vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README

commit d722328f05f65910e00d01c7b156d30ab9ac8986
parent cb4b683dcd51eff4508bcf50e34d657b8d2225d4
Author: Mathijs van Veluw <black.dex@gmail.com>
Date:   Mon, 23 Oct 2023 00:18:38 +0200

Container building changes (#3958)

* WIP: Container building changes

* Small updates

- Updated to rust 1.73.0
- Updated crates
- Updated documentation
- Added a bake.sh script to make baking easier

* Update GitHub Actions Workflow

- Updated workflow to use qemu and buildx bake

In the future i would like to extract the alpine based binaries and add
them as artifacts to the release.

* Address review remarks and small updates

- Addressed review remarks
- Added `podman-bake.sh` script to build Vaultwarden with podman
- Updated README
- Updated crates
- Added `VW_VERSION` support
- Added annotations
- Updated web-vault to v2023.9.1
Diffstat:
M.github/workflows/build.yml | 37++++++++++---------------------------
M.github/workflows/hadolint.yml | 3+--
M.github/workflows/release.yml | 205+++++++++++++++++++++++++++----------------------------------------------------
M.hadolint.yaml | 6++++--
M.pre-commit-config.yaml | 2+-
MCargo.lock | 799++++++++++++++++++++++++++++++++++++++++++++++++++-----------------------------
MCargo.toml | 60+++++++++++++++++++++++++++++++++---------------------------
MDockerfile | 4++--
Adocker/DockerSettings.yaml | 28++++++++++++++++++++++++++++
Adocker/Dockerfile.alpine | 160+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Ddocker/Dockerfile.buildx | 34----------------------------------
Adocker/Dockerfile.debian | 194+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mdocker/Dockerfile.j2 | 301+++++++++++++++++++++++++++++++++++++++----------------------------------------
Mdocker/Makefile | 19++++---------------
Mdocker/README.md | 184++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
Ddocker/amd64/Dockerfile | 119-------------------------------------------------------------------------------
Ddocker/amd64/Dockerfile.alpine | 116-------------------------------------------------------------------------------
Ddocker/amd64/Dockerfile.buildkit | 119-------------------------------------------------------------------------------
Ddocker/amd64/Dockerfile.buildkit.alpine | 116-------------------------------------------------------------------------------
Ddocker/arm64/Dockerfile | 141-------------------------------------------------------------------------------
Ddocker/arm64/Dockerfile.alpine | 118-------------------------------------------------------------------------------
Ddocker/arm64/Dockerfile.buildkit | 141-------------------------------------------------------------------------------
Ddocker/arm64/Dockerfile.buildkit.alpine | 118-------------------------------------------------------------------------------
Ddocker/armv6/Dockerfile | 141-------------------------------------------------------------------------------
Ddocker/armv6/Dockerfile.alpine | 120-------------------------------------------------------------------------------
Ddocker/armv6/Dockerfile.buildkit | 141-------------------------------------------------------------------------------
Ddocker/armv6/Dockerfile.buildkit.alpine | 120-------------------------------------------------------------------------------
Ddocker/armv7/Dockerfile | 141-------------------------------------------------------------------------------
Ddocker/armv7/Dockerfile.alpine | 118-------------------------------------------------------------------------------
Ddocker/armv7/Dockerfile.buildkit | 141-------------------------------------------------------------------------------
Ddocker/armv7/Dockerfile.buildkit.alpine | 118-------------------------------------------------------------------------------
Adocker/bake.sh | 15+++++++++++++++
Adocker/bake_env.sh | 33+++++++++++++++++++++++++++++++++
Adocker/docker-bake.hcl | 229+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mdocker/healthcheck.sh | 2+-
Adocker/podman-bake.sh | 105+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Mdocker/render_template | 20+++++++++++++++++---
Dhooks/README.md | 20--------------------
Dhooks/arches.sh | 15---------------
Dhooks/build | 51---------------------------------------------------
Dhooks/pre_build | 28----------------------------
Dhooks/push | 111-------------------------------------------------------------------------------
Mrust-toolchain.toml | 2+-
43 files changed, 1745 insertions(+), 2950 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml @@ -12,6 +12,7 @@ on: - "rustfmt.toml" - "diesel.toml" - "docker/Dockerfile.j2" + - "docker/DockerSettings.yaml" pull_request: paths: - ".github/workflows/build.yml" @@ -23,6 +24,7 @@ on: - "rustfmt.toml" - "diesel.toml" - "docker/Dockerfile.j2" + - "docker/DockerSettings.yaml" jobs: build: @@ -32,7 +34,6 @@ jobs: # This is done globally to prevent rebuilds when the RUSTFLAGS env variable changes. env: RUSTFLAGS: "-D warnings" - CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse strategy: fail-fast: false matrix: @@ -113,46 +114,46 @@ jobs: prefix-key: "v2023.07-rust" # End Enable Rust Caching - # Run cargo tests (In release mode to speed up future builds) + # Run cargo tests # First test all features together, afterwards test them separately. - name: "test features: sqlite,mysql,postgresql,enable_mimalloc" id: test_sqlite_mysql_postgresql_mimalloc if: $${{ always() }} run: | - cargo test --release --features sqlite,mysql,postgresql,enable_mimalloc + cargo test --features sqlite,mysql,postgresql,enable_mimalloc - name: "test features: sqlite,mysql,postgresql" id: test_sqlite_mysql_postgresql if: $${{ always() }} run: | - cargo test --release --features sqlite,mysql,postgresql + cargo test --features sqlite,mysql,postgresql - name: "test features: sqlite" id: test_sqlite if: $${{ always() }} run: | - cargo test --release --features sqlite + cargo test --features sqlite - name: "test features: mysql" id: test_mysql if: $${{ always() }} run: | - cargo test --release --features mysql + cargo test --features mysql - name: "test features: postgresql" id: test_postgresql if: $${{ always() }} run: | - cargo test --release --features postgresql + cargo test --features postgresql # End Run cargo tests - # Run cargo clippy, and fail on warnings (In release mode to speed up future builds) + # Run cargo clippy, and fail on warnings - name: "clippy features: sqlite,mysql,postgresql,enable_mimalloc" id: clippy if: ${{ always() && matrix.channel == 'rust-toolchain' }} run: | - cargo clippy --release --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings + cargo clippy --features sqlite,mysql,postgresql,enable_mimalloc -- -D warnings # End Run cargo clippy @@ -194,21 +195,3 @@ jobs: run: | echo "### :tada: Checks Passed!" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY - - - # Build the binary to upload to the artifacts - - name: "build features: sqlite,mysql,postgresql" - if: ${{ matrix.channel == 'rust-toolchain' }} - run: | - cargo build --release --features sqlite,mysql,postgresql - # End Build the binary - - - # Upload artifact to Github Actions - - name: "Upload artifact" - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 - if: ${{ matrix.channel == 'rust-toolchain' }} - with: - name: vaultwarden - path: target/release/vaultwarden - # End Upload artifact to Github Actions diff --git a/.github/workflows/hadolint.yml b/.github/workflows/hadolint.yml @@ -16,7 +16,6 @@ jobs: uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 # End Checkout the repo - # Download hadolint - https://github.com/hadolint/hadolint/releases - name: Download hadolint shell: bash @@ -30,5 +29,5 @@ jobs: # Test Dockerfiles - name: Run hadolint shell: bash - run: git ls-files --exclude='docker/*/Dockerfile*' --ignored --cached | xargs hadolint + run: hadolint docker/Dockerfile.{debian,alpine} # End Test Dockerfiles diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml @@ -6,7 +6,6 @@ on: - ".github/workflows/release.yml" - "src/**" - "migrations/**" - - "hooks/**" - "docker/**" - "Cargo.*" - "build.rs" @@ -15,6 +14,7 @@ on: branches: # Only on paths above - main + - release-build-revision tags: # Always, regardless of paths above - '*' @@ -35,23 +35,20 @@ jobs: with: cancel_others: 'true' # Only run this when not creating a tag - if: ${{ startsWith(github.ref, 'refs/heads/') }} + if: ${{ github.ref_type == 'branch' }} docker-build: runs-on: ubuntu-22.04 timeout-minutes: 120 needs: skip_check - # Start a local docker registry to be used to generate multi-arch images. - services: - registry: - image: registry:2 - ports: - - 5000:5000 + if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }} + # TODO: Start a local docker registry to be used to extract the final Alpine static build images + # services: + # registry: + # image: registry:2 + # ports: + # - 5000:5000 env: - # Use BuildKit (https://docs.docker.com/build/buildkit/) for better - # build performance and the ability to copy extended file attributes - # (e.g., for executable capabilities) across build phases. - DOCKER_BUILDKIT: 1 SOURCE_COMMIT: ${{ github.sha }} SOURCE_REPOSITORY_URL: "https://github.com/${{ github.repository }}" # The *_REPO variables need to be configured as repository variables @@ -65,7 +62,6 @@ jobs: # QUAY_REPO needs to be 'quay.io/<user>/<repo>' # Check for Quay.io credentials in secrets HAVE_QUAY_LOGIN: ${{ vars.QUAY_REPO != '' && secrets.QUAY_USERNAME != '' && secrets.QUAY_TOKEN != '' }} - if: ${{ needs.skip_check.outputs.should_skip != 'true' && github.repository == 'dani-garcia/vaultwarden' }} strategy: matrix: base_image: ["debian","alpine"] @@ -77,18 +73,43 @@ jobs: with: fetch-depth: 0 - # Determine Docker Tag - - name: Init Variables - id: vars + - name: Initialize QEMU binfmt support + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + with: + platforms: "arm64,arm" + + # Start Docker Buildx + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + # https://github.com/moby/buildkit/issues/3969 + # Also set max parallelism to 2, the default of 4 breaks GitHub Actions + with: + config-inline: | + [worker.oci] + max-parallelism = 2 + driver-opts: | + network=host + + # Determine Base Tags and Source Version + - name: Determine Base Tags and Source Version shell: bash run: | - # Check which main tag we are going to build determined by github.ref - if [[ "${{ github.ref }}" == refs/tags/* ]]; then - echo "DOCKER_TAG=${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_OUTPUT}" - elif [[ "${{ github.ref }}" == refs/heads/* ]]; then - echo "DOCKER_TAG=testing" | tee -a "${GITHUB_OUTPUT}" + # Check which main tag we are going to build determined by github.ref_type + if [[ "${{ github.ref_type }}" == "tag" ]]; then + echo "BASE_TAGS=latest,${GITHUB_REF#refs/*/}" | tee -a "${GITHUB_ENV}" + elif [[ "${{ github.ref_type }}" == "branch" ]]; then + echo "BASE_TAGS=testing" | tee -a "${GITHUB_ENV}" + fi + + # Get the Source Version for this release + GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null || true)" + if [[ -n "${GIT_EXACT_TAG}" ]]; then + echo "SOURCE_VERSION=${GIT_EXACT_TAG}" | tee -a "${GITHUB_ENV}" + else + GIT_LAST_TAG="$(git describe --tags --abbrev=0)" + echo "SOURCE_VERSION=${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" | tee -a "${GITHUB_ENV}" fi - # End Determine Docker Tag + # End Determine Base Tags # Login to Docker Hub - name: Login to Docker Hub @@ -98,6 +119,12 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} + - name: Add registry for DockerHub + if: ${{ env.HAVE_DOCKERHUB_LOGIN == 'true' }} + shell: bash + run: | + echo "CONTAINER_REGISTRIES=${{ vars.DOCKERHUB_REPO }}" | tee -a "${GITHUB_ENV}" + # Login to GitHub Container Registry - name: Login to GitHub Container Registry uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -107,6 +134,12 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} + - name: Add registry for ghcr.io + if: ${{ env.HAVE_GHCR_LOGIN == 'true' }} + shell: bash + run: | + echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.GHCR_REPO }}" | tee -a "${GITHUB_ENV}" + # Login to Quay.io - name: Login to Quay.io uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 @@ -116,120 +149,22 @@ jobs: password: ${{ secrets.QUAY_TOKEN }} if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} - # Debian - - # Docker Hub - - name: Build Debian based images (docker.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - - name: Push Debian based images (docker.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'debian' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - # GitHub Container Registry - - name: Build Debian based images (ghcr.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.GHCR_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }} - - - name: Push Debian based images (ghcr.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.GHCR_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'debian' && env.HAVE_GHCR_LOGIN == 'true' }} - - # Quay.io - - name: Build Debian based images (quay.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.QUAY_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }} - - - name: Push Debian based images (quay.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.QUAY_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'debian' && env.HAVE_QUAY_LOGIN == 'true' }} - - # Alpine - - # Docker Hub - - name: Build Alpine based images (docker.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - - name: Push Alpine based images (docker.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.DOCKERHUB_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'alpine' && env.HAVE_DOCKERHUB_LOGIN == 'true' }} - - # GitHub Container Registry - - name: Build Alpine based images (ghcr.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.GHCR_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/build - if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }} - - - name: Push Alpine based images (ghcr.io) - shell: bash - env: - DOCKER_REPO: "${{ vars.GHCR_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'alpine' && env.HAVE_GHCR_LOGIN == 'true' }} - - # Quay.io - - name: Build Alpine based images (quay.io) + - name: Add registry for Quay.io + if: ${{ env.HAVE_QUAY_LOGIN == 'true' }} shell: bash - env: - DOCKER_REPO: "${{ vars.QUAY_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" run: | - ./hooks/build - if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }} + echo "CONTAINER_REGISTRIES=${CONTAINER_REGISTRIES:+${CONTAINER_REGISTRIES},}${{ vars.QUAY_REPO }}" | tee -a "${GITHUB_ENV}" - - name: Push Alpine based images (quay.io) - shell: bash + - name: Bake ${{ matrix.base_image }} containers + uses: docker/bake-action@511fde2517761e303af548ec9e0ea74a8a100112 # v4.0.0 env: - DOCKER_REPO: "${{ vars.QUAY_REPO }}" - DOCKER_TAG: "${{steps.vars.outputs.DOCKER_TAG}}-alpine" - run: | - ./hooks/push - if: ${{ matrix.base_image == 'alpine' && env.HAVE_QUAY_LOGIN == 'true' }} + BASE_TAGS: "${{ env.BASE_TAGS }}" + SOURCE_COMMIT: "${{ env.SOURCE_COMMIT }}" + SOURCE_VERSION: "${{ env.SOURCE_VERSION }}" + SOURCE_REPOSITORY_URL: "${{ env.SOURCE_REPOSITORY_URL }}" + CONTAINER_REGISTRIES: "${{ env.CONTAINER_REGISTRIES }}" + with: + pull: true + push: true + files: docker/docker-bake.hcl + targets: "${{ matrix.base_image }}-multi" diff --git a/.hadolint.yaml b/.hadolint.yaml @@ -1,10 +1,12 @@ ignored: + # To prevent issues and make clear some images only work on linux/amd64, we ignore this + - DL3029 # disable explicit version for apt install - DL3008 # disable explicit version for apk install - DL3018 - # disable check for consecutive `RUN` instructions - - DL3059 + # Ignore shellcheck info message + - SC1091 trustedRegistries: - docker.io - ghcr.io diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-yaml - id: check-json diff --git a/Cargo.lock b/Cargo.lock @@ -18,10 +18,32 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] +name = "ahash" +version = "0.7.