mirror of https://github.com/LemmyNet/lemmy.git
* Moving to debian-based docker image. Fixes #3972 * Fix cargo.toml format. * Try nightly rust for cargo_fmt. * Trying to fix cargo build. * Trying to fix cargo build 2. * Trying to fix federation tests. * Trying to fix federation tests 2. * Trying to fix federation tests 3. * Try to fix aarch 1. * Try to fix aarch 2. * Try to fix aarch 3. * Removing aarch * Adding tests back in. * Adding ca-certs, and debian non-root user * Commenting arm image building. * Fix platform on runner. * Version 0.19.0-beta.6sanitize-fix
parent
3a1be8c041
commit
645bf21d54
|
@ -2,7 +2,7 @@
|
|||
# See https://github.com/woodpecker-ci/woodpecker/issues/1677
|
||||
|
||||
variables:
|
||||
- &muslrust_image "clux/muslrust:1.70.0"
|
||||
- &rust_image "rust:1.72.1"
|
||||
- &slow_check_paths
|
||||
- path:
|
||||
# rust source code
|
||||
|
@ -57,15 +57,13 @@ steps:
|
|||
|
||||
cargo_fmt:
|
||||
group: format
|
||||
image: *muslrust_image
|
||||
image: rustlang/rust:nightly
|
||||
environment:
|
||||
# store cargo data in repo folder so that it gets cached between steps
|
||||
CARGO_HOME: .cargo
|
||||
commands:
|
||||
# need make existing toolchain available
|
||||
- cp -n ~/.cargo . -r
|
||||
- rustup toolchain install nightly-2023-07-10 --no-self-update --profile minimal --component rustfmt
|
||||
- cargo +nightly-2023-07-10 fmt -- --check
|
||||
- cargo +nightly fmt -- --check
|
||||
|
||||
restore-cache:
|
||||
image: meltwater/drone-cache:v1
|
||||
|
@ -93,7 +91,7 @@ steps:
|
|||
|
||||
# make sure api builds with default features (used by other crates relying on lemmy api)
|
||||
check_api_common_default_features:
|
||||
image: *muslrust_image
|
||||
image: *rust_image
|
||||
environment:
|
||||
CARGO_HOME: .cargo
|
||||
commands:
|
||||
|
@ -101,7 +99,7 @@ steps:
|
|||
when: *slow_check_paths
|
||||
|
||||
lemmy_api_common_doesnt_depend_on_diesel:
|
||||
image: *muslrust_image
|
||||
image: *rust_image
|
||||
environment:
|
||||
CARGO_HOME: .cargo
|
||||
commands:
|
||||
|
@ -109,7 +107,7 @@ steps:
|
|||
when: *slow_check_paths
|
||||
|
||||
lemmy_api_common_works_with_wasm:
|
||||
image: *muslrust_image
|
||||
image: *rust_image
|
||||
environment:
|
||||
CARGO_HOME: .cargo
|
||||
commands:
|
||||
|
@ -118,7 +116,7 @@ steps:
|
|||
when: *slow_check_paths
|
||||
|
||||
check_defaults_hjson_updated:
|
||||
image: *muslrust_image
|
||||
image: *rust_image
|
||||
environment:
|
||||
CARGO_HOME: .cargo
|
||||
commands:
|
||||
|
@ -149,7 +147,7 @@ steps:
|
|||
when: *slow_check_paths
|
||||
|
||||
cargo_clippy:
|
||||
image: *muslrust_image
|
||||
image: *rust_image
|
||||
environment:
|
||||
CARGO_HOME: .cargo
