruction, we're effectively telling Buildx to build a platform-specific
-# image by simply copying the existing cross-built image and setting the
-# correct target arch as a side effect.
-#
-# References:
-#
-# - https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images
-# - https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope
-# - https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact
-#
-ARG LOCAL_REPO
-ARG DOCKER_TAG
-FROM ${LOCAL_REPO}:${DOCKER_TAG}-${TARGETARCH}${TARGETVARIANT}
diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian
@@ -0,0 +1,194 @@
+# syntax=docker/dockerfile:1
+
+# This file was generated using a Jinja2 template.
+# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make`
+# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine`
+
+# Using multistage build:
+# https://docs.docker.com/develop/develop-images/multistage-build/
+# https://whitfin.io/speeding-up-rust-docker-builds/
+
+####################### VAULT BUILD IMAGE #######################
+# The web-vault digest specifies a particular web-vault build on Docker Hub.
+# Using the digest instead of the tag name provides better security,
+# as the digest of an image is immutable, whereas a tag name can later
+# be changed to point to a malicious image.
+#
+# To verify the current digest for a given tag name:
+# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
+# click the tag name to view the digest of the image it currently points to.
+# - From the command line:
+# $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1
+# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1
+# [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd]
+#
+# - Conversely, to get the tag name from the digest:
+# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd
+# [docker.io/vaultwarden/web-vault:v2023.9.1]
+#
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault
+
+########################## Cross Compile Docker Helper Scripts ##########################
+## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts
+## And these bash scripts do not have any significant difference if at all
+FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc AS xx
+
+########################## BUILD IMAGE ##########################
+# hadolint ignore=DL3006
+FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.73.0-slim-bookworm as build
+COPY --from=xx / /
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG TARGETPLATFORM
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+# Build time options to avoid dpkg warnings and help with reproducible builds.
+ENV DEBIAN_FRONTEND=noninteractive \
+ LANG=C.UTF-8 \
+ TZ=UTC \
+ TERM=xterm-256color \
+ CARGO_HOME="/root/.cargo" \
+ USER="root"
+
+# Install clang to get `xx-cargo` working
+# Install pkg-config to allow amd64 builds to find all libraries
+# Install git so build.rs can determine the correct version
+# Install the libc cross packages based upon the debian-arch
+RUN apt-get update && \
+ apt-get install -y \
+ --no-install-recommends \
+ clang \
+ pkg-config \
+ git \
+ "libc6-$(xx-info debian-arch)-cross" \
+ "libc6-dev-$(xx-info debian-arch)-cross" \
+ "linux-libc-dev-$(xx-info debian-arch)-cross" && \
+ # Run xx-cargo early, since it sometimes seems to break when run at a later stage
+ echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo
+
+RUN xx-apt-get install -y \
+ --no-install-recommends \
+ gcc \
+ libmariadb3 \
+ libpq-dev \
+ libpq5 \
+ libssl-dev && \
+ # Force install arch dependend mariadb dev packages
+ # Installing them the normal way breaks several other packages (again)
+ apt-get download "libmariadb-dev-compat:$(xx-info debian-arch)" "libmariadb-dev:$(xx-info debian-arch)" && \
+ dpkg --force-all -i ./libmariadb-dev*.deb
+
+# Create CARGO_HOME folder and don't download rust docs
+RUN mkdir -pv "${CARGO_HOME}" \
+ && rustup set profile minimal
+
+# Creates a dummy project used to grab dependencies
+RUN USER=root cargo new --bin /app
+WORKDIR /app
+
+# Environment variables for cargo across Debian and Alpine
+RUN source /env-cargo && \
+ if xx-info is-cross ; then \
+ # We can't use xx-cargo since that uses clang, which doesn't work for our libraries.
+ # Because of this we generate the needed environment variables here which we can load in the needed steps.
+ echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+ echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+ echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \
+ echo "export CROSS_COMPILE=1" >> /env-cargo && \
+ echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \
+ echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \
+ fi && \
+ # Output the current contents of the file
+ cat /env-cargo
+
+# Configure the DB ARG as late as possible to not invalidate the cached layers above
+ARG DB=sqlite,mysql,postgresql
+
+RUN source /env-cargo && \
+ rustup target add "${CARGO_TARGET}"
+
+ARG CARGO_PROFILE=release
+ARG VW_VERSION
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain.toml ./rust-toolchain.toml
+COPY ./build.rs ./build.rs
+
+# Builds your dependencies and removes the
+# dummy project, except the target folder
+# This folder contains the compiled dependencies
+RUN source /env-cargo && \
+ cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+ find . -not -path "./target*" -delete
+
+# Copies the complete project
+# To avoid copying unneeded files, use .dockerignore
+COPY . .
+
+# Builds again, this time it will be the actual source files being build
+RUN source /env-cargo && \
+ # Make sure that we actually build the project by updating the src/main.rs timestamp
+ touch src/main.rs && \
+ # Create a symlink to the binary target folder to easy copy the binary in the final stage
+ cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+ if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \
+ ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \
+ else \
+ ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \
+ fi
+
+
+######################## RUNTIME IMAGE ########################
+# Create a new stage with a minimal image
+# because we already have a binary built
+#
+# To build these images you need to have qemu binfmt support.
+# See the following pages to help install these tools locally
+# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
+# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
+#
+# Or use a Docker image which modifies your host system to support this.
+# The GitHub Actions Workflow uses the same image as used below.
+# See: https://github.com/tonistiigi/binfmt
+# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
+# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
+#
+# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
+FROM --platform=$TARGETPLATFORM docker.io/library/debian:bookworm-slim
+
+ENV ROCKET_PROFILE="release" \
+ ROCKET_ADDRESS=0.0.0.0 \
+ ROCKET_PORT=80 \
+ DEBIAN_FRONTEND=noninteractive
+
+# Create data folder and Install needed libraries
+RUN mkdir /data && \
+ apt-get update && apt-get install -y \
+ --no-install-recommends \
+ ca-certificates \
+ curl \
+ libmariadb-dev-compat \
+ libpq5 \
+ openssl && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/*
+
+VOLUME /data
+EXPOSE 80
+EXPOSE 3012
+
+# Copies the files from the context (Rocket.toml file and web-vault)
+# and the binary from the "build" stage to the current stage
+WORKDIR /
+
+COPY docker/healthcheck.sh /healthcheck.sh
+COPY docker/start.sh /start.sh
+
+COPY --from=vault /web-vault ./web-vault
+COPY --from=build /app/target/final/vaultwarden .