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" +dependencies = [ + "getrandom", + "once_cell", + "version_check", +] + +[[package]] +name = "ahash" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2c99f64d1e06488f620f932677e24bc6e2897582980441ae90a671415bd7ec2f" +dependencies = [ + "cfg-if", + "once_cell", + "version_check", +] + +[[package]] name = "aho-corasick" -version = "1.0.5" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c378d78423fdad8089616f827526ee33c19f2fddbd5de1629152c9593ba4783" +checksum = "b2969dcb958b36655471fc61f7e416fa76033bdd4bfed0678d8fee1e2d07a1f0" dependencies = [ "memchr", ] @@ -42,6 +64,12 @@ dependencies = [ ] [[package]] +name = "allocator-api2" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0942ffc6dcaadf03badf6e6a2d0228460359d5e34b57ccdc720b7382dfbd5ec5" + +[[package]] name = "android-tzdata" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -58,9 +86,9 @@ dependencies = [ [[package]] name = "argon2" -version = "0.5.1" +version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b2e554a8638bdc1e4eae9984845306cc95f8a9208ba8d49c3859fd958b46774d" +checksum = "17ba4cac0a46bc1d2912652a751c47f2a9f3a7fe89bcae2275d418f5270402f9" dependencies = [ "base64ct", "blake2", @@ -75,15 +103,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81953c529336010edd6d8e358f886d9581267795c61b19475b71314bffa46d35" dependencies = [ "concurrent-queue", - "event-listener", + "event-listener 2.5.3", "futures-core", ] [[package]] name = "async-compression" -version = "0.4.2" +version = "0.4.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d495b6dc0184693324491a5ac05f559acc97bf937ab31d7a1c33dd0016be6d2b" +checksum = "f658e2baef915ba0f26f1f7c42bfb8e12f532a01f449a090ded75ae7a07e9ba2" dependencies = [ "brotli", "flate2", @@ -95,14 +123,14 @@ dependencies = [ [[package]] name = "async-executor" -version = "1.5.1" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fa3dc5f2a8564f07759c008b9109dc0d39de92a88d5588b8a5036d286383afb" +checksum = "4b0c4a4f319e45986f347ee47fef8bf5e81c9abc3f6f58dc2391439f30df65f0" dependencies = [ "async-lock", "async-task", "concurrent-queue", - "fastrand 1.9.0", + "fastrand 2.0.1", "futures-lite", "slab", ] @@ -136,9 +164,9 @@ dependencies = [ "log", "parking", "polling", - "rustix 0.37.23", + "rustix 0.37.26", "slab", - "socket2 0.4.9", + "socket2 0.4.10", "waker-fn", ] @@ -148,24 +176,41 @@ version = "2.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "287272293e9d8c41773cec55e365490fe034813a2f172f502d6ddcf75b2f582b" dependencies = [ - "event-listener", + "event-listener 2.5.3", ] [[package]] name = "async-process" -version = "1.7.0" +version = "1.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7a9d28b1d97e08915212e2e45310d47854eafa69600756fc735fb788f75199c9" +checksum = "ea6438ba0a08d81529c69b36700fa2f95837bfe3e776ab39cde9c14d9149da88" dependencies = [ "async-io", "async-lock", - "autocfg", + "async-signal", "blocking", "cfg-if", - "event-listener", + "event-listener 3.0.0", "futures-lite", - "rustix 0.37.23", - "signal-hook", + "rustix 0.38.20", + "windows-sys", +] + +[[package]] +name = "async-signal" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d2a5415b7abcdc9cd7d63d6badba5288b2ca017e3fbd4173b8f405449f1a2399" +dependencies = [ + "async-io", + "async-lock", + "atomic-waker", + "cfg-if", + "futures-core", + "futures-io", + "rustix 0.38.20", + "signal-hook-registry", + "slab", "windows-sys", ] @@ -215,24 +260,24 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] name = "async-task" -version = "4.4.0" +version = "4.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ecc7ab41815b3c653ccd2978ec3255c81349336702dfdf62ee6f7069b12a3aae" +checksum = "b4eb2cdb97421e01129ccb49169d8279ed21e829929144f4a22a6e54ac549ca1" [[package]] name = "async-trait" -version = "0.1.73" +version = "0.1.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc00ceb34980c03614e35a3a4e218276a0a824e911d07651cd0d858a51e8c0f0" +checksum = "a66537f1bb974b254c98ed142ff995236e81b9d0fe4db0575f46612cb15eb0f9" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] @@ -242,10 +287,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c59bdb34bc650a32731b31bd8f0829cc15d24a708ee31559e0bb34f2bc320cba" [[package]] +name = "atomic" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d818003e740b63afc82337e3160717f4f63078720a810b7b903e70a5d1d2994" +dependencies = [ + "bytemuck", +] + +[[package]] name = "atomic-waker" -version = "1.1.1" +version = "1.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1181e1e0d1fce796a03db1ae795d67167da795f9cf4a39c37589e85ef57f26d3" +checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0" [[package]] name = "autocfg" @@ -276,9 +330,9 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "base64" -version = "0.21.3" +version = "0.21.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414dcefbc63d77c526a76b3afcf6fbb9b5e2791c19c3aa2297733208750c6e53" +checksum = "9ba43ea6f343b788c8764558649e08df62f86c6ef251fdaeb1ffd010a9ae50a2" [[package]] name = "base64ct" @@ -300,9 +354,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.0" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4682ae6287fcf752ecaabbfcc7b6f9b72aa33933dc23a554d853aea8eea8635" +checksum = "327762f6e5a765692301e5bb513e0d9fef63be86bbc14528052b1cd3e6f03e07" [[package]] name = "blake2" @@ -324,24 +378,25 @@ dependencies = [ [[package]] name = "blocking" -version = "1.3.1" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77231a1c8f801696fc0123ec6150ce92cffb8e164a02afb9c8ddee0e9b65ad65" +checksum = "8c36a4d0d48574b3dd360b4b7d95cc651d2b6557b6402848a27d4b228a473e2a" dependencies = [ "async-channel", "async-lock", "async-task", - "atomic-waker", - "fastrand 1.9.0", + "fastrand 2.0.1", + "futures-io", "futures-lite", - "log", + "piper", + "tracing", ] [[package]] name = "brotli" -version = "3.3.4" +version = "3.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1a0b1dbcc8ae29329621f8d4f0d835787c1c38bb1401979b49d13b0b305ff68" +checksum = "516074a47ef4bce09577a3b379392300159ce5b1ba2e501ff1c819950066100f" dependencies = [ "alloc-no-stdlib", "alloc-stdlib", @@ -350,9 +405,9 @@ dependencies = [ [[package]] name = "brotli-decompressor" -version = "2.3.4" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b6561fd3f895a11e8f72af2cb7d22e08366bebc2b6b57f7744c4bda27034744" +checksum = "da74e2b81409b1b743f8f0c62cc6254afefb8b8e50bbfe3735550f7aeefa3448" dependencies = [ "alloc-no-stdlib", "alloc-stdlib", @@ -360,33 +415,40 @@ dependencies = [ [[package]] name = "bumpalo" -version = "3.13.0" +version = "3.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f30e7476521f6f8af1a1c4c0b8cc94f0bee37d91763d0ca2665f299b6cd8aec" + +[[package]] +name = "bytemuck" +version = "1.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a3e2c3daef883ecc1b5d58c15adae93470a91d425f3532ba1695849656af3fc1" +checksum = "374d28ec25809ee0e23827c2ab573d729e293f281dfe393500e7ad618baa61c6" [[package]] name = "byteorder" -version = "1.4.3" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" [[package]] name = "bytes" -version = "1.4.0" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" +checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" [[package]] name = "cached" -version = "0.44.0" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b195e4fbc4b6862bbd065b991a34750399c119797efff72492f28a5864de8700" +checksum = "8cead8ece0da6b744b2ad8ef9c58a4cdc7ef2921e60a6ddfb9eaaa86839b5fc5" dependencies = [ + "ahash 0.8.3", "async-trait", "cached_proc_macro", "cached_proc_macro_types", "futures", - "hashbrown 0.13.2", + "hashbrown 0.14.2", "instant", "once_cell", "thiserror", @@ -395,11 +457,10 @@ dependencies = [ [[package]] name = "cached_proc_macro" -version = "0.17.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b48814962d2fd604c50d2b9433c2a41a0ab567779ee2c02f7fba6eca1221f082" +checksum = "7da8245dd5f576a41c3b76247b54c15b0e43139ceeb4f732033e15be7c005176" dependencies = [ - "cached_proc_macro_types", "darling", "proc-macro2", "quote", @@ -429,9 +490,9 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.28" +version = "0.4.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95ed24df0632f708f5f6d8082675bef2596f7084dee3dd55f632290bf35bfe0f" +checksum = "7f2c685bad3eb3d45a01354cedb7d5faa66194d1d58ba6e267a8de788f79db38" dependencies = [ "android-tzdata", "iana-time-zone", @@ -463,10 +524,20 @@ dependencies = [ ] [[package]] +name = "chumsky" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23170228b96236b5a7299057ac284a321457700bc8c41a4476052f0f4ba5349d" +dependencies = [ + "hashbrown 0.12.3", + "stacker", +] + +[[package]] name = "concurrent-queue" -version = "2.2.0" +version = "2.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62ec6771ecfa0762d24683ee5a32ad78487a3d3afdc0fb8cae19d2c5deb50b7c" +checksum = "f057a694a54f12365049b0958a1685bb52d567f5593b355fbf685838e873d400" dependencies = [ "crossbeam-utils", ] @@ -545,9 +616,9 @@ checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" [[package]] name = "cpufeatures" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" +checksum = "3fbc60abd742b35f2492f808e1abbb83d45f72db402e14c55057edc9c7b1e9e4" dependencies = [ "libc", ] @@ -633,7 +704,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" dependencies = [ "cfg-if", - "hashbrown 0.14.0", + "hashbrown 0.14.2", "lock_api", "once_cell", "parking_lot_core", @@ -653,9 +724,12 @@ checksum = "41b319d1b62ffbd002e057f36bebd1f42b9f97927c9577461d855f3513c4289f" [[package]] name = "deranged" -version = "0.3.8" +version = "0.3.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2696e8a945f658fd14dc3b87242e6b80cd0f36ff04ea560fa39082368847946" +checksum = "0f32d04922c60427da6f9fef14d042d9edddef64cb9d4ce0d64d0685fbeb1fd3" +dependencies = [ + "powerfmt", +] [[package]] name = "devise" @@ -683,20 +757,20 @@ version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "35b50dba0afdca80b187392b24f2499a88c336d5a8493e4b4ccfb608708be56a" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] name = "diesel" -version = "2.1.1" +version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d98235fdc2f355d330a8244184ab6b4b33c28679c0b4158f63138e51d6cf7e88" +checksum = "2268a214a6f118fce1838edba3d1561cf0e78d8de785475957a580a7f8c69d33" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "byteorder", "chrono", "diesel_derives", @@ -712,14 +786,14 @@ dependencies = [ [[package]] name = "diesel_derives" -version = "2.1.1" +version = "2.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e054665eaf6d97d1e7125512bb2d35d07c73ac86cc6920174cb42d1ab697a554" +checksum = "ef8337737574f55a468005a83499da720f20c65586241ffea339db9ecdfd2b44" dependencies = [ "diesel_table_macro_syntax", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] @@ -749,7 +823,7 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc5557efc453706fed5e4fa85006fe9817c224c3f480a34c7e5959fd700921c5" dependencies = [ - "syn 2.0.29", + "syn 2.0.38", ] [[package]] @@ -781,7 +855,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dbfb21b9878cf7a348dcb8559109aabc0ec40d69924bd706fa5149846c4fef75" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", "memchr", ] @@ -805,14 +879,14 @@ dependencies = [ [[package]] name = "enum-as-inner" -version = "0.5.1" +version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116" +checksum = "5ffccbb6966c05b32ef8fbac435df276c4ae4d3dc55a8cd0eb9745e6c12f546a" dependencies = [ "heck", "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.38", ] [[package]] @@ -823,26 +897,15 @@ checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5" [[package]] name = "errno" -version = "0.3.3" +version = "0.3.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "136526188508e25c6fef639d7927dfb3e0e3084488bf202267829cf7fc23dbdd" +checksum = "ac3e13f66a2f95e32a39eaa81f6b95d42878ca0e1db0c7543723dfe12557e860" dependencies = [ - "errno-dragonfly", "libc", "windows-sys", ] [[package]] -name = "errno-dragonfly" -version = "0.1.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf" -dependencies = [ - "cc", - "libc", -] - -[[package]] name = "error-chain" version = "0.12.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -858,6 +921,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" [[package]] +name = "event-listener" +version = "3.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "29e56284f00d94c1bc7fd3c77027b4623c88c1f53d8d2394c6199f2921dea325" +dependencies = [ + "concurrent-queue", + "parking", + "pin-project-lite", +] + +[[package]] name = "fastrand" version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -868,9 +942,9 @@ dependencies = [ [[package]] name = "fastrand" -version = "2.0.0" +version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6999dc1837253364c2ebb0704ba97994bd874e8f195d665c50b7548f6ea92764" +checksum = "25cbce373ec4653f1a01a31e8a5e5ec0c622dc27ff9c4e6606eefef5cbbed4a5" [[package]] name = "fern" @@ -886,23 +960,23 @@ dependencies = [ [[package]] name = "figment" -version = "0.10.10" +version = "0.10.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4547e226f4c9ab860571e070a9034192b3175580ecea38da34fcdb53a018c9a5" +checksum = "a014ac935975a70ad13a3bff2463b1c1b083b35ae4cb6309cfc59476aa7a181f" dependencies = [ - "atomic", + "atomic 0.6.0", "pear", "serde", - "toml", + "toml 0.8.2", "uncased", "version_check", ] [[package]] name = "flate2" -version = "1.0.27" +version = "1.0.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6c98ee8095e9d1dcbf2fcc6d95acccb90d1c81db1e44725c6a984b1dbdfb010" +checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e" dependencies = [ "crc32fast", "miniz_oxide", @@ -1009,7 +1083,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] @@ -1151,9 +1225,9 @@ checksum = "eabb4a44450da02c90444cf74558da904edde8fb4e9035a9a6a4e15445af0bd7" [[package]] name = "handlebars" -version = "4.3.7" +version = "4.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83c3372087601b532857d332f5957cbae686da52bb7810bf038c3e3c3cc2fa0d" +checksum = "c39b3bc2a8f715298032cf5087e58573809374b08160aa7d750582bdb82d2683" dependencies = [ "log", "pest", @@ -1169,18 +1243,19 @@ name = "hashbrown" version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" +dependencies = [ + "ahash 0.7.6", +] [[package]] name = "hashbrown" -version = "0.13.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e" - -[[package]] -name = "hashbrown" -version = "0.14.0" +version = "0.14.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2c6201b9ff9fd90a5a3bac2e56a830d0caa509576f0e503818ee82c181b3437a" +checksum = "f93e7192158dbcda357bdec5fb5788eebf8bbac027f3f33e719d29135ae84156" +dependencies = [ + "ahash 0.8.3", + "allocator-api2", +] [[package]] name = "heck" @@ -1190,9 +1265,9 @@ checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" [[package]] name = "hermit-abi" -version = "0.3.2" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "443144c8cdadd93ebf52ddb4056d257f5b52c04d3c804e657d19eb73fc33668b" +checksum = "d77f7ec81a6d05a3abb01ab6eb7590f6083d08449fe5a1c8b1e620283546ccb7" [[package]] name = "hmac" @@ -1204,6 +1279,15 @@ dependencies = [ ] [[package]] +name = "home" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5444c27eef6923071f7ebcc33e3444508466a76f7a2b93da00ed6e19f30c1ddb" +dependencies = [ + "windows-sys", +] + +[[package]] name = "hostname" version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1274,7 +1358,7 @@ dependencies = [ "httpdate", "itoa", "pin-project-lite", - "socket2 0.4.9", + "socket2 0.4.10", "tokio", "tower-service", "tracing", @@ -1296,16 +1380,16 @@ dependencies = [ [[package]] name = "iana-time-zone" -version = "0.1.57" +version = "0.1.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fad5b825842d2b38bd206f3e81d6957625fd7f0a361e345c30e01a0ae2dd613" +checksum = "8326b86b6cff230b97d0d312a6c40a60726df3332e721f72a1b035f451663b20" dependencies = [ "android_system_properties", "core-foundation-sys", "iana-time-zone-haiku", "js-sys", "wasm-bindgen", - "windows", + "windows-core", ] [[package]] @@ -1367,12 +1451,12 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.0.0" +version = "2.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d" +checksum = "8adf3ddd720272c6ea8bf59463c04e0f93d0bbf7c5439b691bca2987e0270897" dependencies = [ "equivalent", - "hashbrown 0.14.0", + "hashbrown 0.14.2", ] [[package]] @@ -1407,7 +1491,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b58db92f96b720de98181bbbe63c831e87005ab460c1bf306eb2622b4707997f" dependencies = [ - "socket2 0.5.3", + "socket2 0.5.5", "widestring", "windows-sys", "winreg", @@ -1426,7 +1510,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb0889898416213fab133e1d33a0e5858a48177452750691bde3666d0fdbaf8b" dependencies = [ "hermit-abi", - "rustix 0.38.11", + "rustix 0.38.20", "windows-sys", ] @@ -1464,13 +1548,13 @@ dependencies = [ [[package]] name = "jsonwebtoken" -version = "8.3.0" +version = "9.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6971da4d9c3aa03c3d8f3ff0f4155b534aad021292003895a469716b2a230378" +checksum = "1e863f95209c79b9b8b001c4b03463385f890a765dbc4e0802cb8d4177e3e410" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", "pem", - "ring", + "ring 0.17.5", "serde", "serde_json", "simple_asn1", @@ -1493,44 +1577,46 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "lettre" -version = "0.10.4" +version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76bd09637ae3ec7bd605b8e135e757980b3968430ff2b1a4a94fb7769e50166d" +checksum = "d47084ad58f99c26816d174702f60e873f861fcef3f9bd6075b4ad2dd72d07d5" dependencies = [ "async-std", "async-trait", - "base64 0.21.3", + "base64 0.21.4", + "chumsky", "email-encoding", "email_address", - "fastrand 1.9.0", + "fastrand 2.0.1", "futures-io", "futures-util", "hostname", "httpdate", - "idna 0.3.0", + "idna 0.4.0", "mime", "native-tls", "nom", "once_cell", "quoted_printable", "serde", - "socket2 0.4.9", + "socket2 0.5.5", "tokio", "tokio-native-tls", "tracing", + "url", ] [[package]] name = "libc" -version = "0.2.147" +version = "0.2.149" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" +checksum = "a08173bc88b7955d1b3145aa561539096c421ac8debde8cbc3612ec635fee29b" [[package]] name = "libmimalloc-sys" -version = "0.1.34" +version = "0.1.