|
||||
commands:
|
||||
|
@ -173,17 +171,17 @@ steps:
|
|||
when: *slow_check_paths
|
||||
|
||||
cargo_build:
|
||||
image: *muslrust_image
|
||||
image: *rust_image
|
||||
environment:
|
||||
CARGO_HOME: .cargo
|
||||
commands:
|
||||
- cargo build
|
||||
- mv target/x86_64-unknown-linux-musl/debug/lemmy_server target/lemmy_server
|
||||
- mv target/debug/lemmy_server target/lemmy_server
|
||||
when: *slow_check_paths
|
||||
|
||||
cargo_test:
|
||||
group: tests
|
||||
image: *muslrust_image
|
||||
image: *rust_image
|
||||
environment:
|
||||
LEMMY_DATABASE_URL: postgres://lemmy:password@database:5432/lemmy
|
||||
RUST_BACKTRACE: "1"
|
||||
|
@ -195,12 +193,12 @@ steps:
|
|||
|
||||
run_federation_tests:
|
||||
group: tests
|
||||
image: node:alpine
|
||||
image: node:20-bookworm-slim
|
||||
environment:
|
||||
LEMMY_DATABASE_URL: postgres://lemmy:password@database:5432
|
||||
DO_WRITE_HOSTS_FILE: "1"
|
||||
commands:
|
||||
- apk add bash curl postgresql-client
|
||||
- apt update && apt install -y bash curl postgresql-client
|
||||
- bash api_tests/prepare-drone-federation-test.sh
|
||||
- cd api_tests/
|
||||
- yarn
|
||||
|
@ -239,7 +237,9 @@ steps:
|
|||
settings:
|
||||
repo: dessalines/lemmy
|
||||
dockerfile: docker/Dockerfile
|
||||
platforms: linux/amd64,linux/arm64
|
||||
# TODO fix arm build: see: https://woodpecker.join-lemmy.org/repos/129/pipeline/2888/20
|
||||
# platforms: linux/amd64,linux/arm64
|
||||
platforms: linux/amd64
|
||||
build_args:
|
||||
- RUST_RELEASE_MODE=release
|
||||
tag: ${CI_COMMIT_TAG}
|
||||
|
|
|
@ -23,6 +23,8 @@ doctest = false
|
|||
[profile.release]
|
||||
debug = 0
|
||||
lto = "thin"
|
||||
strip = true # Automatically strip symbols from the binary.
|
||||
opt-level = "z" # Optimize for size.
|
||||
|
||||
# This profile significantly speeds up build time. If debug info is needed you can comment the line
|
||||
# out temporarily, but make sure to leave this in the main branch.
|
||||
|
|
|
@ -1,54 +1,13 @@
|
|||
#
|
||||
# Docker multiarch image:
|
||||
# We build the Lemmy binary for amd64 and arm64 in individual stages using the blackdex/rust-musl image (github.com/blackdex/rust-musl).
|
||||
# This image uses musl-cross-make (github.com/richfelker/musl-cross-make) to build a musl cross compilation toolchain for the target
|
||||
# architecture. It also includes pre-built static libraries such as libpq. These libraries can improve the compile time and eliminate
|
||||
# the requirement for extra dependencies in the final image.
|
||||
#
|
||||
# During each build stage, we use the blackdex/rust-musl openssl 3 images and configure PQ_LIB_DIR=/usr/local/musl/pq15/lib to use