+
+HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
+
+CMD ["/start.sh"]
diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2
@@ -1,68 +1,14 @@
# syntax=docker/dockerfile:1
# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-{% set rust_version = "1.72.0" %}
-{% set debian_version = "bookworm" %}
-{% set alpine_version = "3.17" %}
-{% set build_stage_base_image = "docker.io/library/rust:%s-%s" % (rust_version, debian_version) %}
-{% if "alpine" in target_file %}
-{% if "amd64" in target_file %}
-{% set build_stage_base_image = "docker.io/blackdex/rust-musl:x86_64-musl-stable-%s-openssl3" % rust_version %}
-{% set runtime_stage_base_image = "docker.io/library/alpine:%s" % alpine_version %}
-{% set package_arch_target = "x86_64-unknown-linux-musl" %}
-{% elif "armv7" in target_file %}
-{% set build_stage_base_image = "docker.io/blackdex/rust-musl:armv7-musleabihf-stable-%s-openssl3" % rust_version %}
-{% set runtime_stage_base_image = "docker.io/balenalib/armv7hf-alpine:%s" % alpine_version %}
-{% set package_arch_target = "armv7-unknown-linux-musleabihf" %}
-{% elif "armv6" in target_file %}
-{% set build_stage_base_image = "docker.io/blackdex/rust-musl:arm-musleabi-stable-%s-openssl3" % rust_version %}
-{% set runtime_stage_base_image = "docker.io/balenalib/rpi-alpine:%s" % alpine_version %}
-{% set package_arch_target = "arm-unknown-linux-musleabi" %}
-{% elif "arm64" in target_file %}
-{% set build_stage_base_image = "docker.io/blackdex/rust-musl:aarch64-musl-stable-%s-openssl3" % rust_version %}
-{% set runtime_stage_base_image = "docker.io/balenalib/aarch64-alpine:%s" % alpine_version %}
-{% set package_arch_target = "aarch64-unknown-linux-musl" %}
-{% endif %}
-{% elif "amd64" in target_file %}
-{% set runtime_stage_base_image = "docker.io/library/debian:%s-slim" % debian_version %}
-{% elif "arm64" in target_file %}
-{% set runtime_stage_base_image = "docker.io/balenalib/aarch64-debian:%s" % debian_version %}
-{% set package_arch_name = "arm64" %}
-{% set package_arch_target = "aarch64-unknown-linux-gnu" %}
-{% set package_cross_compiler = "aarch64-linux-gnu" %}
-{% elif "armv6" in target_file %}
-{% set runtime_stage_base_image = "docker.io/balenalib/rpi-debian:%s" % debian_version %}
-{% set package_arch_name = "armel" %}
-{% set package_arch_target = "arm-unknown-linux-gnueabi" %}
-{% set package_cross_compiler = "arm-linux-gnueabi" %}
-{% elif "armv7" in target_file %}
-{% set runtime_stage_base_image = "docker.io/balenalib/armv7hf-debian:%s" % debian_version %}
-{% set package_arch_name = "armhf" %}
-{% set package_arch_target = "armv7-unknown-linux-gnueabihf" %}
-{% set package_cross_compiler = "arm-linux-gnueabihf" %}
-{% endif %}
-{% if package_arch_name is defined %}
-{% set package_arch_prefix = ":" + package_arch_name %}
-{% else %}
-{% set package_arch_prefix = "" %}
-{% endif %}
-{% if package_arch_target is defined %}
-{% set package_arch_target_param = " --target=" + package_arch_target %}
-{% else %}
-{% set package_arch_target_param = "" %}
-{% endif %}
-{% if "buildkit" in target_file %}
-{% set mount_rust_cache = "--mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry " %}
-{% else %}
-{% set mount_rust_cache = "" %}
-{% endif %}
+# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make`
+# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine`
+
# Using multistage build:
# https://docs.docker.com/develop/develop-images/multistage-build/
# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-{% set vault_version = "v2023.8.2" %}
-{% set vault_image_digest = "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" %}
+
+####################### VAULT BUILD IMAGE #######################
# The web-vault digest specifies a particular web-vault build on Docker Hub.
# Using the digest instead of the tag name provides better security,
# as the digest of an image is immutable, whereas a tag name can later
@@ -80,10 +26,33 @@
# $ docker image inspect --format "{{ '{{' }}.RepoTags}}" docker.io/vaultwarden/web-vault@{{ vault_image_digest }}
# [docker.io/vaultwarden/web-vault:{{ vault_version }}]
#
-FROM docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault
+FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault
+
+{% if base == "debian" %}
+########################## Cross Compile Docker Helper Scripts ##########################
+## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts
+## And these bash scripts do not have any significant difference if at all
+FROM --platform=linux/amd64 docker.io/tonistiigi/xx@{{ xx_image_digest }} AS xx
+{% elif base == "alpine" %}
+########################## ALPINE BUILD IMAGES ##########################
+## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
+## And for Alpine we define all build images here, they will only be loaded when actually used
+{% for arch in build_stage_image[base].arch_image %}
+FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].arch_image[arch] }} as build_{{ arch }}
+{% endfor %}
+{% endif %}
+
+########################## BUILD IMAGE ##########################
+# hadolint ignore=DL3006
+FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].image }} as build
+{% if base == "debian" %}
+COPY --from=xx / /
+{% endif %}
+ARG TARGETARCH
+ARG TARGETVARIANT
+ARG TARGETPLATFORM
-########################## BUILD IMAGE ##########################
-FROM {{ build_stage_base_image }} as build
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Build time options to avoid dpkg warnings and help with reproducible builds.
ENV DEBIAN_FRONTEND=noninteractive \
@@ -91,133 +60,162 @@ ENV DEBIAN_FRONTEND=noninteractive \
TZ=UTC \
TERM=xterm-256color \
CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
USER="root"
+{%- if base == "alpine" %} \
+ # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
+ # Debian Bookworm already contains libpq v15
+ PQ_LIB_DIR="/usr/local/musl/pq15/lib"
+{% endif %}
-# Create CARGO_HOME folder and don't download rust docs
-RUN {{ mount_rust_cache -}} mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
+{% if base == "debian" %}
-{% if "alpine" in target_file %}
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-{% if "armv6" in target_file %}
-# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
-ENV RUSTFLAGS='-Clink-arg=-latomic'
-{% endif %}
-{% elif "arm" in target_file %}
-# Install build dependencies for the {{ package_arch_name }} architecture
-RUN {{ mount_rust_cache -}} dpkg --add-architecture {{ package_arch_name }} \
- && apt-get update \
- && apt-get install -y \
+# Install clang to get `xx-cargo` working
+# Install pkg-config to allow amd64 builds to find all libraries
+# Install git so build.rs can determine the correct version
+# Install the libc cross packages based upon the debian-arch
+RUN apt-get update && \
+ apt-get install -y \
--no-install-recommends \
- gcc-{{ package_cross_compiler }} \
- libc6-dev{{ package_arch_prefix }} \
- linux-libc-dev{{ package_arch_prefix }} \
- libmariadb-dev{{ package_arch_prefix }} \
- libmariadb-dev-compat{{ package_arch_prefix }} \
- libmariadb3{{ package_arch_prefix }} \
- libpq-dev{{ package_arch_prefix }} \
- libpq5{{ package_arch_prefix }} \
- libssl-dev{{ package_arch_prefix }} \
- #
- # Make sure cargo has the right target config
- && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \
- && echo 'linker = "{{ package_cross_compiler }}-gcc"' >> "${CARGO_HOME}/config" \
- && echo 'rustflags = ["-L/usr/lib/{{ package_cross_compiler }}"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" \
- CROSS_COMPILE="1" \
- OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \
- OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}"
-{% elif "amd64" in target_file %}
-# Install build dependencies
-RUN apt-get update \
- && apt-get install -y \
+ clang \
+ pkg-config \
+ git \
+ "libc6-$(xx-info debian-arch)-cross" \
+ "libc6-dev-$(xx-info debian-arch)-cross" \
+ "linux-libc-dev-$(xx-info debian-arch)-cross" && \
+ # Run xx-cargo early, since it sometimes seems to break when run at a later stage
+ echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo
+
+RUN xx-apt-get install -y \
--no-install-recommends \
- libmariadb-dev \
- libpq-dev
+ gcc \
+ libmariadb3 \
+ libpq-dev \
+ libpq5 \
+ libssl-dev && \
+ # Force install arch dependend mariadb dev packages
+ # Installing them the normal way breaks several other packages (again)
+ apt-get download "libmariadb-dev-compat:$(xx-info debian-arch)" "libmariadb-dev:$(xx-info debian-arch)" && \
+ dpkg --force-all -i ./libmariadb-dev*.deb
{% endif %}
+# Create CARGO_HOME folder and don't download rust docs
+RUN mkdir -pv "${CARGO_HOME}" \
+ && rustup set profile minimal
+
# Creates a dummy project used to grab dependencies
RUN USER=root cargo new --bin /app
WORKDIR /app
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-{% if package_arch_target is defined %}
-RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }}
-{% endif %}
+{% if base == "debian" %}
+# Environment variables for cargo across Debian and Alpine
+RUN source /env-cargo && \
+ if xx-info is-cross ; then \
+ # We can't use xx-cargo since that uses clang, which doesn't work for our libraries.