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25d058a81af0d1c22d7a1c948576bee6d673f7af3c0f35564abd6c81122f513d" +checksum = "3979b5c37ece694f1f5e51e7ecc871fdb0f517ed04ee45f88d15d6d553cb9664" dependencies = [ "cc", "libc", @@ -1561,15 +1647,15 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.5" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503" +checksum = "da2479e8c062e40bf0066ffa0bc823de0a9368974af99c9f6df941d2c231e03f" [[package]] name = "lock_api" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1cc9717a20b1bb222f333e6a92fd32f7d8a18ddc5a3191a11af45dcbf4dcd16" +checksum = "3c168f8615b12bc01f9c17e2eb0cc07dcae1940121185446edc3744920e8ef45" dependencies = [ "autocfg", "scopeguard", @@ -1640,9 +1726,9 @@ checksum = "2532096657941c2fea9c289d370a250971c689d4f143798ff67113ec042024a5" [[package]] name = "memchr" -version = "2.6.2" +version = "2.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5486aed0026218e61b8a01d5fbd5a0a134649abb71a0e53b7bc088529dced86e" +checksum = "f665ee40bc4a3c5590afb1e9677db74a508659dfd71e126420da8274909a0167" [[package]] name = "migrations_internals" @@ -1651,7 +1737,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0f23f71580015254b020e856feac3df5878c2c7a8812297edd6c0a485ac9dada" dependencies = [ "serde", - "toml", + "toml 0.7.8", ] [[package]] @@ -1667,9 +1753,9 @@ dependencies = [ [[package]] name = "mimalloc" -version = "0.1.38" +version = "0.1.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "972e5f23f6716f62665760b0f4cbf592576a80c7b879ba9beaafc0e558894127" +checksum = "fa01922b5ea280a911e323e4d2fd24b7fe5cc4042e0d2cda3c40775cdc4bdc9c" dependencies = [ "libmimalloc-sys", ] @@ -1799,13 +1885,13 @@ dependencies = [ [[package]] name = "num-derive" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e6a0fd4f737c707bd9086cc16c925f294943eb62eb71499e9fd4cf71f8b9f4e" +checksum = "cfb77679af88f8b125209d354a202862602672222e7f2313fdd6dc349bad4712" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] @@ -1820,9 +1906,9 @@ dependencies = [ [[package]] name = "num-traits" -version = "0.2.16" +version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f30b0abd723be7e2ffca1272140fac1a2f084c77ec3e123c192b66af1ee9e6c2" +checksum = "39e3200413f237f41ab11ad6d161bc7239c84dcb631773ccd7de3dfe4b5c267c" dependencies = [ "autocfg", ] @@ -1848,9 +1934,9 @@ dependencies = [ [[package]] name = "object" -version = "0.32.0" +version = "0.32.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77ac5bbd07aea88c60a577a1ce218075ffd59208b2d7ca97adf9bfc5aeb21ebe" +checksum = "9cf5f9dd3933bd50a9e1f149ec995f39ae2c496d31fd772c1fd45ebc27e902b0" dependencies = [ "memchr", ] @@ -1867,7 +1953,7 @@ version = "0.10.57" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bac25ee399abb46215765b1cb35bc0212377e58a061560d8b29b024fd0430e7c" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "cfg-if", "foreign-types", "libc", @@ -1884,7 +1970,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] @@ -1895,9 +1981,9 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "openssl-src" -version = "111.27.0+1.1.1v" +version = "111.28.0+1.1.1w" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06e8f197c82d7511c5b014030c9b1efeda40d7d5f99d23b4ceed3524a5e63f02" +checksum = "3ce95ee1f6f999dfb95b8afd43ebe442758ea2104d1ccb99a94c30db22ae701f" dependencies = [ "cc", ] @@ -1923,9 +2009,9 @@ checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" [[package]] name = "parking" -version = "2.1.0" +version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "14f2252c834a40ed9bb5422029649578e63aa341ac401f74e719dd1afda8394e" +checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" [[package]] name = "parking_lot" @@ -1939,13 +2025,13 @@ dependencies = [ [[package]] name = "parking_lot_core" -version = "0.9.8" +version = "0.9.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "93f00c865fe7cabf650081affecd3871070f26767e7b2070a3ffae14c654b447" +checksum = "4c42a9226546d68acdd9c0a280d17ce19bfe27a46bf68784e4066115788d008e" dependencies = [ "cfg-if", "libc", - "redox_syscall", + "redox_syscall 0.4.1", "smallvec", "windows-targets", ] @@ -1996,16 +2082,17 @@ dependencies = [ "proc-macro2", "proc-macro2-diagnostics", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] name = "pem" -version = "1.1.1" +version = "3.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a8835c273a76a90455d7344889b0964598e3316e2a79ede8e36f16bdcf2228b8" +checksum = "3163d2912b7c3b52d651a055f2c7eec9ba5cd22d26ef75b8dd3a59980b185923" dependencies = [ - "base64 0.13.1", + "base64 0.21.4", + "serde", ] [[package]] @@ -2016,9 +2103,9 @@ checksum = "9b2a4787296e9989611394c33f193f676704af1686e70b8f8033ab5ba9a35a94" [[package]] name = "pest" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d7a4d085fd991ac8d5b05a147b437791b4260b76326baf0fc60cf7c9c27ecd33" +checksum = "c022f1e7b65d6a24c0dbbd5fb344c66881bc01f3e5ae74a1c8100f2f985d98a4" dependencies = [ "memchr", "thiserror", @@ -2027,9 +2114,9 @@ dependencies = [ [[package]] name = "pest_derive" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2bee7be22ce7918f641a33f08e3f43388c7656772244e2bbb2477f44cc9021a" +checksum = "35513f630d46400a977c4cb58f78e1bfbe01434316e60c37d27b9ad6139c66d8" dependencies = [ "pest", "pest_generator", @@ -2037,22 +2124,22 @@ dependencies = [ [[package]] name = "pest_generator" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1511785c5e98d79a05e8a6bc34b4ac2168a0e3e92161862030ad84daa223141" +checksum = "bc9fc1b9e7057baba189b5c626e2d6f40681ae5b6eb064dc7c7834101ec8123a" dependencies = [ "pest", "pest_meta", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] name = "pest_meta" -version = "2.7.3" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b42f0394d3123e33353ca5e1e89092e533d2cc490389f2bd6131c43c634ebc5f" +checksum = "1df74e9e7ec4053ceb980e7c0c8bd3594e977fde1af91daba9c928e8e8c6708d" dependencies = [ "once_cell", "pest", @@ -2116,6 +2203,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" [[package]] +name = "piper" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "668d31b1c4eba19242f2088b2bf3316b82ca31082a8335764db4e083db7485d4" +dependencies = [ + "atomic-waker", + "fastrand 2.0.1", + "futures-io", +] + +[[package]] name = "pkg-config" version = "0.3.27" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2138,6 +2236,12 @@ dependencies = [ ] [[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + +[[package]] name = "ppv-lite86" version = "0.2.17" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2154,9 +2258,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.66" +version = "1.0.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +checksum = "134c189feb4956b20f6f547d2cf727d4c0fe06722b20a0eec87ed445a97f92da" dependencies = [ "unicode-ident", ] @@ -2169,7 +2273,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", "version_check", "yansi 1.0.0-rc.1", ] @@ -2181,6 +2285,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac" [[package]] +name = "psm" +version = "0.1.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5787f7cda34e3033a72192c018bc5883100330f362ef279a8cbccfce8bb4e874" +dependencies = [ + "cc", +] + +[[package]] name = "publicsuffix" version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2223,9 +2336,9 @@ dependencies = [ [[package]] name = "quoted_printable" -version = "0.4.8" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a3866219251662ec3b26fc217e3e05bf9c4f84325234dfb96bf0bf840889e49" +checksum = "79ec282e887b434b68c18fe5c121d38e72a5cf35119b59e54ec5b992ea9c8eb0" [[package]] name = "r2d2" @@ -2287,6 +2400,15 @@ dependencies = [ ] [[package]] +name = "redox_syscall" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa" +dependencies = [ + "bitflags 1.3.2", +] + +[[package]] name = "ref-cast" version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2303,19 +2425,19 @@ checksum = "7f7473c2cfcf90008193dd0e3e16599455cb601a9fce322b5bb55de799664925" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] name = "regex" -version = "1.9.4" +version = "1.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "12de2eff854e5fa4b1295edd650e227e9d8fb0c9e90b12e7f36d6a6811791a29" +checksum = "380b951a9c5e80ddfd6136919eef32310721aa4aacd4889a8d39124b026ab343" dependencies = [ "aho-corasick", "memchr", - "regex-automata 0.3.7", - "regex-syntax 0.7.5", + "regex-automata 0.4.3", + "regex-syntax 0.8.2", ] [[package]] @@ -2329,13 +2451,13 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.3.7" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49530408a136e16e5b486e883fbb6ba058e8e4e8ae6621a77b048b314336e629" +checksum = "5f804c7828047e88b2d32e2d7fe5a105da8ee3264f01902f796c8e067dc2483f" dependencies = [ "aho-corasick", "memchr", - "regex-syntax 0.7.5", + "regex-syntax 0.8.2", ] [[package]] @@ -2346,9 +2468,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1" [[package]] name = "regex-syntax" -version = "0.7.5" +version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbb5fb1acd8a1a18b3dd5be62d25485eb770e05afb408a9627d14d451bae12da" +checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" [[package]] name = "reopen" @@ -2363,12 +2485,12 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.11.20" +version = "0.11.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e9ad3fe7488d7e34558a2033d45a0c90b72d97b4f80705666fea71472e2e6a1" +checksum = "046cd98826c46c2ac8ddecae268eb5c2e58628688a5fc7a2643704a73faba95b" dependencies = [ "async-compression", - "base64 0.21.3", + "base64 0.21.4", "bytes", "cookie 0.16.2", "cookie_store 0.16.2", @@ -2391,6 +2513,7 @@ dependencies = [ "serde", "serde_json", "serde_urlencoded", + "system-configuration", "tokio", "tokio-native-tls", "tokio-socks", @@ -2425,12 +2548,26 @@ dependencies = [ "libc", "once_cell", "spin 0.5.2", - "untrusted", + "untrusted 0.7.1", "web-sys", "winapi", ] [[package]] +name = "ring" +version = "0.17.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fb0205304757e5d899b9c2e448b867ffd03ae7f988002e47cd24954391394d0b" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys", +] + +[[package]] name = "rmp" version = "0.8.12" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2458,7 +2595,7 @@ source = "git+https://github.com/SergioBenitez/Rocket?rev=ce441b5f46fdf5cd99cb32 dependencies = [ "async-stream", "async-trait", - "atomic", + "atomic 0.5.3", "binascii", "bytes", "either", @@ -2500,7 +2637,7 @@ dependencies = [ "proc-macro2", "quote", "rocket_http", - "syn 2.0.29", + "syn 2.0.38", "unicode-xid", ] @@ -2571,9 +2708,9 @@ checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76" [[package]] name = "rustix" -version = "0.37.23" +version = "0.37.26" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d69718bf81c6127a49dc64e44a742e8bb9213c0ff8869a22c308f84c1d4ab06" +checksum = "84f3f8f960ed3b5a59055428714943298bf3fa2d4a1d53135084e0544829d995" dependencies = [ "bitflags 1.3.2", "errno", @@ -2585,14 +2722,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.11" +version = "0.38.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0c3dde1fc030af041adc40e79c0e7fbcf431dd24870053d187d7c66e4b87453" +checksum = "67ce50cb2e16c2903e30d1cbccfd8387a74b9d4c938b6a4c5ec6cc7556f7a8a0" dependencies = [ - "bitflags 2.4.0", + "bitflags 2.4.1", "errno", "libc", - "linux-raw-sys 0.4.5", + "linux-raw-sys 0.4.10", "windows-sys", ] @@ -2603,7 +2740,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd8d6c9f025a446bc4d18ad9632e69aec8f287aa84499ee335599fabd20c3fd8" dependencies = [ "log", - "ring", + "ring 0.16.20", "rustls-webpki", "sct", ] @@ -2614,17 +2751,17 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d3987094b1d07b653b7dfdc3f70ce9a1da9c51ac18c1b06b662e4f9a0e9f4b2" dependencies = [ - "base64 0.21.3", + "base64 0.21.4", ] [[package]] name = "rustls-webpki" -version = "0.101.4" +version = "0.101.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7d93931baf2d282fff8d3a532bbfd7653f734643161b87e3e01e59a04439bf0d" +checksum = "3c7d5dece342910d9ba34d259310cae3e0154b873b35408b787b59bce53d34fe" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -2684,8 +2821,8 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ - "ring", - "untrusted", + "ring 0.16.20", + "untrusted 0.7.1", ] [[package]] @@ -2713,15 +2850,15 @@ dependencies = [ [[package]] name = "semver" -version = "1.0.18" +version = "1.0.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0293b4b29daaf487284529cc2f5675b8e57c61f70167ba415a463651fd6a918" +checksum = "836fa6a3e1e547f9a2c4040802ec865b5d85f4014efe00555d7090a3dcaa1090" [[package]] name = "serde" -version = "1.0.188" +version = "1.0.189" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf9e0fcba69a370eed61bcf2b728575f726b50b55cba78064753d708ddc7549e" +checksum = "8e422a44e74ad4001bdc8eede9a4570ab52f71190e9c076d14369f38b9200537" dependencies = [ "serde_derive", ] @@ -2738,20 +2875,20 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.188" +version = "1.0.189" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eca7ac642d82aa35b60049a6eccb4be6be75e599bd2e9adb5f875a737654af2" +checksum = "1e48d1f918009ce3145511378cf68d613e3b3d9137d67272562080d68a2b32d5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] name = "serde_json" -version = "1.0.105" +version = "1.0.107" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "693151e1ac27563d6dbcec9dee9fbd5da8539b20fa14ad3752b2e6d363ace360" +checksum = "6b420ce6e3d8bd882e9b243c6eed35dbc9a6110c9769e74b584e0d68d1f20c65" dependencies = [ "itoa", "ryu", @@ -2792,9 +2929,9 @@ dependencies = [ [[package]] name = "sha1" -version = "0.10.5" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" +checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures", @@ -2803,9 +2940,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.7" +version = "0.10.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" +checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", @@ -2814,9 +2951,9 @@ dependencies = [ [[package]] name = "sharded-slab" -version = "0.1.4" +version = "0.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "900fba806f70c630b0a382d0d825e17a0f19fcd059a2ade1ff237bcddf446b31" +checksum = "f40ca3c46823713e0d4209592e8d6e826aa57e928f09752619fc696c499637f6" dependencies = [ "lazy_static", ] @@ -2869,15 +3006,15 @@ dependencies = [ [[package]] name = "smallvec" -version = "1.11.0" +version = "1.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62bb4feee49fdd9f707ef802e22365a35de4b7b299de4763d44bfea899442ff9" +checksum = "942b4a808e05215192e39f4ab80813e599068285906cc91aa64f923db842bd5a" [[package]] name = "socket2" -version = "0.4.9" +version = "0.4.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64a4a911eed85daf18834cfaa86a79b7d266ff93ff5ba14005426219480ed662" +checksum = "9f7916fc008ca5542385b89a3d3ce689953c143e9304a9bf8beec1de48994c0d" dependencies = [ "libc", "winapi", @@ -2885,9 +3022,9 @@ dependencies = [ [[package]] name = "socket2" -version = "0.5.3" +version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2538b18701741680e0322a2302176d3253a35388e2e62f172f64f4f16605f877" +checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" dependencies = [ "libc", "windows-sys", @@ -2915,6 +3052,19 @@ dependencies = [ ] [[package]] +name = "stacker" +version = "0.1.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c886bd4480155fd3ef527d45e9ac8dd7118a898a46530b7b94c3e21866259fce" +dependencies = [ + "cc", + "cfg-if", + "libc", + "psm", + "winapi", +] + +[[package]] name = "state" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -2948,9 +3098,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.29" +version = "2.0.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c324c494eba9d92503e6f1ef2e6df781e78f6a7705a0202d9801b198807d518a" +checksum = "e96b79aaa137db8f61e26363a0c9b47d8b4ec75da28b7d1d614c2303e232408b" dependencies = [ "proc-macro2", "quote", @@ -2971,36 +3121,57 @@ dependencies = [ ] [[package]] +name = "system-configuration" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" +dependencies = [ + "bitflags 1.3.2", + "core-foundation", + "system-configuration-sys", +] + +[[package]] +name = "system-configuration-sys" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" +dependencies = [ + "core-foundation-sys", + "libc", +] + +[[package]] name = "tempfile" version = "3.