+ # Because of this we generate the needed environment variables here which we can load in the needed steps.
+ echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+ echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \
+ echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \
+ echo "export CROSS_COMPILE=1" >> /env-cargo && \
+ echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \
+ echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \
+ fi && \
+ # Output the current contents of the file
+ cat /env-cargo
# Configure the DB ARG as late as possible to not invalidate the cached layers above
-{% if "alpine" in target_file %}
+ARG DB=sqlite,mysql,postgresql
+{% elif base == "alpine" %}
+# Shared variables across Debian and Alpine
+RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \
+ # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
+ if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi && \
+ # Output the current contents of the file
+ cat /env-cargo
+
# Enable MiMalloc to improve performance on Alpine builds
ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-{% else %}
-ARG DB=sqlite,mysql,postgresql
{% endif %}
+RUN source /env-cargo && \
+ rustup target add "${CARGO_TARGET}"
+
+ARG CARGO_PROFILE=release
+ARG VW_VERSION
+
+# Copies over *only* your manifests and build files
+COPY ./Cargo.* ./
+COPY ./rust-toolchain.toml ./rust-toolchain.toml
+COPY ./build.rs ./build.rs
+
# Builds your dependencies and removes the
# dummy project, except the target folder
# This folder contains the compiled dependencies
-RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} \
- && find . -not -path "./target*" -delete
+RUN source /env-cargo && \
+ cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+ find . -not -path "./target*" -delete
# Copies the complete project
# To avoid copying unneeded files, use .dockerignore
COPY . .
-# Make sure that we actually build the project
-RUN touch src/main.rs
+# Builds again, this time it will be the actual source files being build
+RUN source /env-cargo && \
+ # Make sure that we actually build the project by updating the src/main.rs timestamp
+ touch src/main.rs && \
+ # Create a symlink to the binary target folder to easy copy the binary in the final stage
+ cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
+ if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \
+ ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \
+ else \
+ ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \
+ fi
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }}
######################## RUNTIME IMAGE ########################
# Create a new stage with a minimal image
# because we already have a binary built
-FROM {{ runtime_stage_base_image }}
+#
+# To build these images you need to have qemu binfmt support.
+# See the following pages to help install these tools locally
+# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
+# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
+#
+# Or use a Docker image which modifies your host system to support this.
+# The GitHub Actions Workflow uses the same image as used below.
+# See: https://github.com/tonistiigi/binfmt
+# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
+# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
+#
+# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
+FROM --platform=$TARGETPLATFORM {{ runtime_stage_image[base] }}
ENV ROCKET_PROFILE="release" \
ROCKET_ADDRESS=0.0.0.0 \
ROCKET_PORT=80
-{%- if "alpine" in runtime_stage_base_image %} \
+{%- if base == "debian" %} \
+ DEBIAN_FRONTEND=noninteractive
+{% elif base == "alpine" %} \
SSL_CERT_DIR=/etc/ssl/certs
{% endif %}
-
-{% if "amd64" not in target_file %}
-RUN [ "cross-build-start" ]
-{% endif %}
-
# Create data folder and Install needed libraries
-RUN mkdir /data \
-{% if "alpine" in runtime_stage_base_image %}
- && apk add --no-cache \
+RUN mkdir /data && \
+{% if base == "debian" %}
+ apt-get update && apt-get install -y \
+ --no-install-recommends \
+ ca-certificates \
+ curl \
+ libmariadb-dev-compat \
+ libpq5 \
+ openssl && \
+ apt-get clean && \
+ rm -rf /var/lib/apt/lists/*
+{% elif base == "alpine" %}
+ apk --no-cache add \
ca-certificates \
curl \
openssl \
tzdata
-{% else %}
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-{% endif %}
-
-{% if "amd64" not in target_file %}
-RUN [ "cross-build-end" ]
{% endif %}
VOLUME /data
@@ -227,16 +225,13 @@ EXPOSE 3012
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-{% if package_arch_target is defined %}
-COPY --from=build /app/target/{{ package_arch_target }}/release/vaultwarden .
-{% else %}
-COPY --from=build /app/target/release/vaultwarden .
-{% endif %}
COPY docker/healthcheck.sh /healthcheck.sh
COPY docker/start.sh /start.sh
+COPY --from=vault /web-vault ./web-vault
+COPY --from=build /app/target/final/vaultwarden .
+
HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
CMD ["/start.sh"]
diff --git a/docker/Makefile b/docker/Makefile
@@ -1,15 +1,4 @@
-OBJECTS := $(shell find ./ -mindepth 2 -name 'Dockerfile*')
-
-all: $(OBJECTS)
-
-%/Dockerfile: Dockerfile.j2 render_template
- ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
-
-%/Dockerfile.alpine: Dockerfile.j2 render_template
- ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
-
-%/Dockerfile.buildkit: Dockerfile.j2 render_template
- ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
-
-%/Dockerfile.buildkit.alpine: Dockerfile.j2 render_template
- ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@"
+all:
+ ./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian
+ ./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine
+.PHONY: all
diff --git a/docker/README.md b/docker/README.md
@@ -1,3 +1,183 @@
-The arch-specific directory names follow the arch identifiers used by the Docker official images:
+# Vaultwarden Container Building
-https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64
+To build and release new testing and stable releases of Vaultwarden we use `docker buildx bake`.<br>
+This can be used locally by running the command yourself, but it is also used by GitHub Actions.
+
+This makes it easier for us to test and maintain the different architectures we provide.<br>
+We also just have two Dockerfile's one for Debian and one for Alpine based images.<br>
+With just these two files we can build both Debian and Alpine images for the following platforms:
+ - amd64 (linux/amd64)
+ - arm64 (linux/arm64)
+ - armv7 (linux/arm/v7)
+ - armv6 (linux/arm/v6)
+
+To build these containers you need to enable QEMU binfmt support to be able to run/emulate architectures which are different then your host.<br>
+This ensures the container build process can run binaries from other architectures.<br>
+
+**NOTE**: Run all the examples below from the root of the repo.<br>
+
+
+## How to install QEMU binfmt support
+
+This is different per host OS, but most support this in some way.<br>
+
+### Ubuntu/Debian
+```bash
+apt install binfmt-support qemu-user-static
+```
+
+### Arch Linux (others based upon it)
+```bash
+pacman -S qemu-user-static qemu-user-static-binfmt
+```
+
+### Fedora
+```bash
+dnf install qemu-user-static
+```
+
+### Others
+There also is an option to use an other docker container to provide support for this.
+```bash
+# To install and activate
+docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
+# To unistall
+docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
+```
+
+
+## Single architecture container building
+
+You can build a container per supported architecture as long as you have QEMU binfmt support installed on your system.<br>
+
+```bash
+# Default bake triggers a Debian build using the hosts architecture
+docker buildx bake --file docker/docker-bake.hcl
+
+# Bake Debian ARM64 using a debug build
+CARGO_PROFILE=dev \
+SOURCE_COMMIT="$(git rev-parse HEAD)" \
+docker buildx bake --file docker/docker-bake.hcl debian-arm64
+
+# Bake Alpine ARMv6 as a release build
+SOURCE_COMMIT="$(git rev-parse HEAD)" \
+docker buildx bake --file docker/docker-bake.hcl alpine-armv6
+```
+
+
+## Local Multi Architecture container building
+
+Start the initialization, this only needs to be done once.
+
+```bash
+# Create and use a new buildx builder instance which connects to the host network
+docker buildx create --name vaultwarden --use --driver-opt network=host
+
+# Validate it runs
+docker buildx inspect --bootstrap
+
+# Create a local container registry directly reachable on the localhost
+docker run -d --name registry --network host registry:2
+```
+
+After that is done, you should be able to build and push to the local registry.<br>
+Use the following command with the modified variables to bake the Alpine images.<br>
+Replace `alpine` with `debian` if you want to build the debian multi arch images.
+
+```bash
+# Start a buildx bake using a debug build
+CARGO_PROFILE=dev \
+SOURCE_COMMIT="$(git rev-parse HEAD)" \
+CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \
+docker buildx bake --file docker/docker-bake.hcl alpine-multi
+```
+
+
+## Using the `bake.sh` script
+
+To make it a bit more easier to trigger a build, there also is a `bake.sh` script.<br>
+This script calls `docker buildx bake` with all the right parameters and also generates the `SOURCE_COMMIT` and `SOURCE_VERSION` variables.<br>
+This script can be called from both the repo root or within the docker directory.
+
+So, if you want to build a Multi Arch Alpine container pushing to your localhost registry you can run this from within the docker directory. (Just make sure you executed the initialization steps above first)
+```bash
+CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \
+./bake.sh alpine-multi
+```
+
+Or if you want to just build a Debian container from the repo root, you can run this.
+```bash
+docker/bake.sh
+```
+
+You can append both `alpine` and `debian` with `-amd64`, `-arm64`, `-armv7` or `-armv6`, which will trigger a build for that specific platform.<br>
+This will also append those values to the tag so you can see the builded container when running `docker images`.
+
+You can also append extra arguments after the target if you want. This can be useful for example to print what bake will use.
+```bash
+docker/bake.sh alpine-all --print
+```
+
+### Testing baked images
+
+To test these images you can run these images by using the correct tag and provide the platform.<br>
+For example, after you have build an arm64 image via `./bake.sh debian-arm64` you can run:
+```bash
+docker run --rm -it \
+ -e DISABLE_ADMIN_TOKEN=true \
+ -e I_REALLY_WANT_VOLATILE_STORAGE=true \
+ -p8080:80 --platform=linux/arm64 \
+ vaultwarden/server:testing-arm64
+```
+
+
+## Using the `podman-bake.sh` script
+
+To also make building easier using podman, there is a `podman-bake.sh` script.<br>
+This script calls `podman buildx build` with the needed parameters and the same as `bake.sh`, it will generate some variables automatically.<br>
+This script can be called from both the repo root or within the docker directory.
+
+**NOTE:** Unlike the `bake.sh` script, this only supports a single `CONTAINER_REGISTRIES`, and a single `BASE_TAGS` value, no comma separated values. It also only supports building separate architectures, no Multi Arch containers.
+
+To build an Alpine arm64 image with only sqlite support and mimalloc, run this:
+```bash
+DB="sqlite,enable_mimalloc" \
+./podman-bake.sh alpine-arm64
+```
+
+Or if you want to just build a Debian container from the repo root, you can run this.
+```bash
+docker/podman-bake.sh
+```
+
+You can append extra arguments after the target if you want. This can be useful for example to disable cache like this.
+```bash
+./podman-bake.sh alpine-arm64 --no-cache
+```
+
+For the podman builds you can, just like the `bake.sh` script, also append the architecture to build for that specific platform.<br>
+
+### Testing podman builded images
+
+The command to start a podman built container is almost the same as for the docker/bake built containers. The images start with `localhost/`, so you need to prepend that.
+
+```bash
+podman run --rm -it \
+ -e DISABLE_ADMIN_TOKEN=true \
+ -e I_REALLY_WANT_VOLATILE_STORAGE=true \
+ -p8080:80 --platform=linux/arm64 \
+ localhost/vaultwarden/server:testing-arm64
+```
+
+
+## Variables supported
+| Variable | default | description |
+| --------------------- | ------------------ | ----------- |
+| CARGO_PROFILE | null | Which cargo profile to use. `null` means what is defined in the Dockerfile |
+| DB | null | Which `features` to build. `null` means what is defined in the Dockerfile |
+| SOURCE_REPOSITORY_URL | null | The source repository form where this build is triggered |
+| SOURCE_COMMIT | null | The commit hash of the current commit for this build |
+| SOURCE_VERSION | null | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit |
+| BASE_TAGS | testing | Tags to be used. Can be a comma separated value like "latest,1.29.2" |
+| CONTAINER_REGISTRIES | vaultwarden/server | Comma separated value of container registries. Like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` |
+| VW_VERSION | null | To override the `SOURCE_VERSION` value. This is also used by the `build.rs` code for example |
diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile
@@ -1,119 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Install build dependencies
-RUN apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- libmariadb-dev \
- libpq-dev
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/library/debian:bookworm-slim
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80
-
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine
@@ -1,116 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add x86_64-unknown-linux-musl
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/library/alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80 \
- SSL_CERT_DIR=/etc/ssl/certs
-
-
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apk add --no-cache \
- ca-certificates \
- curl \
- openssl \
- tzdata
-
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/amd64/Dockerfile.buildkit b/docker/amd64/Dockerfile.buildkit
@@ -1,119 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Install build dependencies
-RUN apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- libmariadb-dev \
- libpq-dev
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/library/debian:bookworm-slim
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80
-
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/amd64/Dockerfile.buildkit.alpine b/docker/amd64/Dockerfile.buildkit.alpine
@@ -1,116 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add x86_64-unknown-linux-musl
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/library/alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80 \
- SSL_CERT_DIR=/etc/ssl/certs
-
-
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apk add --no-cache \
- ca-certificates \
- curl \
- openssl \
- tzdata
-
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile
@@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Install build dependencies for the arm64 architecture
-RUN dpkg --add-architecture arm64 \
- && apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- gcc-aarch64-linux-gnu \
- libc6-dev:arm64 \
- linux-libc-dev:arm64 \
- libmariadb-dev:arm64 \
- libmariadb-dev-compat:arm64 \
- libmariadb3:arm64 \
- libpq-dev:arm64 \
- libpq5:arm64 \
- libssl-dev:arm64 \
- #
- # Make sure cargo has the right target config
- && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \
- && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \
- && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \
- CROSS_COMPILE="1" \
- OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \
- OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add aarch64-unknown-linux-gnu
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/aarch64-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine
@@ -1,118 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add aarch64-unknown-linux-musl
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/aarch64-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80 \
- SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apk add --no-cache \
- ca-certificates \
- curl \
- openssl \
- tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/arm64/Dockerfile.buildkit b/docker/arm64/Dockerfile.buildkit
@@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Install build dependencies for the arm64 architecture
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture arm64 \
- && apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- gcc-aarch64-linux-gnu \
- libc6-dev:arm64 \
- linux-libc-dev:arm64 \
- libmariadb-dev:arm64 \
- libmariadb-dev-compat:arm64 \
- libmariadb3:arm64 \
- libpq-dev:arm64 \
- libpq5:arm64 \
- libssl-dev:arm64 \
- #
- # Make sure cargo has the right target config
- && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \
- && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \
- && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \
- CROSS_COMPILE="1" \
- OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \
- OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-gnu
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/aarch64-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/arm64/Dockerfile.buildkit.alpine b/docker/arm64/Dockerfile.buildkit.alpine
@@ -1,118 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-musl
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/aarch64-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80 \
- SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apk add --no-cache \
- ca-certificates \
- curl \
- openssl \
- tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile
@@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Install build dependencies for the armel architecture
-RUN dpkg --add-architecture armel \
- && apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- gcc-arm-linux-gnueabi \