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cb94d2f3cc536af71caac6b6fcebf65860b347e7ce0cc9ebe8f70d3e521054ef" dependencies = [ "cfg-if", - "fastrand 2.0.0", - "redox_syscall", - "rustix 0.38.11", + "fastrand 2.0.1", + "redox_syscall 0.3.5", + "rustix 0.38.20", "windows-sys", ] [[package]] name = "thiserror" -version = "1.0.47" +version = "1.0.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97a802ec30afc17eee47b2855fc72e0c4cd62be9b4efe6591edde0ec5bd68d8f" +checksum = "f9a7210f5c9a7156bb50aa36aed4c95afb51df0df00713949448cf9e97d382d2" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.47" +version = "1.0.50" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bb623b56e39ab7dcd4b1b98bb6c8f8d907ed255b18de254088016b27a8ee19b" +checksum = "266b2e40bc00e5a6c09c3584011e08b06f123c00362c92b975ba9843aaaa14b8" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] @@ -3024,14 +3195,15 @@ dependencies = [ [[package]] name = "time" -version = "0.3.28" +version = "0.3.30" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17f6bb557fd245c28e6411aa56b6403c689ad95061f50e4be16c274e70a17e48" +checksum = "c4a34ab300f2dee6e562c10a046fc05e358b29f9bf92277f30c3c8d82275f6f5" dependencies = [ "deranged", "itoa", "libc", "num_threads", + "powerfmt", "serde", "time-core", "time-macros", @@ -3039,15 +3211,15 @@ dependencies = [ [[package]] name = "time-core" -version = "0.1.1" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7300fbefb4dadc1af235a9cef3737cea692a9d97e1b9cbcd4ebdae6f8868e6fb" +checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3" [[package]] name = "time-macros" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a942f44339478ef67935ab2bbaec2fb0322496cf3cbe84b261e06ac3814c572" +checksum = "4ad70d68dba9e1f8aceda7aa6711965dfec1cac869f311a51bd08b3a2ccbce20" dependencies = [ "time-core", ] @@ -3069,9 +3241,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.32.0" +version = "1.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17ed6077ed6cd6c74735e21f37eb16dc3935f96878b1fe961074089cc80893f9" +checksum = "4f38200e3ef7995e5ef13baec2f432a6da0aa9ac495b2c0e8f3b7eec2c92d653" dependencies = [ "backtrace", "bytes", @@ -3081,7 +3253,7 @@ dependencies = [ "parking_lot", "pin-project-lite", "signal-hook-registry", - "socket2 0.5.3", + "socket2 0.5.5", "tokio-macros", "windows-sys", ] @@ -3094,7 +3266,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] @@ -3154,9 +3326,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.8" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "806fe8c2c87eccc8b3267cbae29ed3ab2d0bd37fca70ab622e46aaa9375ddb7d" +checksum = "1d68074620f57a0b21594d9735eb2e98ab38b17f80d3fcb189fca266771ca60d" dependencies = [ "bytes", "futures-core", @@ -3168,14 +3340,26 @@ dependencies = [ [[package]] name = "toml" -version = "0.7.6" +version = "0.7.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c17e963a819c331dcacd7ab957d80bc2b9a9c1e71c804826d2f283dd65306542" +checksum = "dd79e69d3b627db300ff956027cc6c3798cef26d22526befdfcd12feeb6d2257" dependencies = [ "serde", "serde_spanned", "toml_datetime", - "toml_edit", + "toml_edit 0.19.15", +] + +[[package]] +name = "toml" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "185d8ab0dfbb35cf1399a6344d8484209c088f75f8f68230da55d48d95d43e3d" +dependencies = [ + "serde", + "serde_spanned", + "toml_datetime", + "toml_edit 0.20.2", ] [[package]] @@ -3189,11 +3373,24 @@ dependencies = [ [[package]] name = "toml_edit" -version = "0.19.14" +version = "0.19.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8123f27e969974a3dfba720fdb560be359f57b44302d280ba72e76a74480e8a" +checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" dependencies = [ - "indexmap 2.0.0", + "indexmap 2.0.2", + "serde", + "serde_spanned", + "toml_datetime", + "winnow", +] + +[[package]] +name = "toml_edit" +version = "0.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "396e4d48bbb2b7554c944bde63101b5ae446cff6ec4a24227428f15eb72ef338" +dependencies = [ + "indexmap 2.0.2", "serde", "serde_spanned", "toml_datetime", @@ -3220,11 +3417,10 @@ checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" [[package]] name = "tracing" -version = "0.1.37" +version = "0.1.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" dependencies = [ - "cfg-if", "log", "pin-project-lite", "tracing-attributes", @@ -3233,20 +3429,20 @@ dependencies = [ [[package]] name = "tracing-attributes" -version = "0.1.26" +version = "0.1.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" +checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", ] [[package]] name = "tracing-core" -version = "0.1.31" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0955b8137a1df6f1a2e9a37d8a6656291ff0297c1a97c24e0d8425fe2312f79a" +checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" dependencies = [ "once_cell", "valuable", @@ -3283,9 +3479,9 @@ dependencies = [ [[package]] name = "trust-dns-proto" -version = "0.22.0" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f7f83d1e4a0e4358ac54c5c3681e5d7da5efc5a7a632c90bb6d6669ddd9bc26" +checksum = "559ac980345f7f5020883dd3bcacf176355225e01916f8c2efecad7534f682c6" dependencies = [ "async-trait", "cfg-if", @@ -3294,9 +3490,9 @@ dependencies = [ "futures-channel", "futures-io", "futures-util", - "idna 0.2.3", + "idna 0.4.0", "ipnet", - "lazy_static", + "once_cell", "rand", "smallvec", "thiserror", @@ -3308,16 +3504,17 @@ dependencies = [ [[package]] name = "trust-dns-resolver" -version = "0.22.0" +version = "0.23.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aff21aa4dcefb0a1afbfac26deb0adc93888c7d295fb63ab273ef276ba2b7cfe" +checksum = "c723b0e608b24ad04c73b2607e0241b2c98fd79795a95e98b068b6966138a29d" dependencies = [ "cfg-if", "futures-util", "ipconfig", - "lazy_static", "lru-cache", + "once_cell", "parking_lot", + "rand", "resolv-conf", "smallvec", "thiserror", @@ -3353,15 +3550,15 @@ dependencies = [ [[package]] name = "typenum" -version = "1.16.0" +version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "ubyte" -version = "0.10.3" +version = "0.10.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c81f0dae7d286ad0d9366d7679a77934cfc3cf3a8d67e82669794412b2368fe6" +checksum = "f720def6ce1ee2fc44d40ac9ed6d3a59c361c80a75a7aa8e75bb9baed31cf2ea" dependencies = [ "serde", ] @@ -3390,9 +3587,9 @@ checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460" [[package]] name = "unicode-ident" -version = "1.0.11" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "301abaae475aa91687eb82514b328ab47a211a533026cb25fc3e519b86adfc3c" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-normalization" @@ -3416,6 +3613,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" [[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] name = "url" version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -3435,9 +3638,9 @@ checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9" [[package]] name = "uuid" -version = "1.4.1" +version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79daa5ed5740825c40b389c5e50312b9c86df53fccd33f281df655642b43869d" +checksum = "88ad59a7560b41a70d191093a945f0b87bc1deeda46fb237479708a1d6b6cdfc" dependencies = [ "getrandom", ] @@ -3450,9 +3653,9 @@ checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d" [[package]] name = "value-bag" -version = "1.4.1" +version = "1.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d92ccd67fb88503048c01b59152a04effd0782d035a83a6d256ce6085f08f4a3" +checksum = "4a72e1902dde2bd6441347de2b70b7f5d59bf157c6c62f0c44572607a1d55bbe" [[package]] name = "vaultwarden" @@ -3488,13 +3691,14 @@ dependencies = [ "num-traits", "once_cell", "openssl", + "openssl-sys", "paste", "percent-encoding", "pico-args", "rand", "regex", "reqwest", - "ring", + "ring 0.17.5", "rmpv", "rocket", "rocket_ws", @@ -3529,15 +3733,15 @@ checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" [[package]] name = "waker-fn" -version = "1.1.0" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9d5b2c62b4012a3e1eca5a7e077d13b3bf498c4073e33ccd58626607748ceeca" +checksum = "f3c4517f54858c779bbcbf228f4fca63d121bf85fbecb2dc578cdf4a39395690" [[package]] name = "walkdir" -version = "2.3.3" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "36df944cda56c7d8d8b7496af378e6b16de9284591917d307c9b4d313c44e698" +checksum = "d71d857dc86794ca4c280d616f7da00d2dbfd8cd788846559a6813e6aa4b54ee" dependencies = [ "same-file", "winapi-util", @@ -3579,7 +3783,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", "wasm-bindgen-shared", ] @@ -3613,7 +3817,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.29", + "syn 2.0.38", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3668,13 +3872,15 @@ dependencies = [ [[package]] name = "which" -version = "4.4.0" +version = "5.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269" +checksum = "9bf3ea8596f3a0dd5980b46430f2058dfe2c36a27ccfbb1845d6fbfcd9ba6e14" dependencies = [ "either", - "libc", + "home", "once_cell", + "rustix 0.38.20", + "windows-sys", ] [[package]] @@ -3701,9 +3907,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" dependencies = [ "winapi", ] @@ -3724,6 +3930,15 @@ dependencies = [ ] [[package]] +name = "windows-core" +version = "0.51.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1f8cf84f35d2db49a46868f947758c7a1138116f7fac3bc844f43ade1292e64" +dependencies = [ + "windows-targets", +] + +[[package]] name = "windows-sys" version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -3791,9 +4006,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "winnow" -version = "0.5.15" +version = "0.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c2e3184b9c4e92ad5167ca73039d0c42476302ab603e2fec4487511f38ccefc" +checksum = "a3b801d0e0a6726477cc207f60162da452f3a95adb368399bef20a946e06f65c" dependencies = [ "memchr", ] diff --git a/Cargo.toml b/Cargo.toml @@ -3,7 +3,7 @@ name = "vaultwarden" version = "1.0.0" authors = ["Daniel García <dani-garcia@users.noreply.github.com>"] edition = "2021" -rust-version = "1.70.0" +rust-version = "1.71.1" resolver = "2" repository = "https://github.com/dani-garcia/vaultwarden" @@ -42,7 +42,7 @@ syslog = "6.1.0" # Logging log = "0.4.20" fern = { version = "0.6.2", features = ["syslog-6", "reopen-1"] } -tracing = { version = "0.1.37", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work +tracing = { version = "0.1.40", features = ["log"] } # Needed to have lettre and webauthn-rs trace logging to work # A `dotenv` implementation for Rust dotenvy = { version = "0.15.7", default-features = false } @@ -51,8 +51,8 @@ dotenvy = { version = "0.15.7", default-features = false } once_cell = "1.18.0" # Numerical libraries -num-traits = "0.2.16" -num-derive = "0.4.0" +num-traits = "0.2.17" +num-derive = "0.4.1" # Web framework rocket = { version = "0.5.0-rc.3", features = ["tls", "json"], default-features = false } @@ -68,14 +68,14 @@ dashmap = "5.5.3" # Async futures futures = "0.3.28" -tokio = { version = "1.32.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] } +tokio = { version = "1.33.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] } # A generic serialization/deserialization framework -serde = { version = "1.0.188", features = ["derive"] } -serde_json = "1.0.105" +serde = { version = "1.0.189", features = ["derive"] } +serde_json = "1.0.107" # A safe, extensible ORM and Query builder -diesel = { version = "2.1.1", features = ["chrono", "r2d2"] } +diesel = { version = "2.1.3", features = ["chrono", "r2d2"] } diesel_migrations = "2.1.0" diesel_logger = { version = "0.3.0", optional = true } @@ -84,15 +84,15 @@ libsqlite3-sys = { version = "0.26.0", features = ["bundled"], optional = true } # Crypto-related libraries rand = { version = "0.8.5", features = ["small_rng"] } -ring = "0.16.20" +ring = "0.17.5" # UUID generation -uuid = { version = "1.4.1", features = ["v4"] } +uuid = { version = "1.5.0", features = ["v4"] } # Date and time libraries -chrono = { version = "0.4.28", features = ["clock", "serde"], default-features = false } +chrono = { version = "0.4.31", features = ["clock", "serde"], default-features = false } chrono-tz = "0.8.3" -time = "0.3.28" +time = "0.3.30" # Job scheduler job_scheduler_ng = "2.0.4" @@ -101,7 +101,7 @@ job_scheduler_ng = "2.0.4" data-encoding = "2.4.0" # JWT library -jsonwebtoken = "8.3.0" +jsonwebtoken = "9.0.0" # TOTP library totp-lite = "2.0.0" @@ -116,24 +116,24 @@ webauthn-rs = "0.3.2" url = "2.4.1" # Email libraries -lettre = { version = "0.10.4", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false } +lettre = { version = "0.11.0", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false } percent-encoding = "2.3.0" # URL encoding library used for URL's in the emails email_address = "0.2.4" # HTML Template library -handlebars = { version = "4.3.7", features = ["dir_source"] } +handlebars = { version = "4.4.0", features = ["dir_source"] } # HTTP client (Used for favicons, version check, DUO and HIBP API) -reqwest = { version = "0.11.20", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] } +reqwest = { version = "0.11.22", features = ["stream", "json", "deflate", "gzip", "brotli", "socks", "cookies", "trust-dns", "native-tls-alpn"] } # Favicon extraction libraries html5gum = "0.5.7" -regex = { version = "1.9.4", features = ["std", "perf", "unicode-perl"], default-features = false } +regex = { version = "1.10.2", features = ["std", "perf", "unicode-perl"], default-features = false } data-url = "0.3.0" -bytes = "1.4.0" +bytes = "1.5.0" # Cache function results (Used for version check and favicon fetching) -cached = "0.44.0" +cached = { version = "0.46.0", features = ["async"] } # Used for custom short lived cookie jar during favicon extraction cookie = "0.16.2" @@ -141,6 +141,9 @@ cookie_store = "0.19.1" # Used by U2F, JWT and PostgreSQL openssl = "0.10.57" +# Set openssl-sys fixed to v0.9.92 to prevent building issues with musl, arm and 32bit pointer width +# It will force add a dynamically linked library which prevents the build from being static +openssl-sys = "=0.9.92" # CLI argument parsing pico-args = "0.5.0" @@ -150,34 +153,37 @@ paste = "1.0.14" governor = "0.6.0" # Check client versions for specific features. -semver = "1.0.18" +semver = "1.0.20" # Allow overriding the default memory allocator # Mainly used for the musl builds, since the default musl malloc is very slow -mimalloc = { version = "0.1.38", features = ["secure"], default-features = false, optional = true } -which = "4.4.0" +mimalloc = { version = "0.1.39", features = ["secure"], default-features = false, optional = true } +which = "5.0.0" # Argon2 library with support for the PHC format -argon2 = "0.5.1" +argon2 = "0.5.2" # Reading a password from the cli for generating the Argon2id ADMIN_TOKEN rpassword = "7.2.0" + [patch.crates-io] rocket = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch # rocket_ws = { git = 'https://github.com/SergioBenitez/Rocket', rev = 'ce441b5f46fdf5cd99cb32b8b8638835e4c2a5fa' } # v0.5 branch + # Strip debuginfo from the release builds # Also enable thin LTO for some optimizations [profile.release] strip = "debuginfo" lto = "thin" -# Always build argon2 using opt-level 3 -# This is a huge speed improvement during testing -[profile.dev.package.argon2] -opt-level = 3 # A little bit of a speedup [profile.dev] split-debuginfo = "unpacked" + +# Always build argon2 using opt-level 3 +# This is a huge speed improvement during testing +[profile.dev.package.argon2] +opt-level = 3 diff --git a/Dockerfile b/Dockerfile @@ -1 +1 @@ -docker/amd64/Dockerfile -\ No newline at end of file +docker/Dockerfile.debian +\ No newline at end of file diff --git a/docker/DockerSettings.yaml b/docker/DockerSettings.yaml @@ -0,0 +1,28 @@ +--- +vault_version: "v2023.9.1" +vault_image_digest: "sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd" +# Cross Compile Docker Helper Scripts v1.3.0 +# We use the linux/amd64 platform shell scripts since there is no difference between the different platform scripts +xx_image_digest: "sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc" +rust_version: 1.73.0 # Rust version to be used +debian_version: bookworm # Debian release name to be used +alpine_version: 3.18 # Alpine version to be used +# For which platforms/architectures will we try to build images +platforms: ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] +# Determine the build images per OS/Arch +build_stage_image: + debian: + image: "docker.io/library/rust:{{rust_version}}-slim-{{debian_version}}" + platform: "$BUILDPLATFORM" + alpine: + image: "build_${TARGETARCH}${TARGETVARIANT}" + platform: "linux/amd64" # The Alpine build images only have linux/amd64 images + arch_image: + amd64: "ghcr.io/blackdex/rust-musl:x86_64-musl-stable-{{rust_version}}" + arm64: "ghcr.io/blackdex/rust-musl:aarch64-musl-stable-{{rust_version}}" + armv7: "ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-{{rust_version}}" + armv6: "ghcr.io/blackdex/rust-musl:arm-musleabi-stable-{{rust_version}}" +# The final image which will be used to distribute the container images +runtime_stage_image: + debian: "docker.io/library/debian:{{debian_version}}-slim" + alpine: "docker.io/library/alpine:{{alpine_version}}" diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine @@ -0,0 +1,160 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ + +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1 +# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1 +# [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd +# [docker.io/vaultwarden/web-vault:v2023.9.1] +# +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault + +########################## ALPINE BUILD IMAGES ########################## +## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 +## And for Alpine we define all build images here, they will only be loaded when actually used +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.73.0 as build_amd64 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.73.0 as build_arm64 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.73.0 as build_armv7 +FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.73.0 as build_armv6 + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform=linux/amd64 build_${TARGETARCH}${TARGETVARIANT} as build +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" \ + # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 + # Debian Bookworm already contains libpq v15 + PQ_LIB_DIR="/usr/local/musl/pq15/lib" + + +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Shared variables across Debian and Alpine +RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ + # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic + if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi && \ + # Output the current contents of the file + cat /env-cargo + +# Enable MiMalloc to improve performance on Alpine builds +ARG DB=sqlite,mysql,postgresql,enable_mimalloc + +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi + + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +# +# To build these images you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.18 + +ENV ROCKET_PROFILE="release" \ + ROCKET_ADDRESS=0.0.0.0 \ + ROCKET_PORT=80 \ + SSL_CERT_DIR=/etc/ssl/certs + +# Create data folder and Install needed libraries +RUN mkdir /data && \ + apk --no-cache add \ + ca-certificates \ + curl \ + openssl \ + tzdata + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +CMD ["/start.sh"] diff --git a/docker/Dockerfile.buildx b/docker/Dockerfile.buildx @@ -1,34 +0,0 @@ -# syntax=docker/dockerfile:1 -# The cross-built images have the build arch (`amd64`) embedded in the image -# manifest, rather than the target arch. For example: -# -# $ docker inspect vaultwarden/server:latest-armv7 | jq -r '.[]|.Architecture' -# amd64 -# -# Recent versions of Docker have started printing a warning when the image's -# claimed arch doesn't match the host arch. For example: -# -# WARNING: The requested image's platform (linux/amd64) does not match the -# detected host platform (linux/arm/v7) and no specific platform was requested -# -# The image still works fine, but the spurious warning creates confusion. -# -# Docker doesn't seem to provide a way to directly set the arch of an image -# at build time. To resolve the build vs. target arch discrepancy, we use -# Docker Buildx to build a new set of images with the correct target arch. -# -# Docker Buildx uses this Dockerfile to build an image for each requested -# platform. Since the Dockerfile basically consists of a single `FROM` -# instruction, we're effectively telling Buildx to build a platform-specific -# image by simply copying the existing cross-built image and setting the -# correct target arch as a side effect. -# -# References: -# -# - https://docs.docker.com/buildx/working-with-buildx/#build-multi-platform-images -# - https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope -# - https://docs.docker.com/engine/reference/builder/#understand-how-arg-and-from-interact -# -ARG LOCAL_REPO -ARG DOCKER_TAG -FROM ${LOCAL_REPO}:${DOCKER_TAG}-${TARGETARCH}${TARGETVARIANT} diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian @@ -0,0 +1,194 @@ +# syntax=docker/dockerfile:1 + +# This file was generated using a Jinja2 template. +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + +# Using multistage build: +# https://docs.docker.com/develop/develop-images/multistage-build/ +# https://whitfin.io/speeding-up-rust-docker-builds/ + +####################### VAULT BUILD IMAGE ####################### +# The web-vault digest specifies a particular web-vault build on Docker Hub. +# Using the digest instead of the tag name provides better security, +# as the digest of an image is immutable, whereas a tag name can later +# be changed to point to a malicious image. +# +# To verify the current digest for a given tag name: +# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, +# click the tag name to view the digest of the image it currently points to. +# - From the command line: +# $ docker pull docker.io/vaultwarden/web-vault:v2023.9.1 +# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.9.1 +# [docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd] +# +# - Conversely, to get the tag name from the digest: +# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd +# [docker.io/vaultwarden/web-vault:v2023.9.1] +# +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:ccf76db7406378b36cb937c1a3ca884448e32e7f82effd4d97b335cd725c75fd as vault + +########################## Cross Compile Docker Helper Scripts ########################## +## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts +## And these bash scripts do not have any significant difference if at all +FROM --platform=linux/amd64 docker.io/tonistiigi/xx@sha256:c9609ace652bbe51dd4ce90e0af9d48a4590f1214246da5bc70e46f6dd586edc AS xx + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.73.0-slim-bookworm as build +COPY --from=xx / / +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM + +SHELL ["/bin/bash", "-o", "pipefail", "-c"] + +# Build time options to avoid dpkg warnings and help with reproducible builds. +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + TZ=UTC \ + TERM=xterm-256color \ + CARGO_HOME="/root/.cargo" \ + USER="root" + +# Install clang to get `xx-cargo` working +# Install pkg-config to allow amd64 builds to find all libraries +# Install git so build.rs can determine the correct version +# Install the libc cross packages based upon the debian-arch +RUN apt-get update && \ + apt-get install -y \ + --no-install-recommends \ + clang \ + pkg-config \ + git \ + "libc6-$(xx-info debian-arch)-cross" \ + "libc6-dev-$(xx-info debian-arch)-cross" \ + "linux-libc-dev-$(xx-info debian-arch)-cross" && \ + # Run xx-cargo early, since it sometimes seems to break when run at a later stage + echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo + +RUN xx-apt-get install -y \ + --no-install-recommends \ + gcc \ + libmariadb3 \ + libpq-dev \ + libpq5 \ + libssl-dev && \ + # Force install arch dependend mariadb dev packages + # Installing them the normal way breaks several other packages (again) + apt-get download "libmariadb-dev-compat:$(xx-info debian-arch)" "libmariadb-dev:$(xx-info debian-arch)" && \ + dpkg --force-all -i ./libmariadb-dev*.deb + +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + +# Creates a dummy project used to grab dependencies +RUN USER=root cargo new --bin /app +WORKDIR /app + +# Environment variables for cargo across Debian and Alpine +RUN source /env-cargo && \ + if xx-info is-cross ; then \ + # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. + # Because of this we generate the needed environment variables here which we can load in the needed steps. + echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ + echo "export CROSS_COMPILE=1" >> /env-cargo && \ + echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ + echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \ + fi && \ + # Output the current contents of the file + cat /env-cargo + +# Configure the DB ARG as late as possible to not invalidate the cached layers above +ARG DB=sqlite,mysql,postgresql + +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs + +# Builds your dependencies and removes the +# dummy project, except the target folder +# This folder contains the compiled dependencies +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete + +# Copies the complete project +# To avoid copying unneeded files, use .dockerignore +COPY . . + +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi + + +######################## RUNTIME IMAGE ######################## +# Create a new stage with a minimal image +# because we already have a binary built +# +# To build these images you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM docker.io/library/debian:bookworm-slim + +ENV ROCKET_PROFILE="release" \ + ROCKET_ADDRESS=0.0.0.0 \ + ROCKET_PORT=80 \ + DEBIAN_FRONTEND=noninteractive + +# Create data folder and Install needed libraries +RUN mkdir /data && \ + apt-get update && apt-get install -y \ + --no-install-recommends \ + ca-certificates \ + curl \ + libmariadb-dev-compat \ + libpq5 \ + openssl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +VOLUME /data +EXPOSE 80 +EXPOSE 3012 + +# Copies the files from the context (Rocket.toml file and web-vault) +# and the binary from the "build" stage to the current stage +WORKDIR / + +COPY docker/healthcheck.sh /healthcheck.sh +COPY docker/start.sh /start.sh + +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + +HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] + +CMD ["/start.sh"] diff --git a/docker/Dockerfile.j2 b/docker/Dockerfile.j2 @@ -1,68 +1,14 @@ # syntax=docker/dockerfile:1 # This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -{% set rust_version = "1.72.0" %} -{% set debian_version = "bookworm" %} -{% set alpine_version = "3.17" %} -{% set build_stage_base_image = "docker.io/library/rust:%s-%s" % (rust_version, debian_version) %} -{% if "alpine" in target_file %} -{% if "amd64" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:x86_64-musl-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/library/alpine:%s" % alpine_version %} -{% set package_arch_target = "x86_64-unknown-linux-musl" %} -{% elif "armv7" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:armv7-musleabihf-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/armv7hf-alpine:%s" % alpine_version %} -{% set package_arch_target = "armv7-unknown-linux-musleabihf" %} -{% elif "armv6" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:arm-musleabi-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/rpi-alpine:%s" % alpine_version %} -{% set package_arch_target = "arm-unknown-linux-musleabi" %} -{% elif "arm64" in target_file %} -{% set build_stage_base_image = "docker.io/blackdex/rust-musl:aarch64-musl-stable-%s-openssl3" % rust_version %} -{% set runtime_stage_base_image = "docker.io/balenalib/aarch64-alpine:%s" % alpine_version %} -{% set package_arch_target = "aarch64-unknown-linux-musl" %} -{% endif %} -{% elif "amd64" in target_file %} -{% set runtime_stage_base_image = "docker.io/library/debian:%s-slim" % debian_version %} -{% elif "arm64" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/aarch64-debian:%s" % debian_version %} -{% set package_arch_name = "arm64" %} -{% set package_arch_target = "aarch64-unknown-linux-gnu" %} -{% set package_cross_compiler = "aarch64-linux-gnu" %} -{% elif "armv6" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/rpi-debian:%s" % debian_version %} -{% set package_arch_name = "armel" %} -{% set package_arch_target = "arm-unknown-linux-gnueabi" %} -{% set package_cross_compiler = "arm-linux-gnueabi" %} -{% elif "armv7" in target_file %} -{% set runtime_stage_base_image = "docker.io/balenalib/armv7hf-debian:%s" % debian_version %} -{% set package_arch_name = "armhf" %} -{% set package_arch_target = "armv7-unknown-linux-gnueabihf" %} -{% set package_cross_compiler = "arm-linux-gnueabihf" %} -{% endif %} -{% if package_arch_name is defined %} -{% set package_arch_prefix = ":" + package_arch_name %} -{% else %} -{% set package_arch_prefix = "" %} -{% endif %} -{% if package_arch_target is defined %} -{% set package_arch_target_param = " --target=" + package_arch_target %} -{% else %} -{% set package_arch_target_param = "" %} -{% endif %} -{% if "buildkit" in target_file %} -{% set mount_rust_cache = "--mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry " %} -{% else %} -{% set mount_rust_cache = "" %} -{% endif %} +# Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make` +# This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine` + # Using multistage build: # https://docs.docker.com/develop/develop-images/multistage-build/ # https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -{% set vault_version = "v2023.8.2" %} -{% set vault_image_digest = "sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252" %} + +####################### VAULT BUILD IMAGE ####################### # The web-vault digest specifies a particular web-vault build on Docker Hub. # Using the digest instead of the tag name provides better security, # as the digest of an image is immutable, whereas a tag name can later @@ -80,10 +26,33 @@ # $ docker image inspect --format "{{ '{{' }}.RepoTags}}" docker.io/vaultwarden/web-vault@{{ vault_image_digest }} # [docker.io/vaultwarden/web-vault:{{ vault_version }}] # -FROM docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault +FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@{{ vault_image_digest }} as vault + +{% if base == "debian" %} +########################## Cross Compile Docker Helper Scripts ########################## +## We use the linux/amd64 no matter which Build Platform, since these are all bash scripts +## And these bash scripts do not have any significant difference if at all +FROM --platform=linux/amd64 docker.io/tonistiigi/xx@{{ xx_image_digest }} AS xx +{% elif base == "alpine" %} +########################## ALPINE BUILD IMAGES ########################## +## NOTE: The Alpine Base Images do not support other platforms then linux/amd64 +## And for Alpine we define all build images here, they will only be loaded when actually used +{% for arch in build_stage_image[base].arch_image %} +FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].arch_image[arch] }} as build_{{ arch }} +{% endfor %} +{% endif %} + +########################## BUILD IMAGE ########################## +# hadolint ignore=DL3006 +FROM --platform={{ build_stage_image[base].platform }} {{ build_stage_image[base].image }} as build +{% if base == "debian" %} +COPY --from=xx / / +{% endif %} +ARG TARGETARCH +ARG TARGETVARIANT +ARG TARGETPLATFORM -########################## BUILD IMAGE ########################## -FROM {{ build_stage_base_image }} as build +SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Build time options to avoid dpkg warnings and help with reproducible builds. ENV DEBIAN_FRONTEND=noninteractive \ @@ -91,133 +60,162 @@ ENV DEBIAN_FRONTEND=noninteractive \ TZ=UTC \ TERM=xterm-256color \ CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ USER="root" +{%- if base == "alpine" %} \ + # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 + # Debian Bookworm already contains libpq v15 + PQ_LIB_DIR="/usr/local/musl/pq15/lib" +{% endif %} -# Create CARGO_HOME folder and don't download rust docs -RUN {{ mount_rust_cache -}} mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal +{% if base == "debian" %} -{% if "alpine" in target_file %} -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -{% if "armv6" in target_file %} -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' -{% endif %} -{% elif "arm" in target_file %} -# Install build dependencies for the {{ package_arch_name }} architecture -RUN {{ mount_rust_cache -}} dpkg --add-architecture {{ package_arch_name }} \ - && apt-get update \ - && apt-get install -y \ +# Install clang to get `xx-cargo` working +# Install pkg-config to allow amd64 builds to find all libraries +# Install git so build.rs can determine the correct version +# Install the libc cross packages based upon the debian-arch +RUN apt-get update && \ + apt-get install -y \ --no-install-recommends \ - gcc-{{ package_cross_compiler }} \ - libc6-dev{{ package_arch_prefix }} \ - linux-libc-dev{{ package_arch_prefix }} \ - libmariadb-dev{{ package_arch_prefix }} \ - libmariadb-dev-compat{{ package_arch_prefix }} \ - libmariadb3{{ package_arch_prefix }} \ - libpq-dev{{ package_arch_prefix }} \ - libpq5{{ package_arch_prefix }} \ - libssl-dev{{ package_arch_prefix }} \ - # - # Make sure cargo has the right target config - && echo '[target.