- libc6-dev:armel \
- linux-libc-dev:armel \
- libmariadb-dev:armel \
- libmariadb-dev-compat:armel \
- libmariadb3:armel \
- libpq-dev:armel \
- libpq5:armel \
- libssl-dev:armel \
- #
- # Make sure cargo has the right target config
- && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \
- && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \
- && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \
- CROSS_COMPILE="1" \
- OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \
- OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add arm-unknown-linux-gnueabi
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/rpi-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine
@@ -1,120 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
-ENV RUSTFLAGS='-Clink-arg=-latomic'
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add arm-unknown-linux-musleabi
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/rpi-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80 \
- SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apk add --no-cache \
- ca-certificates \
- curl \
- openssl \
- tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/armv6/Dockerfile.buildkit b/docker/armv6/Dockerfile.buildkit
@@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Install build dependencies for the armel architecture
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armel \
- && apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- gcc-arm-linux-gnueabi \
- libc6-dev:armel \
- linux-libc-dev:armel \
- libmariadb-dev:armel \
- libmariadb-dev-compat:armel \
- libmariadb3:armel \
- libpq-dev:armel \
- libpq5:armel \
- libssl-dev:armel \
- #
- # Make sure cargo has the right target config
- && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \
- && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \
- && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \
- CROSS_COMPILE="1" \
- OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \
- OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-gnueabi
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/rpi-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/armv6/Dockerfile.buildkit.alpine b/docker/armv6/Dockerfile.buildkit.alpine
@@ -1,120 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic
-ENV RUSTFLAGS='-Clink-arg=-latomic'
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-musleabi
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/rpi-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80 \
- SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apk add --no-cache \
- ca-certificates \
- curl \
- openssl \
- tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile
@@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Install build dependencies for the armhf architecture
-RUN dpkg --add-architecture armhf \
- && apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- gcc-arm-linux-gnueabihf \
- libc6-dev:armhf \
- linux-libc-dev:armhf \
- libmariadb-dev:armhf \
- libmariadb-dev-compat:armhf \
- libmariadb3:armhf \
- libpq-dev:armhf \
- libpq5:armhf \
- libssl-dev:armhf \
- #
- # Make sure cargo has the right target config
- && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \
- && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \
- && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \
- CROSS_COMPILE="1" \
- OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \
- OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add armv7-unknown-linux-gnueabihf
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/armv7hf-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine
@@ -1,118 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN rustup target add armv7-unknown-linux-musleabihf
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/armv7hf-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80 \
- SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apk add --no-cache \
- ca-certificates \
- curl \
- openssl \
- tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/armv7/Dockerfile.buildkit b/docker/armv7/Dockerfile.buildkit
@@ -1,141 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/library/rust:1.72.0-bookworm as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Install build dependencies for the armhf architecture
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armhf \
- && apt-get update \
- && apt-get install -y \
- --no-install-recommends \
- gcc-arm-linux-gnueabihf \
- libc6-dev:armhf \
- linux-libc-dev:armhf \
- libmariadb-dev:armhf \
- libmariadb-dev-compat:armhf \
- libmariadb3:armhf \
- libpq-dev:armhf \
- libpq5:armhf \
- libssl-dev:armhf \
- #
- # Make sure cargo has the right target config
- && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \
- && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \
- && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config"
-
-# Set arm specific environment values
-ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \
- CROSS_COMPILE="1" \
- OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \
- OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-gnueabihf
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-ARG DB=sqlite,mysql,postgresql
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/armv7hf-debian:bookworm
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apt-get update && apt-get install -y \
- --no-install-recommends \
- ca-certificates \
- curl \
- libmariadb-dev-compat \
- libpq5 \
- openssl \
- && apt-get clean \
- && rm -rf /var/lib/apt/lists/*
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/armv7/Dockerfile.buildkit.alpine b/docker/armv7/Dockerfile.buildkit.alpine
@@ -1,118 +0,0 @@
-# syntax=docker/dockerfile:1
-
-# This file was generated using a Jinja2 template.
-# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
-# Using multistage build:
-# https://docs.docker.com/develop/develop-images/multistage-build/
-# https://whitfin.io/speeding-up-rust-docker-builds/
-####################### VAULT BUILD IMAGE #######################
-# The web-vault digest specifies a particular web-vault build on Docker Hub.
-# Using the digest instead of the tag name provides better security,
-# as the digest of an image is immutable, whereas a tag name can later
-# be changed to point to a malicious image.
-#
-# To verify the current digest for a given tag name:
-# - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
-# click the tag name to view the digest of the image it currently points to.
-# - From the command line:
-# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2
-# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2
-# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252]
-#
-# - Conversely, to get the tag name from the digest:
-# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252
-# [docker.io/vaultwarden/web-vault:v2023.8.2]
-#
-FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault
-
-########################## BUILD IMAGE ##########################
-FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build
-
-# Build time options to avoid dpkg warnings and help with reproducible builds.
-ENV DEBIAN_FRONTEND=noninteractive \
- LANG=C.UTF-8 \
- TZ=UTC \
- TERM=xterm-256color \
- CARGO_HOME="/root/.cargo" \
- REGISTRIES_CRATES_IO_PROTOCOL=sparse \
- USER="root"
-
-# Create CARGO_HOME folder and don't download rust docs
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \
- && rustup set profile minimal
-
-# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
-# Debian Bookworm already contains libpq v15
-ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib"
-
-# Creates a dummy project used to grab dependencies
-RUN USER=root cargo new --bin /app
-WORKDIR /app
-
-# Copies over *only* your manifests and build files
-COPY ./Cargo.* ./
-COPY ./rust-toolchain.toml ./rust-toolchain.toml
-COPY ./build.rs ./build.rs
-
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-musleabihf
-
-# Configure the DB ARG as late as possible to not invalidate the cached layers above
-# Enable MiMalloc to improve performance on Alpine builds
-ARG DB=sqlite,mysql,postgresql,enable_mimalloc
-
-# Builds your dependencies and removes the
-# dummy project, except the target folder
-# This folder contains the compiled dependencies
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \
- && find . -not -path "./target*" -delete
-
-# Copies the complete project
-# To avoid copying unneeded files, use .dockerignore
-COPY . .
-
-# Make sure that we actually build the project
-RUN touch src/main.rs
-
-# Builds again, this time it'll just be
-# your actual source files being built
-RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf
-
-######################## RUNTIME IMAGE ########################
-# Create a new stage with a minimal image
-# because we already have a binary built
-FROM docker.io/balenalib/armv7hf-alpine:3.17
-
-ENV ROCKET_PROFILE="release" \
- ROCKET_ADDRESS=0.0.0.0 \
- ROCKET_PORT=80 \
- SSL_CERT_DIR=/etc/ssl/certs
-
-
-RUN [ "cross-build-start" ]
-
-# Create data folder and Install needed libraries
-RUN mkdir /data \
- && apk add --no-cache \
- ca-certificates \
- curl \
- openssl \
- tzdata
-
-RUN [ "cross-build-end" ]
-
-VOLUME /data
-EXPOSE 80
-EXPOSE 3012
-
-# Copies the files from the context (Rocket.toml file and web-vault)
-# and the binary from the "build" stage to the current stage
-WORKDIR /
-COPY --from=vault /web-vault ./web-vault
-COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden .
-
-COPY docker/healthcheck.sh /healthcheck.sh
-COPY docker/start.sh /start.sh
-
-HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
-
-CMD ["/start.sh"]
diff --git a/docker/bake.sh b/docker/bake.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+# Determine the basedir of this script.
+# It should be located in the same directory as the docker-bake.hcl
+# This ensures you can run this script from both inside and outside of the docker directory
+BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")")
+
+# Load build env's
+source "${BASEDIR}/bake_env.sh"
+
+# Be verbose on what is being executed
+set -x
+
+# Make sure we set the context to `..` so it will go up one directory
+docker buildx bake --progress plain --set "*.context=${BASEDIR}/.." -f "${BASEDIR}/docker-bake.hcl" "$@"
diff --git a/docker/bake_env.sh b/docker/bake_env.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+# If SOURCE_COMMIT is provided via env skip this
+if [ -z "${SOURCE_COMMIT+x}" ]; then
+ SOURCE_COMMIT="$(git rev-parse HEAD)"
+fi
+
+# If VW_VERSION is provided via env use it as SOURCE_VERSION
+# Else define it using git
+if [[ -n "${VW_VERSION}" ]]; then
+ SOURCE_VERSION="${VW_VERSION}"
+else
+ GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)"
+ if [[ -n "${GIT_EXACT_TAG}" ]]; then
+ SOURCE_VERSION="${GIT_EXACT_TAG}"
+ else
+ GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
+ SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}"
+ GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+ case "${GIT_BRANCH}" in
+ main|master|HEAD)
+ # Do not add the branch name for these branches
+ ;;
+ *)
+ SOURCE_VERSION="${SOURCE_VERSION} (${GIT_BRANCH})"
+ ;;
+ esac
+ fi
+fi
+
+# Export the rendered variables above so bake will use them
+export SOURCE_COMMIT
+export SOURCE_VERSION
diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl
@@ -0,0 +1,229 @@
+// ==== Baking Variables ====
+
+// Set which cargo profile to use, dev or release for example
+// Use the value provided in the Dockerfile as default
+variable "CARGO_PROFILE" {
+ default = null
+}
+
+// Set which DB's (features) to enable
+// Use the value provided in the Dockerfile as default
+variable "DB" {
+ default = null
+}
+
+// The repository this build was triggered from
+variable "SOURCE_REPOSITORY_URL" {
+ default = null
+}
+
+// The commit hash of of the current commit this build was triggered on
+variable "SOURCE_COMMIT" {
+ default = null
+}
+
+// The version of this build
+// Typically the current exact tag of this commit,
+// else the last tag and the first 8 characters of the source commit
+variable "SOURCE_VERSION" {
+ default = null
+}
+
+// This can be used to overwrite SOURCE_VERSION
+// It will be used during the build.rs building stage
+variable "VW_VERSION" {
+ default = null
+}
+
+// The base tag(s) to use
+// This can be a comma separated value like "testing,1.29.2"
+variable "BASE_TAGS" {
+ default = "testing"
+}
+
+// Which container registries should be used for the tagging
+// This can be a comma separated value
+// Use a full URI like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server`
+variable "CONTAINER_REGISTRIES" {
+ default = "vaultwarden/server"
+}
+
+
+// ==== Baking Groups ====
+
+group "default" {
+ targets = ["debian"]
+}
+
+
+// ==== Shared Baking ====
+function "labels" {
+ params = []
+ result = {
+ "org.opencontainers.image.description" = "Unofficial Bitwarden compatible server written in Rust - ${SOURCE_VERSION}"
+ "org.opencontainers.image.licenses" = "AGPL-3.0-only"
+ "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki"
+ "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden"
+ "org.opencontainers.image.created" = "${formatdate("YYYY-MM-DD'T'hh:mm:ssZZZZZ", timestamp())}"
+ "org.opencontainers.image.source" = "${SOURCE_REPOSITORY_URL}"
+ "org.opencontainers.image.revision" = "${SOURCE_COMMIT}"
+ "org.opencontainers.image.version" = "${SOURCE_VERSION}"
+ }
+}
+
+target "_default_attributes" {
+ labels = labels()
+ args = {
+ DB = "${DB}"
+ CARGO_PROFILE = "${CARGO_PROFILE}"
+ VW_VERSION = "${VW_VERSION}"
+ }
+}
+
+
+// ==== Debian Baking ====
+
+// Default Debian target, will build a container using the hosts platform architecture
+target "debian" {
+ inherits = ["_default_attributes"]
+ dockerfile = "docker/Dockerfile.debian"
+ tags = generate_tags("", platform_tag())
+ output = [join(",", flatten([["type=docker"], image_index_annotations()]))]
+}
+
+// Multi Platform target, will build one tagged manifest with all supported architectures
+// This is mainly used by GitHub Actions to build and push new containers
+target "debian-multi" {
+ inherits = ["debian"]
+ platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+ tags = generate_tags("", "")
+ output = [join(",", flatten([["type=registry"], image_index_annotations()]))]
+}
+
+// Per platform targets, to individually test building per platform locally
+target "debian-amd64" {
+ inherits = ["debian"]
+ platforms = ["linux/amd64"]
+ tags = generate_tags("", "-amd64")
+}
+
+target "debian-arm64" {
+ inherits = ["debian"]
+ platforms = ["linux/arm64"]
+ tags = generate_tags("", "-arm64")
+}
+
+target "debian-armv7" {
+ inherits = ["debian"]
+ platforms = ["linux/arm/v7"]
+ tags = generate_tags("", "-armv7")
+}
+
+target "debian-armv6" {
+ inherits = ["debian"]
+ platforms = ["linux/arm/v6"]
+ tags = generate_tags("", "-armv6")
+}
+
+// A Group to build all platforms individually for local testing
+group "debian-all" {
+ targets = ["debian-amd64", "debian-arm64", "debian-armv7", "debian-armv6"]
+}
+
+
+// ==== Alpine Baking ====
+
+// Default Alpine target, will build a container using the hosts platform architecture
+target "alpine" {
+ inherits = ["_default_attributes"]
+ dockerfile = "docker/Dockerfile.alpine"
+ tags = generate_tags("-alpine", platform_tag())
+ output = [join(",", flatten([["type=docker"], image_index_annotations()]))]
+}
+
+// Multi Platform target, will build one tagged manifest with all supported architectures
+// This is mainly used by GitHub Actions to build and push new containers
+target "alpine-multi" {
+ inherits = ["alpine"]
+ platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+ tags = generate_tags("-alpine", "")
+ output = [join(",", flatten([["type=registry"], image_index_annotations()]))]
+}
+
+// Per platform targets, to individually test building per platform locally
+target "alpine-amd64" {
+ inherits = ["alpine"]
+ platforms = ["linux/amd64"]
+ tags = generate_tags("-alpine", "-amd64")
+}
+
+target "alpine-arm64" {
+ inherits = ["alpine"]
+ platforms = ["linux/arm64"]
+ tags = generate_tags("-alpine", "-arm64")
+}
+
+target "alpine-armv7" {
+ inherits = ["alpine"]
+ platforms = ["linux/arm/v7"]
+ tags = generate_tags("-alpine", "-armv7")
+}
+
+target "alpine-armv6" {
+ inherits = ["alpine"]
+ platforms = ["linux/arm/v6"]
+ tags = generate_tags("-alpine", "-armv6")
+}
+
+// A Group to build all platforms individually for local testing
+group "alpine-all" {
+ targets = ["alpine-amd64", "alpine-arm64", "alpine-armv7", "alpine-armv6"]
+}
+
+
+// ==== Bake everything locally ====
+
+group "all" {
+ targets = ["debian-all", "alpine-all"]
+}
+
+
+// ==== Baking functions ====
+
+// This will return the local platform as amd64, arm64 or armv7 for example
+// It can be used for creating a local image tag
+function "platform_tag" {
+ params = []
+ result = "-${replace(replace(BAKE_LOCAL_PLATFORM, "linux/", ""), "/", "")}"
+}
+
+
+function "get_container_registries" {
+ params = []
+ result = flatten(split(",", CONTAINER_REGISTRIES))
+}
+
+function "get_base_tags" {
+ params = []
+ result = flatten(split(",", BASE_TAGS))
+}
+
+function "generate_tags" {
+ params = [
+ suffix, // What to append to the BASE_TAG when needed, like `-alpine` for example
+ platform // the platform we are building for if needed
+ ]
+ result = flatten([
+ for registry in get_container_registries() :
+ [for base_tag in get_base_tags() :
+ concat(["${registry}:${base_tag}${suffix}${platform}"])]
+ ])
+}
+
+function "image_index_annotations" {
+ params = []
+ result = flatten([
+ for key, value in labels() :
+ value != null ? formatlist("annotation-index.%s=%s", "${key}", "${value}") : []
+ ])