{{ package_arch_target }}]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "{{ package_cross_compiler }}-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/{{ package_cross_compiler }}"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_{{ package_arch_target | replace("-", "_") }}="/usr/bin/{{ package_cross_compiler }}-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/{{ package_cross_compiler }}" \ - OPENSSL_LIB_DIR="/usr/lib/{{ package_cross_compiler }}" -{% elif "amd64" in target_file %} -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ + clang \ + pkg-config \ + git \ + "libc6-$(xx-info debian-arch)-cross" \ + "libc6-dev-$(xx-info debian-arch)-cross" \ + "linux-libc-dev-$(xx-info debian-arch)-cross" && \ + # Run xx-cargo early, since it sometimes seems to break when run at a later stage + echo "export CARGO_TARGET=$(xx-cargo --print-target-triple)" >> /env-cargo + +RUN xx-apt-get install -y \ --no-install-recommends \ - libmariadb-dev \ - libpq-dev + gcc \ + libmariadb3 \ + libpq-dev \ + libpq5 \ + libssl-dev && \ + # Force install arch dependend mariadb dev packages + # Installing them the normal way breaks several other packages (again) + apt-get download "libmariadb-dev-compat:$(xx-info debian-arch)" "libmariadb-dev:$(xx-info debian-arch)" && \ + dpkg --force-all -i ./libmariadb-dev*.deb {% endif %} +# Create CARGO_HOME folder and don't download rust docs +RUN mkdir -pv "${CARGO_HOME}" \ + && rustup set profile minimal + # Creates a dummy project used to grab dependencies RUN USER=root cargo new --bin /app WORKDIR /app -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -{% if package_arch_target is defined %} -RUN {{ mount_rust_cache -}} rustup target add {{ package_arch_target }} -{% endif %} +{% if base == "debian" %} +# Environment variables for cargo across Debian and Alpine +RUN source /env-cargo && \ + if xx-info is-cross ; then \ + # We can't use xx-cargo since that uses clang, which doesn't work for our libraries. + # Because of this we generate the needed environment variables here which we can load in the needed steps. + echo "export CC_$(echo "${CARGO_TARGET}" | tr '[:upper:]' '[:lower:]' | tr - _)=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export CARGO_TARGET_$(echo "${CARGO_TARGET}" | tr '[:lower:]' '[:upper:]' | tr - _)_LINKER=/usr/bin/$(xx-info)-gcc" >> /env-cargo && \ + echo "export PKG_CONFIG=/usr/bin/$(xx-info)-pkg-config" >> /env-cargo && \ + echo "export CROSS_COMPILE=1" >> /env-cargo && \ + echo "export OPENSSL_INCLUDE_DIR=/usr/include/$(xx-info)" >> /env-cargo && \ + echo "export OPENSSL_LIB_DIR=/usr/lib/$(xx-info)" >> /env-cargo ; \ + fi && \ + # Output the current contents of the file + cat /env-cargo # Configure the DB ARG as late as possible to not invalidate the cached layers above -{% if "alpine" in target_file %} +ARG DB=sqlite,mysql,postgresql +{% elif base == "alpine" %} +# Shared variables across Debian and Alpine +RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \ + # To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic + if [[ "${TARGETARCH}${TARGETVARIANT}" == "armv6" ]] ; then echo "export RUSTFLAGS='-Clink-arg=-latomic'" >> /env-cargo ; fi && \ + # Output the current contents of the file + cat /env-cargo + # Enable MiMalloc to improve performance on Alpine builds ARG DB=sqlite,mysql,postgresql,enable_mimalloc -{% else %} -ARG DB=sqlite,mysql,postgresql {% endif %} +RUN source /env-cargo && \ + rustup target add "${CARGO_TARGET}" + +ARG CARGO_PROFILE=release +ARG VW_VERSION + +# Copies over *only* your manifests and build files +COPY ./Cargo.* ./ +COPY ./rust-toolchain.toml ./rust-toolchain.toml +COPY ./build.rs ./build.rs + # Builds your dependencies and removes the # dummy project, except the target folder # This folder contains the compiled dependencies -RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} \ - && find . -not -path "./target*" -delete +RUN source /env-cargo && \ + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + find . -not -path "./target*" -delete # Copies the complete project # To avoid copying unneeded files, use .dockerignore COPY . . -# Make sure that we actually build the project -RUN touch src/main.rs +# Builds again, this time it will be the actual source files being build +RUN source /env-cargo && \ + # Make sure that we actually build the project by updating the src/main.rs timestamp + touch src/main.rs && \ + # Create a symlink to the binary target folder to easy copy the binary in the final stage + cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \ + if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \ + ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \ + else \ + ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \ + fi -# Builds again, this time it'll just be -# your actual source files being built -RUN {{ mount_rust_cache -}} cargo build --features ${DB} --release{{ package_arch_target_param }} ######################## RUNTIME IMAGE ######################## # Create a new stage with a minimal image # because we already have a binary built -FROM {{ runtime_stage_base_image }} +# +# To build these images you need to have qemu binfmt support. +# See the following pages to help install these tools locally +# Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation +# Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64 +# +# Or use a Docker image which modifies your host system to support this. +# The GitHub Actions Workflow uses the same image as used below. +# See: https://github.com/tonistiigi/binfmt +# Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +# +# We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742 +FROM --platform=$TARGETPLATFORM {{ runtime_stage_image[base] }} ENV ROCKET_PROFILE="release" \ ROCKET_ADDRESS=0.0.0.0 \ ROCKET_PORT=80 -{%- if "alpine" in runtime_stage_base_image %} \ +{%- if base == "debian" %} \ + DEBIAN_FRONTEND=noninteractive +{% elif base == "alpine" %} \ SSL_CERT_DIR=/etc/ssl/certs {% endif %} - -{% if "amd64" not in target_file %} -RUN [ "cross-build-start" ] -{% endif %} - # Create data folder and Install needed libraries -RUN mkdir /data \ -{% if "alpine" in runtime_stage_base_image %} - && apk add --no-cache \ +RUN mkdir /data && \ +{% if base == "debian" %} + apt-get update && apt-get install -y \ + --no-install-recommends \ + ca-certificates \ + curl \ + libmariadb-dev-compat \ + libpq5 \ + openssl && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* +{% elif base == "alpine" %} + apk --no-cache add \ ca-certificates \ curl \ openssl \ tzdata -{% else %} - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* -{% endif %} - -{% if "amd64" not in target_file %} -RUN [ "cross-build-end" ] {% endif %} VOLUME /data @@ -227,16 +225,13 @@ EXPOSE 3012 # Copies the files from the context (Rocket.toml file and web-vault) # and the binary from the "build" stage to the current stage WORKDIR / -COPY --from=vault /web-vault ./web-vault -{% if package_arch_target is defined %} -COPY --from=build /app/target/{{ package_arch_target }}/release/vaultwarden . -{% else %} -COPY --from=build /app/target/release/vaultwarden . -{% endif %} COPY docker/healthcheck.sh /healthcheck.sh COPY docker/start.sh /start.sh +COPY --from=vault /web-vault ./web-vault +COPY --from=build /app/target/final/vaultwarden . + HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] CMD ["/start.sh"] diff --git a/docker/Makefile b/docker/Makefile @@ -1,15 +1,4 @@ -OBJECTS := $(shell find ./ -mindepth 2 -name 'Dockerfile*') - -all: $(OBJECTS) - -%/Dockerfile: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.alpine: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.buildkit: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" - -%/Dockerfile.buildkit.alpine: Dockerfile.j2 render_template - ./render_template "$<" "{\"target_file\":\"$@\"}" > "$@" +all: + ./render_template Dockerfile.j2 '{"base": "debian"}' > Dockerfile.debian + ./render_template Dockerfile.j2 '{"base": "alpine"}' > Dockerfile.alpine +.PHONY: all diff --git a/docker/README.md b/docker/README.md @@ -1,3 +1,183 @@ -The arch-specific directory names follow the arch identifiers used by the Docker official images: +# Vaultwarden Container Building -https://github.com/docker-library/official-images/blob/master/README.md#architectures-other-than-amd64 +To build and release new testing and stable releases of Vaultwarden we use `docker buildx bake`.<br> +This can be used locally by running the command yourself, but it is also used by GitHub Actions. + +This makes it easier for us to test and maintain the different architectures we provide.<br> +We also just have two Dockerfile's one for Debian and one for Alpine based images.<br> +With just these two files we can build both Debian and Alpine images for the following platforms: + - amd64 (linux/amd64) + - arm64 (linux/arm64) + - armv7 (linux/arm/v7) + - armv6 (linux/arm/v6) + +To build these containers you need to enable QEMU binfmt support to be able to run/emulate architectures which are different then your host.<br> +This ensures the container build process can run binaries from other architectures.<br> + +**NOTE**: Run all the examples below from the root of the repo.<br> + + +## How to install QEMU binfmt support + +This is different per host OS, but most support this in some way.<br> + +### Ubuntu/Debian +```bash +apt install binfmt-support qemu-user-static +``` + +### Arch Linux (others based upon it) +```bash +pacman -S qemu-user-static qemu-user-static-binfmt +``` + +### Fedora +```bash +dnf install qemu-user-static +``` + +### Others +There also is an option to use an other docker container to provide support for this. +```bash +# To install and activate +docker run --privileged --rm tonistiigi/binfmt --install arm64,arm +# To unistall +docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*' +``` + + +## Single architecture container building + +You can build a container per supported architecture as long as you have QEMU binfmt support installed on your system.<br> + +```bash +# Default bake triggers a Debian build using the hosts architecture +docker buildx bake --file docker/docker-bake.hcl + +# Bake Debian ARM64 using a debug build +CARGO_PROFILE=dev \ +SOURCE_COMMIT="$(git rev-parse HEAD)" \ +docker buildx bake --file docker/docker-bake.hcl debian-arm64 + +# Bake Alpine ARMv6 as a release build +SOURCE_COMMIT="$(git rev-parse HEAD)" \ +docker buildx bake --file docker/docker-bake.hcl alpine-armv6 +``` + + +## Local Multi Architecture container building + +Start the initialization, this only needs to be done once. + +```bash +# Create and use a new buildx builder instance which connects to the host network +docker buildx create --name vaultwarden --use --driver-opt network=host + +# Validate it runs +docker buildx inspect --bootstrap + +# Create a local container registry directly reachable on the localhost +docker run -d --name registry --network host registry:2 +``` + +After that is done, you should be able to build and push to the local registry.<br> +Use the following command with the modified variables to bake the Alpine images.<br> +Replace `alpine` with `debian` if you want to build the debian multi arch images. + +```bash +# Start a buildx bake using a debug build +CARGO_PROFILE=dev \ +SOURCE_COMMIT="$(git rev-parse HEAD)" \ +CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \ +docker buildx bake --file docker/docker-bake.hcl alpine-multi +``` + + +## Using the `bake.sh` script + +To make it a bit more easier to trigger a build, there also is a `bake.sh` script.<br> +This script calls `docker buildx bake` with all the right parameters and also generates the `SOURCE_COMMIT` and `SOURCE_VERSION` variables.<br> +This script can be called from both the repo root or within the docker directory. + +So, if you want to build a Multi Arch Alpine container pushing to your localhost registry you can run this from within the docker directory. (Just make sure you executed the initialization steps above first) +```bash +CONTAINER_REGISTRIES="localhost:5000/vaultwarden/server" \ +./bake.sh alpine-multi +``` + +Or if you want to just build a Debian container from the repo root, you can run this. +```bash +docker/bake.sh +``` + +You can append both `alpine` and `debian` with `-amd64`, `-arm64`, `-armv7` or `-armv6`, which will trigger a build for that specific platform.<br> +This will also append those values to the tag so you can see the builded container when running `docker images`. + +You can also append extra arguments after the target if you want. This can be useful for example to print what bake will use. +```bash +docker/bake.sh alpine-all --print +``` + +### Testing baked images + +To test these images you can run these images by using the correct tag and provide the platform.<br> +For example, after you have build an arm64 image via `./bake.sh debian-arm64` you can run: +```bash +docker run --rm -it \ + -e DISABLE_ADMIN_TOKEN=true \ + -e I_REALLY_WANT_VOLATILE_STORAGE=true \ + -p8080:80 --platform=linux/arm64 \ + vaultwarden/server:testing-arm64 +``` + + +## Using the `podman-bake.sh` script + +To also make building easier using podman, there is a `podman-bake.sh` script.<br> +This script calls `podman buildx build` with the needed parameters and the same as `bake.sh`, it will generate some variables automatically.<br> +This script can be called from both the repo root or within the docker directory. + +**NOTE:** Unlike the `bake.sh` script, this only supports a single `CONTAINER_REGISTRIES`, and a single `BASE_TAGS` value, no comma separated values. It also only supports building separate architectures, no Multi Arch containers. + +To build an Alpine arm64 image with only sqlite support and mimalloc, run this: +```bash +DB="sqlite,enable_mimalloc" \ +./podman-bake.sh alpine-arm64 +``` + +Or if you want to just build a Debian container from the repo root, you can run this. +```bash +docker/podman-bake.sh +``` + +You can append extra arguments after the target if you want. This can be useful for example to disable cache like this. +```bash +./podman-bake.sh alpine-arm64 --no-cache +``` + +For the podman builds you can, just like the `bake.sh` script, also append the architecture to build for that specific platform.