+}
diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh
@@ -10,7 +10,7 @@ CONFIG_FILE="${DATA_FOLDER}"/config.json
# Given a config key, return the corresponding config value from the
# config file. If the key doesn't exist, return an empty string.
get_config_val() {
- local key="$1"
+ key="$1"
# Extract a line of the form:
# "domain": "https://bw.example.com/path",
grep "\"${key}\":" "${CONFIG_FILE}" |
diff --git a/docker/podman-bake.sh b/docker/podman-bake.sh
@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+
+# Determine the basedir of this script.
+# It should be located in the same directory as the docker-bake.hcl
+# This ensures you can run this script from both inside and outside of the docker directory
+BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")")
+
+# Load build env's
+source "${BASEDIR}/bake_env.sh"
+
+# Check if a target is given as first argument
+# If not we assume the defaults and pass the given arguments to the podman command
+case "${1}" in
+ alpine*|debian*)
+ TARGET="${1}"
+ # Now shift the $@ array so we only have the rest of the arguments
+ # This allows us too append these as extra arguments too the podman buildx build command
+ shift
+ ;;
+esac
+
+LABEL_ARGS=(
+ --label org.opencontainers.image.description="Unofficial Bitwarden compatible server written in Rust"
+ --label org.opencontainers.image.licenses="AGPL-3.0-only"
+ --label org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki"
+ --label org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden"
+ --label org.opencontainers.image.created="$(date --utc --iso-8601=seconds)"
+)
+if [[ -n "${SOURCE_REPOSITORY_URL}" ]]; then
+ LABEL_ARGS+=(--label org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}")
+fi
+if [[ -n "${SOURCE_COMMIT}" ]]; then
+ LABEL_ARGS+=(--label org.opencontainers.image.revision="${SOURCE_COMMIT}")
+fi
+if [[ -n "${SOURCE_VERSION}" ]]; then
+ LABEL_ARGS+=(--label org.opencontainers.image.version="${SOURCE_VERSION}")
+fi
+
+# Check if and which --build-arg arguments we need to configure
+BUILD_ARGS=()
+if [[ -n "${DB}" ]]; then
+ BUILD_ARGS+=(--build-arg DB="${DB}")
+fi
+if [[ -n "${CARGO_PROFILE}" ]]; then
+ BUILD_ARGS+=(--build-arg CARGO_PROFILE="${CARGO_PROFILE}")
+fi
+if [[ -n "${VW_VERSION}" ]]; then
+ BUILD_ARGS+=(--build-arg VW_VERSION="${VW_VERSION}")
+fi
+
+# Set the default BASE_TAGS if non are provided
+if [[ -z "${BASE_TAGS}" ]]; then
+ BASE_TAGS="testing"
+fi
+
+# Set the default CONTAINER_REGISTRIES if non are provided
+if [[ -z "${CONTAINER_REGISTRIES}" ]]; then
+ CONTAINER_REGISTRIES="vaultwarden/server"
+fi
+
+# Check which Dockerfile we need to use, default is debian
+case "${TARGET}" in
+ alpine*)
+ BASE_TAGS="${BASE_TAGS}-alpine"
+ DOCKERFILE="Dockerfile.alpine"
+ ;;
+ *)
+ DOCKERFILE="Dockerfile.debian"
+ ;;
+esac
+
+# Check which platform we need to build and append the BASE_TAGS with the architecture
+case "${TARGET}" in
+ *-arm64)
+ BASE_TAGS="${BASE_TAGS}-arm64"
+ PLATFORM="linux/arm64"
+ ;;
+ *-armv7)
+ BASE_TAGS="${BASE_TAGS}-armv7"
+ PLATFORM="linux/arm/v7"
+ ;;
+ *-armv6)
+ BASE_TAGS="${BASE_TAGS}-armv6"
+ PLATFORM="linux/arm/v6"
+ ;;
+ *)
+ BASE_TAGS="${BASE_TAGS}-amd64"
+ PLATFORM="linux/amd64"
+ ;;
+esac
+
+# Be verbose on what is being executed
+set -x
+
+# Build the image with podman
+# We use the docker format here since we are using `SHELL`, which is not supported by OCI
+# shellcheck disable=SC2086
+podman buildx build \
+ --platform="${PLATFORM}" \
+ --tag="${CONTAINER_REGISTRIES}:${BASE_TAGS}" \
+ --format=docker \
+ "${LABEL_ARGS[@]}" \
+ "${BUILD_ARGS[@]}" \
+ --file="${BASEDIR}/${DOCKERFILE}" "$@" \
+ "${BASEDIR}/.."
diff --git a/docker/render_template b/docker/render_template
@@ -1,17 +1,31 @@
#!/usr/bin/env python3
-import os, argparse, json
-
+import os
+import argparse
+import json
+import yaml
import jinja2
+# Load settings file
+with open("DockerSettings.yaml", 'r') as yaml_file:
+ yaml_data = yaml.safe_load(yaml_file)
+
+settings_env = jinja2.Environment(
+ loader=jinja2.FileSystemLoader(os.getcwd()),
+)
+settings_yaml = yaml.safe_load(settings_env.get_template("DockerSettings.yaml").render(yaml_data))
+
args_parser = argparse.ArgumentParser()
args_parser.add_argument('template_file', help='Jinja2 template file to render.')
args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.')
cli_args = args_parser.parse_args()
+# Merge the default config yaml with the json arguments given.
render_vars = json.loads(cli_args.render_vars)
+settings_yaml.update(render_vars)
+
environment = jinja2.Environment(
loader=jinja2.FileSystemLoader(os.getcwd()),
trim_blocks=True,
)
-print(environment.get_template(cli_args.template_file).render(render_vars))
+print(environment.get_template(cli_args.template_file).render(settings_yaml))
diff --git a/hooks/README.md b/hooks/README.md
@@ -1,20 +0,0 @@
-The hooks in this directory are used to create multi-arch images using Docker Hub automated builds.
-
-Docker Hub hooks provide these predefined [environment variables](https://docs.docker.com/docker-hub/builds/advanced/#environment-variables-for-building-and-testing):
-
-* `SOURCE_BRANCH`: the name of the branch or the tag that is currently being tested.
-* `SOURCE_COMMIT`: the SHA1 hash of the commit being tested.
-* `COMMIT_MSG`: the message from the commit being tested and built.
-* `DOCKER_REPO`: the name of the Docker repository being built.
-* `DOCKERFILE_PATH`: the dockerfile currently being built.
-* `DOCKER_TAG`: the Docker repository tag being built.
-* `IMAGE_NAME`: the name and tag of the Docker repository being built. (This variable is a combination of `DOCKER_REPO:DOCKER_TAG`.)
-
-The current multi-arch image build relies on the original vaultwarden Dockerfiles, which use cross-compilation for architectures other than `amd64`, and don't yet support all arch/distro combinations. However, cross-compilation is much faster than QEMU-based builds (e.g., using `docker buildx`). This situation may need to be revisited at some point.
-
-## References
-
-* https://docs.docker.com/docker-hub/builds/advanced/
-* https://docs.docker.com/engine/reference/commandline/manifest/
-* https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/
-* https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api
diff --git a/hooks/arches.sh b/hooks/arches.sh
@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-# The default Debian-based images support these arches for all database backends.
-arches=(
- amd64
- armv6
- armv7
- arm64
-)
-export arches
-
-if [[ "${DOCKER_TAG}" == *alpine ]]; then
- distro_suffix=.alpine
-fi
-export distro_suffix
diff --git a/hooks/build b/hooks/build
@@ -1,51 +0,0 @@
-#!/usr/bin/env bash
-
-echo ">>> Building images..."
-
-# shellcheck source=arches.sh
-source ./hooks/arches.sh
-
-if [[ -z "${SOURCE_COMMIT}" ]]; then
- # This var is typically predefined by Docker Hub, but it won't be
- # when testing locally.
- SOURCE_COMMIT="$(git rev-parse HEAD)"
-fi
-
-# Construct a version string in the style of `build.rs`.
-GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)"
-if [[ -n "${GIT_EXACT_TAG}" ]]; then
- SOURCE_VERSION="${GIT_EXACT_TAG}"
-else
- GIT_LAST_TAG="$(git describe --tags --abbrev=0)"
- SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}"
-fi
-
-LABELS=(
- # https://github.com/opencontainers/image-spec/blob/master/annotations.md
- org.opencontainers.image.created="$(date --utc --iso-8601=seconds)"
- org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki"
- org.opencontainers.image.licenses="AGPL-3.0-only"
- org.opencontainers.image.revision="${SOURCE_COMMIT}"
- org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}"
- org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden"
- org.opencontainers.image.version="${SOURCE_VERSION}"
-)
-LABEL_ARGS=()
-for label in "${LABELS[@]}"; do
- LABEL_ARGS+=(--label "${label}")
-done
-
-# Check if DOCKER_BUILDKIT is set, if so, use the Dockerfile.buildkit as template
-if [[ -n "${DOCKER_BUILDKIT}" ]]; then
- buildkit_suffix=.buildkit
-fi
-
-set -ex
-
-for arch in "${arches[@]}"; do
- docker build \
- "${LABEL_ARGS[@]}" \
- -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \
- -f "docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix}" \
- .
-done
diff --git a/hooks/pre_build b/hooks/pre_build
@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-set -ex
-
-# If requested, print some environment info for troubleshooting.
-if [[ -n "${DOCKER_HUB_DEBUG}" ]]; then
- id
- pwd
- df -h
- env
- docker info
- docker version
-fi
-
-# Install build dependencies.
-deps=(
- jq
-)
-apt-get update
-apt-get install -y "${deps[@]}"
-
-# Docker Hub uses a shallow clone and doesn't fetch tags, which breaks some
-# Git operations that we perform later, so fetch the complete history and
-# tags first. Note that if the build is cached, the clone may have been
-# unshallowed already; if so, unshallowing will fail, so skip it.
-if [[ -f .git/shallow ]]; then
- git fetch --unshallow --tags
-fi
diff --git a/hooks/push b/hooks/push
@@ -1,111 +0,0 @@
-#!/usr/bin/env bash
-
-# shellcheck source=arches.sh
-source ./hooks/arches.sh
-
-export DOCKER_CLI_EXPERIMENTAL=enabled
-
-# Join a list of args with a single char.
-# Ref: https://stackoverflow.com/a/17841619
-join() { local IFS="$1"; shift; echo "$*"; }
-
-set -ex
-
-echo ">>> Starting local Docker registry when needed..."
-
-# Docker Buildx's `docker-container` driver is needed for multi-platform
-# builds, but it can't access existing images on the Docker host (like the
-# cross-compiled ones we just built). Those images first need to be pushed to
-# a registry -- Docker Hub could be used, but since it's not trivial to clean
-# up those intermediate images on Docker Hub, it's easier to just run a local
-# Docker registry, which gets cleaned up automatically once the build job ends.
-#
-# https://docs.docker.com/registry/deploying/
-# https://hub.docker.com/_/registry
-#
-# Use host networking so the buildx container can access the registry via
-# localhost.
-#
-# First check if there already is a registry container running, else skip it.
-# This will only happen either locally or running it via Github Actions
-#
-if ! timeout 5 bash -c 'cat < /dev/null > /dev/tcp/localhost/5000'; then
- # defaults to port 5000
- docker run -d --name registry --network host registry:2
-fi
-
-# Docker Hub sets a `DOCKER_REPO` env var with the format `index.docker.io/user/repo`.
-# Strip the registry portion to construct a local repo path for use in `Dockerfile.buildx`.
-LOCAL_REGISTRY="localhost:5000"
-REPO="${DOCKER_REPO#*/}"
-LOCAL_REPO="${LOCAL_REGISTRY}/${REPO}"
-
-echo ">>> Pushing images to local registry..."
-
-for arch in "${arches[@]}"; do
- docker_image="${DOCKER_REPO}:${DOCKER_TAG}-${arch}"
- local_image="${LOCAL_REPO}:${DOCKER_TAG}-${arch}"
- docker tag "${docker_image}" "${local_image}"
- docker push "${local_image}"
-done
-
-echo ">>> Setting up Docker Buildx..."
-
-# Same as earlier, use host networking so the buildx container can access the
-# registry via localhost.
-#
-# Ref: https://github.com/docker/buildx/issues/94#issuecomment-534367714
-#
-# Check if there already is a builder running, else skip this and use the existing.
-# This will only happen either locally or running it via Github Actions
-#
-if ! docker buildx inspect builder > /dev/null 2>&1 ; then
- docker buildx create --name builder --use --driver-opt network=host
-fi
-
-echo ">>> Running Docker Buildx..."
-
-tags=("${DOCKER_REPO}:${DOCKER_TAG}")
-
-# If the Docker tag starts with a version number, assume the latest release
-# is being pushed. Add an extra tag (`latest` or `alpine`, as appropriate)
-# to make it easier for users to track the latest release.
-if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
- if [[ "${DOCKER_TAG}" == *alpine ]]; then
- tags+=("${DOCKER_REPO}:alpine")
- else
- tags+=("${DOCKER_REPO}:latest")
- fi
-fi
-
-tag_args=()
-for tag in "${tags[@]}"; do
- tag_args+=(--tag "${tag}")
-done
-
-# Docker Buildx takes a list of target platforms (OS/arch/variant), so map
-# the arch list to a platform list (assuming the OS is always `linux`).
-declare -A arch_to_platform=(
- [amd64]="linux/amd64"
- [armv6]="linux/arm/v6"
- [armv7]="linux/arm/v7"
- [arm64]="linux/arm64"
-)
-platforms=()
-for arch in "${arches[@]}"; do
- platforms+=("${arch_to_platform[$arch]}")
-done
-platform="$(join "," "${platforms[@]}")"
-
-# Run the build, pushing the resulting images and multi-arch manifest list to
-# Docker Hub. The Dockerfile is read from stdin to avoid sending any build
-# context, which isn't needed here since the actual cross-compiled images
-# have already been built.
-docker buildx build \
- --network host \
- --build-arg LOCAL_REPO="${LOCAL_REPO}" \
- --build-arg DOCKER_TAG="${DOCKER_TAG}" \
- --platform "${platform}" \
- "${tag_args[@]}" \
- --push \
- - < ./docker/Dockerfile.buildx
diff --git a/rust-toolchain.toml b/rust-toolchain.toml
@@ -1,4 +1,4 @@
[toolchain]
-channel = "1.72.0"
+channel = "1.73.0"
components = [ "rustfmt", "clippy" ]
profile = "minimal"