<br> + +### Testing podman builded images + +The command to start a podman built container is almost the same as for the docker/bake built containers. The images start with `localhost/`, so you need to prepend that. + +```bash +podman run --rm -it \ + -e DISABLE_ADMIN_TOKEN=true \ + -e I_REALLY_WANT_VOLATILE_STORAGE=true \ + -p8080:80 --platform=linux/arm64 \ + localhost/vaultwarden/server:testing-arm64 +``` + + +## Variables supported +| Variable | default | description | +| --------------------- | ------------------ | ----------- | +| CARGO_PROFILE | null | Which cargo profile to use. `null` means what is defined in the Dockerfile | +| DB | null | Which `features` to build. `null` means what is defined in the Dockerfile | +| SOURCE_REPOSITORY_URL | null | The source repository form where this build is triggered | +| SOURCE_COMMIT | null | The commit hash of the current commit for this build | +| SOURCE_VERSION | null | The current exact tag of this commit, else the last tag and the first 8 chars of the source commit | +| BASE_TAGS | testing | Tags to be used. Can be a comma separated value like "latest,1.29.2" | +| CONTAINER_REGISTRIES | vaultwarden/server | Comma separated value of container registries. Like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` | +| VW_VERSION | null | To override the `SOURCE_VERSION` value. This is also used by the `build.rs` code for example | diff --git a/docker/amd64/Dockerfile b/docker/amd64/Dockerfile @@ -1,119 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev \ - libpq-dev - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/debian:bookworm-slim - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.alpine b/docker/amd64/Dockerfile.alpine @@ -1,116 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add x86_64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.buildkit b/docker/amd64/Dockerfile.buildkit @@ -1,119 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies -RUN apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - libmariadb-dev \ - libpq-dev - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/debian:bookworm-slim - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/amd64/Dockerfile.buildkit.alpine b/docker/amd64/Dockerfile.buildkit.alpine @@ -1,116 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:x86_64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add x86_64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=x86_64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/library/alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/x86_64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile b/docker/arm64/Dockerfile @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the arm64 architecture -RUN dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - libc6-dev:arm64 \ - linux-libc-dev:arm64 \ - libmariadb-dev:arm64 \ - libmariadb-dev-compat:arm64 \ - libmariadb3:arm64 \ - libpq-dev:arm64 \ - libpq5:arm64 \ - libssl-dev:arm64 \ - # - # Make sure cargo has the right target config - && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \ - OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add aarch64-unknown-linux-gnu - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.alpine b/docker/arm64/Dockerfile.alpine @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add aarch64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.buildkit b/docker/arm64/Dockerfile.buildkit @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the arm64 architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture arm64 \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-aarch64-linux-gnu \ - libc6-dev:arm64 \ - linux-libc-dev:arm64 \ - libmariadb-dev:arm64 \ - libmariadb-dev-compat:arm64 \ - libmariadb3:arm64 \ - libpq-dev:arm64 \ - libpq5:arm64 \ - libssl-dev:arm64 \ - # - # Make sure cargo has the right target config - && echo '[target.aarch64-unknown-linux-gnu]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "aarch64-linux-gnu-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/aarch64-linux-gnu"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_aarch64_unknown_linux_gnu="/usr/bin/aarch64-linux-gnu-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/aarch64-linux-gnu" \ - OPENSSL_LIB_DIR="/usr/lib/aarch64-linux-gnu" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-gnu - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-gnu - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-gnu/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/arm64/Dockerfile.buildkit.alpine b/docker/arm64/Dockerfile.buildkit.alpine @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:aarch64-musl-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add aarch64-unknown-linux-musl - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=aarch64-unknown-linux-musl - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/aarch64-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/aarch64-unknown-linux-musl/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile b/docker/armv6/Dockerfile @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armel architecture -RUN dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - libc6-dev:armel \ - linux-libc-dev:armel \ - libmariadb-dev:armel \ - libmariadb-dev-compat:armel \ - libmariadb3:armel \ - libpq-dev:armel \ - libpq5:armel \ - libssl-dev:armel \ - # - # Make sure cargo has the right target config - && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add arm-unknown-linux-gnueabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.alpine b/docker/armv6/Dockerfile.alpine @@ -1,120 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add arm-unknown-linux-musleabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.buildkit b/docker/armv6/Dockerfile.buildkit @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armel architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armel \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabi \ - libc6-dev:armel \ - linux-libc-dev:armel \ - libmariadb-dev:armel \ - libmariadb-dev-compat:armel \ - libmariadb3:armel \ - libpq-dev:armel \ - libpq5:armel \ - libssl-dev:armel \ - # - # Make sure cargo has the right target config - && echo '[target.arm-unknown-linux-gnueabi]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabi-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabi"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_arm_unknown_linux_gnueabi="/usr/bin/arm-linux-gnueabi-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabi" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabi" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-gnueabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-gnueabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-gnueabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv6/Dockerfile.buildkit.alpine b/docker/armv6/Dockerfile.buildkit.alpine @@ -1,120 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:arm-musleabi-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" -# To be able to build the armv6 image with mimalloc we need to tell the linker to also look for libatomic -ENV RUSTFLAGS='-Clink-arg=-latomic' - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add arm-unknown-linux-musleabi - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=arm-unknown-linux-musleabi - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/rpi-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/arm-unknown-linux-musleabi/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile b/docker/armv7/Dockerfile @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armhf architecture -RUN dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - libc6-dev:armhf \ - linux-libc-dev:armhf \ - libmariadb-dev:armhf \ - libmariadb-dev-compat:armhf \ - libmariadb3:armhf \ - libpq-dev:armhf \ - libpq5:armhf \ - libssl-dev:armhf \ - # - # Make sure cargo has the right target config - && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add armv7-unknown-linux-gnueabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.alpine b/docker/armv7/Dockerfile.alpine @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN rustup target add armv7-unknown-linux-musleabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.buildkit b/docker/armv7/Dockerfile.buildkit @@ -1,141 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/library/rust:1.72.0-bookworm as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Install build dependencies for the armhf architecture -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry dpkg --add-architecture armhf \ - && apt-get update \ - && apt-get install -y \ - --no-install-recommends \ - gcc-arm-linux-gnueabihf \ - libc6-dev:armhf \ - linux-libc-dev:armhf \ - libmariadb-dev:armhf \ - libmariadb-dev-compat:armhf \ - libmariadb3:armhf \ - libpq-dev:armhf \ - libpq5:armhf \ - libssl-dev:armhf \ - # - # Make sure cargo has the right target config - && echo '[target.armv7-unknown-linux-gnueabihf]' >> "${CARGO_HOME}/config" \ - && echo 'linker = "arm-linux-gnueabihf-gcc"' >> "${CARGO_HOME}/config" \ - && echo 'rustflags = ["-L/usr/lib/arm-linux-gnueabihf"]' >> "${CARGO_HOME}/config" - -# Set arm specific environment values -ENV CC_armv7_unknown_linux_gnueabihf="/usr/bin/arm-linux-gnueabihf-gcc" \ - CROSS_COMPILE="1" \ - OPENSSL_INCLUDE_DIR="/usr/include/arm-linux-gnueabihf" \ - OPENSSL_LIB_DIR="/usr/lib/arm-linux-gnueabihf" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-gnueabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -ARG DB=sqlite,mysql,postgresql - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-gnueabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-debian:bookworm - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apt-get update && apt-get install -y \ - --no-install-recommends \ - ca-certificates \ - curl \ - libmariadb-dev-compat \ - libpq5 \ - openssl \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-gnueabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/armv7/Dockerfile.buildkit.alpine b/docker/armv7/Dockerfile.buildkit.alpine @@ -1,118 +0,0 @@ -# syntax=docker/dockerfile:1 - -# This file was generated using a Jinja2 template. -# Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles. -# Using multistage build: -# https://docs.docker.com/develop/develop-images/multistage-build/ -# https://whitfin.io/speeding-up-rust-docker-builds/ -####################### VAULT BUILD IMAGE ####################### -# The web-vault digest specifies a particular web-vault build on Docker Hub. -# Using the digest instead of the tag name provides better security, -# as the digest of an image is immutable, whereas a tag name can later -# be changed to point to a malicious image. -# -# To verify the current digest for a given tag name: -# - From https://hub.docker.com/r/vaultwarden/web-vault/tags, -# click the tag name to view the digest of the image it currently points to. -# - From the command line: -# $ docker pull docker.io/vaultwarden/web-vault:v2023.8.2 -# $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2023.8.2 -# [docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252] -# -# - Conversely, to get the tag name from the digest: -# $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 -# [docker.io/vaultwarden/web-vault:v2023.8.2] -# -FROM docker.io/vaultwarden/web-vault@sha256:b361e79309ef2c4368f880f350166daade41eb0927a9adf376c76e3713027252 as vault - -########################## BUILD IMAGE ########################## -FROM docker.io/blackdex/rust-musl:armv7-musleabihf-stable-1.72.0-openssl3 as build - -# Build time options to avoid dpkg warnings and help with reproducible builds. -ENV DEBIAN_FRONTEND=noninteractive \ - LANG=C.UTF-8 \ - TZ=UTC \ - TERM=xterm-256color \ - CARGO_HOME="/root/.cargo" \ - REGISTRIES_CRATES_IO_PROTOCOL=sparse \ - USER="root" - -# Create CARGO_HOME folder and don't download rust docs -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry mkdir -pv "${CARGO_HOME}" \ - && rustup set profile minimal - -# Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11 -# Debian Bookworm already contains libpq v15 -ENV PQ_LIB_DIR="/usr/local/musl/pq15/lib" - -# Creates a dummy project used to grab dependencies -RUN USER=root cargo new --bin /app -WORKDIR /app - -# Copies over *only* your manifests and build files -COPY ./Cargo.* ./ -COPY ./rust-toolchain.toml ./rust-toolchain.toml -COPY ./build.rs ./build.rs - -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry rustup target add armv7-unknown-linux-musleabihf - -# Configure the DB ARG as late as possible to not invalidate the cached layers above -# Enable MiMalloc to improve performance on Alpine builds -ARG DB=sqlite,mysql,postgresql,enable_mimalloc - -# Builds your dependencies and removes the -# dummy project, except the target folder -# This folder contains the compiled dependencies -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf \ - && find . -not -path "./target*" -delete - -# Copies the complete project -# To avoid copying unneeded files, use .dockerignore -COPY . . - -# Make sure that we actually build the project -RUN touch src/main.rs - -# Builds again, this time it'll just be -# your actual source files being built -RUN --mount=type=cache,target=/root/.cargo/git --mount=type=cache,target=/root/.cargo/registry cargo build --features ${DB} --release --target=armv7-unknown-linux-musleabihf - -######################## RUNTIME IMAGE ######################## -# Create a new stage with a minimal image -# because we already have a binary built -FROM docker.io/balenalib/armv7hf-alpine:3.17 - -ENV ROCKET_PROFILE="release" \ - ROCKET_ADDRESS=0.0.0.0 \ - ROCKET_PORT=80 \ - SSL_CERT_DIR=/etc/ssl/certs - - -RUN [ "cross-build-start" ] - -# Create data folder and Install needed libraries -RUN mkdir /data \ - && apk add --no-cache \ - ca-certificates \ - curl \ - openssl \ - tzdata - -RUN [ "cross-build-end" ] - -VOLUME /data -EXPOSE 80 -EXPOSE 3012 - -# Copies the files from the context (Rocket.toml file and web-vault) -# and the binary from the "build" stage to the current stage -WORKDIR / -COPY --from=vault /web-vault ./web-vault -COPY --from=build /app/target/armv7-unknown-linux-musleabihf/release/vaultwarden . - -COPY docker/healthcheck.sh /healthcheck.sh -COPY docker/start.sh /start.sh - -HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"] - -CMD ["/start.sh"] diff --git a/docker/bake.sh b/docker/bake.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +# Determine the basedir of this script. +# It should be located in the same directory as the docker-bake.hcl +# This ensures you can run this script from both inside and outside of the docker directory +BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")") + +# Load build env's +source "${BASEDIR}/bake_env.sh" + +# Be verbose on what is being executed +set -x + +# Make sure we set the context to `..` so it will go up one directory +docker buildx bake --progress plain --set "*.context=${BASEDIR}/.." -f "${BASEDIR}/docker-bake.hcl" "$@" diff --git a/docker/bake_env.sh b/docker/bake_env.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash + +# If SOURCE_COMMIT is provided via env skip this +if [ -z "${SOURCE_COMMIT+x}" ]; then + SOURCE_COMMIT="$(git rev-parse HEAD)" +fi + +# If VW_VERSION is provided via env use it as SOURCE_VERSION +# Else define it using git +if [[ -n "${VW_VERSION}" ]]; then + SOURCE_VERSION="${VW_VERSION}" +else + GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" + if [[ -n "${GIT_EXACT_TAG}" ]]; then + SOURCE_VERSION="${GIT_EXACT_TAG}" + else + GIT_LAST_TAG="$(git describe --tags --abbrev=0)" + SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" + GIT_BRANCH="$(git rev-parse --abbrev-ref HEAD)" + case "${GIT_BRANCH}" in + main|master|HEAD) + # Do not add the branch name for these branches + ;; + *) + SOURCE_VERSION="${SOURCE_VERSION} (${GIT_BRANCH})" + ;; + esac + fi +fi + +# Export the rendered variables above so bake will use them +export SOURCE_COMMIT +export SOURCE_VERSION diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl @@ -0,0 +1,229 @@ +// ==== Baking Variables ==== + +// Set which cargo profile to use, dev or release for example +// Use the value provided in the Dockerfile as default +variable "CARGO_PROFILE" { + default = null +} + +// Set which DB's (features) to enable +// Use the value provided in the Dockerfile as default +variable "DB" { + default = null +} + +// The repository this build was triggered from +variable "SOURCE_REPOSITORY_URL" { + default = null +} + +// The commit hash of of the current commit this build was triggered on +variable "SOURCE_COMMIT" { + default = null +} + +// The version of this build +// Typically the current exact tag of this commit, +// else the last tag and the first 8 characters of the source commit +variable "SOURCE_VERSION" { + default = null +} + +// This can be used to overwrite SOURCE_VERSION +// It will be used during the build.rs building stage +variable "VW_VERSION" { + default = null +} + +// The base tag(s) to use +// This can be a comma separated value like "testing,1.29.2" +variable "BASE_TAGS" { + default = "testing" +} + +// Which container registries should be used for the tagging +// This can be a comma separated value +// Use a full URI like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server` +variable "CONTAINER_REGISTRIES" { + default = "vaultwarden/server" +} + + +// ==== Baking Groups ==== + +group "default" { + targets = ["debian"] +} + + +// ==== Shared Baking ==== +function "labels" { + params = [] + result = { + "org.opencontainers.image.description" = "Unofficial Bitwarden compatible server written in Rust - ${SOURCE_VERSION}" + "org.opencontainers.image.licenses" = "AGPL-3.0-only" + "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki" + "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden" + "org.opencontainers.image.created" = "${formatdate("YYYY-MM-DD'T'hh:mm:ssZZZZZ", timestamp())}" + "org.opencontainers.image.source" = "${SOURCE_REPOSITORY_URL}" + "org.opencontainers.image.revision" = "${SOURCE_COMMIT}" + "org.opencontainers.image.version" = "${SOURCE_VERSION}" + } +} + +target "_default_attributes" { + labels = labels() + args = { + DB = "${DB}" + CARGO_PROFILE = "${CARGO_PROFILE}" + VW_VERSION = "${VW_VERSION}" + } +} + + +// ==== Debian Baking ==== + +// Default Debian target, will build a container using the hosts platform architecture +target "debian" { + inherits = ["_default_attributes"] + dockerfile = "docker/Dockerfile.debian" + tags = generate_tags("", platform_tag()) + output = [join(",", flatten([["type=docker"], image_index_annotations()]))] +} + +// Multi Platform target, will build one tagged manifest with all supported architectures +// This is mainly used by GitHub Actions to build and push new containers +target "debian-multi" { + inherits = ["debian"] + platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] + tags = generate_tags("", "") + output = [join(",", flatten([["type=registry"], image_index_annotations()]))] +} + +// Per platform targets, to individually test building per platform locally +target "debian-amd64" { + inherits = ["debian"] + platforms = ["linux/amd64"] + tags = generate_tags("", "-amd64") +} + +target "debian-arm64" { + inherits = ["debian"] + platforms = ["linux/arm64"] + tags = generate_tags("", "-arm64") +} + +target "debian-armv7" { + inherits = ["debian"] + platforms = ["linux/arm/v7"] + tags = generate_tags("", "-armv7") +} + +target "debian-armv6" { + inherits = ["debian"] + platforms = ["linux/arm/v6"] + tags = generate_tags("", "-armv6") +} + +// A Group to build all platforms individually for local testing +group "debian-all" { + targets = ["debian-amd64", "debian-arm64", "debian-armv7", "debian-armv6"] +} + + +// ==== Alpine Baking ==== + +// Default Alpine target, will build a container using the hosts platform architecture +target "alpine" { + inherits = ["_default_attributes"] + dockerfile = "docker/Dockerfile.alpine" + tags = generate_tags("-alpine", platform_tag()) + output = [join(",", flatten([["type=docker"], image_index_annotations()]))] +} + +// Multi Platform target, will build one tagged manifest with all supported architectures +// This is mainly used by GitHub Actions to build and push new containers +target "alpine-multi" { + inherits = ["alpine"] + platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"] + tags = generate_tags("-alpine", "") + output = [join(",", flatten([["type=registry"], image_index_annotations()]))] +} + +// Per platform targets, to individually test building per platform locally +target "alpine-amd64" { + inherits = ["alpine"] + platforms = ["linux/amd64"] + tags = generate_tags("-alpine", "-amd64") +} + +target "alpine-arm64" { + inherits = ["alpine"] + platforms = ["linux/arm64"] + tags = generate_tags("-alpine", "-arm64") +} + +target "alpine-armv7" { + inherits = ["alpine"] + platforms = ["linux/arm/v7"] + tags = generate_tags("-alpine", "-armv7") +} + +target "alpine-armv6" { + inherits = ["alpine"] + platforms = ["linux/arm/v6"] + tags = generate_tags("-alpine", "-armv6") +} + +// A Group to build all platforms individually for local testing +group "alpine-all" { + targets = ["alpine-amd64", "alpine-arm64", "alpine-armv7", "alpine-armv6"] +} + + +// ==== Bake everything locally ==== + +group "all" { + targets = ["debian-all", "alpine-all"] +} + + +// ==== Baking functions ==== + +// This will return the local platform as amd64, arm64 or armv7 for example +// It can be used for creating a local image tag +function "platform_tag" { + params = [] + result = "-${replace(replace(BAKE_LOCAL_PLATFORM, "linux/", ""), "/", "")}" +} + + +function "get_container_registries" { + params = [] + result = flatten(split(",", CONTAINER_REGISTRIES)) +} + +function "get_base_tags" { + params = [] + result = flatten(split(",", BASE_TAGS)) +} + +function "generate_tags" { + params = [ + suffix, // What to append to the BASE_TAG when needed, like `-alpine` for example + platform // the platform we are building for if needed + ] + result = flatten([ + for registry in get_container_registries() : + [for base_tag in get_base_tags() : + concat(["${registry}:${base_tag}${suffix}${platform}"])] + ]) +} + +function "image_index_annotations" { + params = [] + result = flatten([ + for key, value in labels() : + value != null ? formatlist("annotation-index.%s=%s", "${key}", "${value}") : [] + ]) +} diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh @@ -10,7 +10,7 @@ CONFIG_FILE="${DATA_FOLDER}"/config.json # Given a config key, return the corresponding config value from the # config file. If the key doesn't exist, return an empty string. get_config_val() { - local key="$1" + key="$1" # Extract a line of the form: # "domain": "https://bw.example.com/path", grep "\"${key}\":" "${CONFIG_FILE}" | diff --git a/docker/podman-bake.sh b/docker/podman-bake.sh @@ -0,0 +1,105 @@ +#!/usr/bin/env bash + +# Determine the basedir of this script. +# It should be located in the same directory as the docker-bake.hcl +# This ensures you can run this script from both inside and outside of the docker directory +BASEDIR=$(RL=$(readlink -n "$0"); SP="${RL:-$0}"; dirname "$(cd "$(dirname "${SP}")" || exit; pwd)/$(basename "${SP}")") + +# Load build env's +source "${BASEDIR}/bake_env.sh" + +# Check if a target is given as first argument +# If not we assume the defaults and pass the given arguments to the podman command +case "${1}" in + alpine*|debian*) + TARGET="${1}" + # Now shift the $@ array so we only have the rest of the arguments + # This allows us too append these as extra arguments too the podman buildx build command + shift + ;; +esac + +LABEL_ARGS=( + --label org.opencontainers.image.description="Unofficial Bitwarden compatible server written in Rust" + --label org.opencontainers.image.licenses="AGPL-3.0-only" + --label org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki" + --label org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden" + --label org.opencontainers.image.created="$(date --utc --iso-8601=seconds)" +) +if [[ -n "${SOURCE_REPOSITORY_URL}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}") +fi +if [[ -n "${SOURCE_COMMIT}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.revision="${SOURCE_COMMIT}") +fi +if [[ -n "${SOURCE_VERSION}" ]]; then + LABEL_ARGS+=(--label org.opencontainers.image.version="${SOURCE_VERSION}") +fi + +# Check if and which --build-arg arguments we need to configure +BUILD_ARGS=() +if [[ -n "${DB}" ]]; then + BUILD_ARGS+=(--build-arg DB="${DB}") +fi +if [[ -n "${CARGO_PROFILE}" ]]; then + BUILD_ARGS+=(--build-arg CARGO_PROFILE="${CARGO_PROFILE}") +fi +if [[ -n "${VW_VERSION}" ]]; then + BUILD_ARGS+=(--build-arg VW_VERSION="${VW_VERSION}") +fi + +# Set the default BASE_TAGS if non are provided +if [[ -z "${BASE_TAGS}" ]]; then + BASE_TAGS="testing" +fi + +# Set the default CONTAINER_REGISTRIES if non are provided +if [[ -z "${CONTAINER_REGISTRIES}" ]]; then + CONTAINER_REGISTRIES="vaultwarden/server" +fi + +# Check which Dockerfile we need to use, default is debian +case "${TARGET}" in + alpine*) + BASE_TAGS="${BASE_TAGS}-alpine" + DOCKERFILE="Dockerfile.alpine" + ;; + *) + DOCKERFILE="Dockerfile.debian" + ;; +esac + +# Check which platform we need to build and append the BASE_TAGS with the architecture +case "${TARGET}" in + *-arm64) + BASE_TAGS="${BASE_TAGS}-arm64" + PLATFORM="linux/arm64" + ;; + *-armv7) + BASE_TAGS="${BASE_TAGS}-armv7" + PLATFORM="linux/arm/v7" + ;; + *-armv6) + BASE_TAGS="${BASE_TAGS}-armv6" + PLATFORM="linux/arm/v6" + ;; + *) + BASE_TAGS="${BASE_TAGS}-amd64" + PLATFORM="linux/amd64" + ;; +esac + +# Be verbose on what is being executed +set -x + +# Build the image with podman +# We use the docker format here since we are using `SHELL`, which is not supported by OCI +# shellcheck disable=SC2086 +podman buildx build \ + --platform="${PLATFORM}" \ + --tag="${CONTAINER_REGISTRIES}:${BASE_TAGS}" \ + --format=docker \ + "${LABEL_ARGS[@]}" \ + "${BUILD_ARGS[@]}" \ + --file="${BASEDIR}/${DOCKERFILE}" "$@" \ + "${BASEDIR}/.." diff --git a/docker/render_template b/docker/render_template @@ -1,17 +1,31 @@ #!/usr/bin/env python3 -import os, argparse, json - +import os +import argparse +import json +import yaml import jinja2 +# Load settings file +with open("DockerSettings.yaml", 'r') as yaml_file: + yaml_data = yaml.safe_load(yaml_file) + +settings_env = jinja2.Environment( + loader=jinja2.FileSystemLoader(os.getcwd()), +) +settings_yaml = yaml.safe_load(settings_env.get_template("DockerSettings.yaml").render(yaml_data)) + args_parser = argparse.ArgumentParser() args_parser.add_argument('template_file', help='Jinja2 template file to render.') args_parser.add_argument('render_vars', help='JSON-encoded data to pass to the templating engine.') cli_args = args_parser.parse_args() +# Merge the default config yaml with the json arguments given. render_vars = json.loads(cli_args.render_vars) +settings_yaml.update(render_vars) + environment = jinja2.Environment( loader=jinja2.FileSystemLoader(os.getcwd()), trim_blocks=True, ) -print(environment.get_template(cli_args.template_file).render(render_vars)) +print(environment.get_template(cli_args.template_file).render(settings_yaml)) diff --git a/hooks/README.md b/hooks/README.md @@ -1,20 +0,0 @@ -The hooks in this directory are used to create multi-arch images using Docker Hub automated builds. - -Docker Hub hooks provide these predefined [environment variables](https://docs.docker.com/docker-hub/builds/advanced/#environment-variables-for-building-and-testing): - -* `SOURCE_BRANCH`: the name of the branch or the tag that is currently being tested. -* `SOURCE_COMMIT`: the SHA1 hash of the commit being tested. -* `COMMIT_MSG`: the message from the commit being tested and built. -* `DOCKER_REPO`: the name of the Docker repository being built. -* `DOCKERFILE_PATH`: the dockerfile currently being built. -* `DOCKER_TAG`: the Docker repository tag being built. -* `IMAGE_NAME`: the name and tag of the Docker repository being built. (This variable is a combination of `DOCKER_REPO:DOCKER_TAG`.) - -The current multi-arch image build relies on the original vaultwarden Dockerfiles, which use cross-compilation for architectures other than `amd64`, and don't yet support all arch/distro combinations. However, cross-compilation is much faster than QEMU-based builds (e.g., using `docker buildx`). This situation may need to be revisited at some point. - -## References - -* https://docs.docker.com/docker-hub/builds/advanced/ -* https://docs.docker.com/engine/reference/commandline/manifest/ -* https://www.docker.com/blog/multi-arch-build-and-images-the-simple-way/ -* https://success.docker.com/article/how-do-i-authenticate-with-the-v2-api diff --git a/hooks/arches.sh b/hooks/arches.sh @@ -1,15 +0,0 @@ -#!/usr/bin/env bash - -# The default Debian-based images support these arches for all database backends. -arches=( - amd64 - armv6 - armv7 - arm64 -) -export arches - -if [[ "${DOCKER_TAG}" == *alpine ]]; then - distro_suffix=.alpine -fi -export distro_suffix diff --git a/hooks/build b/hooks/build @@ -1,51 +0,0 @@ -#!/usr/bin/env bash - -echo ">>> Building images..." - -# shellcheck source=arches.sh -source ./hooks/arches.sh - -if [[ -z "${SOURCE_COMMIT}" ]]; then - # This var is typically predefined by Docker Hub, but it won't be - # when testing locally. - SOURCE_COMMIT="$(git rev-parse HEAD)" -fi - -# Construct a version string in the style of `build.rs`. -GIT_EXACT_TAG="$(git describe --tags --abbrev=0 --exact-match 2>/dev/null)" -if [[ -n "${GIT_EXACT_TAG}" ]]; then - SOURCE_VERSION="${GIT_EXACT_TAG}" -else - GIT_LAST_TAG="$(git describe --tags --abbrev=0)" - SOURCE_VERSION="${GIT_LAST_TAG}-${SOURCE_COMMIT:0:8}" -fi - -LABELS=( - # https://github.com/opencontainers/image-spec/blob/master/annotations.md - org.opencontainers.image.created="$(date --utc --iso-8601=seconds)" - org.opencontainers.image.documentation="https://github.com/dani-garcia/vaultwarden/wiki" - org.opencontainers.image.licenses="AGPL-3.0-only" - org.opencontainers.image.revision="${SOURCE_COMMIT}" - org.opencontainers.image.source="${SOURCE_REPOSITORY_URL}" - org.opencontainers.image.url="https://github.com/dani-garcia/vaultwarden" - org.opencontainers.image.version="${SOURCE_VERSION}" -) -LABEL_ARGS=() -for label in "${LABELS[@]}"; do - LABEL_ARGS+=(--label "${label}") -done - -# Check if DOCKER_BUILDKIT is set, if so, use the Dockerfile.buildkit as template -if [[ -n "${DOCKER_BUILDKIT}" ]]; then - buildkit_suffix=.buildkit -fi - -set -ex - -for arch in "${arches[@]}"; do - docker build \ - "${LABEL_ARGS[@]}" \ - -t "${DOCKER_REPO}:${DOCKER_TAG}-${arch}" \ - -f "docker/${arch}/Dockerfile${buildkit_suffix}${distro_suffix}" \ - . -done diff --git a/hooks/pre_build b/hooks/pre_build @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -set -ex - -# If requested, print some environment info for troubleshooting. -if [[ -n "${DOCKER_HUB_DEBUG}" ]]; then - id - pwd - df -h - env - docker info - docker version -fi - -# Install build dependencies. -deps=( - jq -) -apt-get update -apt-get install -y "${deps[@]}" - -# Docker Hub uses a shallow clone and doesn't fetch tags, which breaks some -# Git operations that we perform later, so fetch the complete history and -# tags first. Note that if the build is cached, the clone may have been -# unshallowed already; if so, unshallowing will fail, so skip it. -if [[ -f .git/shallow ]]; then - git fetch --unshallow --tags -fi diff --git a/hooks/push b/hooks/push @@ -1,111 +0,0 @@ -#!/usr/bin/env bash - -# shellcheck source=arches.sh -source ./hooks/arches.sh - -export DOCKER_CLI_EXPERIMENTAL=enabled - -# Join a list of args with a single char. -# Ref: https://stackoverflow.com/a/17841619 -join() { local IFS="$1"; shift; echo "$*"; } - -set -ex - -echo ">>> Starting local Docker registry when needed..." - -# Docker Buildx's `docker-container` driver is needed for multi-platform -# builds, but it can't access existing images on the Docker host (like the -# cross-compiled ones we just built). Those images first need to be pushed to -# a registry -- Docker Hub could be used, but since it's not trivial to clean -# up those intermediate images on Docker Hub, it's easier to just run a local -# Docker registry, which gets cleaned up automatically once the build job ends. -# -# https://docs.docker.com/registry/deploying/ -# https://hub.docker.com/_/registry -# -# Use host networking so the buildx container can access the registry via -# localhost. -# -# First check if there already is a registry container running, else skip it. -# This will only happen either locally or running it via Github Actions -# -if ! timeout 5 bash -c 'cat < /dev/null > /dev/tcp/localhost/5000'; then - # defaults to port 5000 - docker run -d --name registry --network host registry:2 -fi - -# Docker Hub sets a `DOCKER_REPO` env var with the format `index.docker.io/user/repo`. -# Strip the registry portion to construct a local repo path for use in `Dockerfile.buildx`. -LOCAL_REGISTRY="localhost:5000" -REPO="${DOCKER_REPO#*/}" -LOCAL_REPO="${LOCAL_REGISTRY}/${REPO}" - -echo ">>> Pushing images to local registry..." - -for arch in "${arches[@]}"; do - docker_image="${DOCKER_REPO}:${DOCKER_TAG}-${arch}" - local_image="${LOCAL_REPO}:${DOCKER_TAG}-${arch}" - docker tag "${docker_image}" "${local_image}" - docker push "${local_image}" -done - -echo ">>> Setting up Docker Buildx..." - -# Same as earlier, use host networking so the buildx container can access the -# registry via localhost. -# -# Ref: https://github.com/docker/buildx/issues/94#issuecomment-534367714 -# -# Check if there already is a builder running, else skip this and use the existing. -# This will only happen either locally or running it via Github Actions -# -if ! docker buildx inspect builder > /dev/null 2>&1 ; then - docker buildx create --name builder --use --driver-opt network=host -fi - -echo ">>> Running Docker Buildx..." - -tags=("${DOCKER_REPO}:${DOCKER_TAG}") - -# If the Docker tag starts with a version number, assume the latest release -# is being pushed. Add an extra tag (`latest` or `alpine`, as appropriate) -# to make it easier for users to track the latest release. -if [[ "${DOCKER_TAG}" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then - if [[ "${DOCKER_TAG}" == *alpine ]]; then - tags+=("${DOCKER_REPO}:alpine") - else - tags+=("${DOCKER_REPO}:latest") - fi -fi - -tag_args=() -for tag in "${tags[@]}"; do - tag_args+=(--tag "${tag}") -done - -# Docker Buildx takes a list of target platforms (OS/arch/variant), so map -# the arch list to a platform list (assuming the OS is always `linux`). -declare -A arch_to_platform=( - [amd64]="linux/amd64" - [armv6]="linux/arm/v6" - [armv7]="linux/arm/v7" - [arm64]="linux/arm64" -) -platforms=() -for arch in "${arches[@]}"; do - platforms+=("${arch_to_platform[$arch]}") -done -platform="$(join "," "${platforms[@]}")" - -# Run the build, pushing the resulting images and multi-arch manifest list to -# Docker Hub. The Dockerfile is read from stdin to avoid sending any build -# context, which isn't needed here since the actual cross-compiled images -# have already been built. -docker buildx build \ - --network host \ - --build-arg LOCAL_REPO="${LOCAL_REPO}" \ - --build-arg DOCKER_TAG="${DOCKER_TAG}" \ - --platform "${platform}" \ - "${tag_args[@]}" \ - --push \ - - < ./docker/Dockerfile.buildx diff --git a/rust-toolchain.toml b/rust-toolchain.toml @@ -1,4 +1,4 @@ [toolchain] -channel = "1.72.0" +channel = "1.73.0" components = [ "rustfmt", "clippy" ] profile = "minimal"