|
||||
# libpq v15. We also ensure the installation of the Rust toolchain corresponding to the target architecture using:
|
||||
# `rustup target add $TARGET-unknown-linux-musl`.
|
||||
#
|
||||
|
||||
ARG RUST_VERSION=1.71.0
|
||||
ARG ALPINE_VERSION=3.18
|
||||
ARG RUST_VERSION=1.72.1
|
||||
ARG CARGO_BUILD_FEATURES=default
|
||||
ARG RUST_RELEASE_MODE=debug
|
||||
ARG UID=911
|
||||
ARG GID=911
|
||||
|
||||
# AMD64 builder base
|
||||
FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:x86_64-musl-stable-${RUST_VERSION}-openssl3 AS base-amd64
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
ENV CARGO_HOME=/root/.cargo
|
||||
ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib
|
||||
|
||||
RUN apt update && apt install -y \
|
||||
--no-install-recommends \
|
||||
git
|
||||
|
||||
RUN mkdir -pv "${CARGO_HOME}" && \
|
||||
rustup set profile minimal && \
|
||||
rustup target add x86_64-unknown-linux-musl
|
||||
|
||||
# ARM64 builder base
|
||||
FROM --platform=${BUILDPLATFORM} blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION}-openssl3 AS base-arm64
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
ENV CARGO_HOME=/root/.cargo
|
||||
ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib
|
||||
|
||||
RUN apt update && apt install -y \
|
||||
--no-install-recommends \
|
||||
git
|
||||
|
||||
RUN mkdir -pv "${CARGO_HOME}" && \
|
||||
rustup set profile minimal && \
|
||||
rustup target add aarch64-unknown-linux-musl
|
||||
ARG AMD_BUILDER_IMAGE=rust:${RUST_VERSION}
|
||||
ARG ARM_BUILDER_IMAGE=blackdex/rust-musl:aarch64-musl-stable-${RUST_VERSION}-openssl3
|
||||
ARG AMD_RUNNER_IMAGE=debian:bookworm-slim
|
||||
ARG ARM_RUNNER_IMAGE=alpine:3.18
|
||||
|
||||
# AMD64 builder
|
||||
FROM base-amd64 AS build-amd64
|
||||
FROM --platform=${BUILDPLATFORM} ${AMD_BUILDER_IMAGE} AS build-amd64
|
||||
|
||||
ARG CARGO_BUILD_FEATURES
|
||||
ARG RUST_RELEASE_MODE
|
||||
|
@ -61,65 +20,92 @@ COPY . ./
|
|||
RUN --mount=type=cache,target=/lemmy/target set -ex; \
|
||||
if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \
|
||||
echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \
|
||||
cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \
|
||||
mv target/x86_64-unknown-linux-musl/debug/lemmy_server ./lemmy; \
|
||||
cargo build --features "${CARGO_BUILD_FEATURES}"; \
|
||||
mv target/debug/lemmy_server ./lemmy; \
|
||||
fi
|
||||
|
||||
# Release build
|
||||
RUN set -ex; \
|
||||
if [ "${RUST_RELEASE_MODE}" = "release" ]; then \
|
||||
echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \
|
||||
cargo build --target=x86_64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \
|
||||
mv target/x86_64-unknown-linux-musl/release/lemmy_server ./lemmy; \
|
||||
cargo build --features "${CARGO_BUILD_FEATURES}" --release; \
|
||||
mv target/release/lemmy_server ./lemmy; \
|
||||
fi
|
||||
|
||||
# ARM64 builder
|
||||
FROM base-arm64 AS build-arm64
|
||||
# TODO currently broken
|
||||
# FROM --platform=${BUILDPLATFORM} ${ARM_BUILDER_IMAGE} as build-arm64
|
||||
|
||||
ARG CARGO_BUILD_FEATURES
|
||||
ARG RUST_RELEASE_MODE
|
||||
# ENV DEBIAN_FRONTEND=noninteractive
|
||||
# ENV CARGO_HOME=/root/.cargo
|
||||
# ENV PQ_LIB_DIR=/usr/local/musl/pq15/lib
|
||||
|
||||
WORKDIR /lemmy
|
||||
# RUN apt update && apt install -y \
|
||||
# --no-install-recommends \
|
||||
# git
|
||||
|
||||
COPY . ./
|
||||
# RUN mkdir -pv "${CARGO_HOME}" && \
|
||||
# rustup set profile minimal && \
|
||||
# rustup target add aarch64-unknown-linux-musl
|
||||
|
||||
# Debug build
|
||||
RUN --mount=type=cache,target=/lemmy/target set -ex; \
|
||||
if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \
|
||||
echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \
|
||||
cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \
|
||||
mv target/aarch64-unknown-linux-musl/debug/lemmy_server ./lemmy; \
|
||||
fi
|
||||
# ARG CARGO_BUILD_FEATURES
|
||||
# ARG RUST_RELEASE_MODE
|
||||
|
||||
# Release build
|
||||
RUN set -ex; \
|
||||
if [ "${RUST_RELEASE_MODE}" = "release" ]; then \
|
||||
echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \
|
||||
cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \
|
||||
mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy; \
|
||||
fi
|
||||
# WORKDIR /lemmy
|
||||
|
||||
# Get target binary
|
||||
FROM build-${TARGETARCH} AS build
|
||||
# COPY . ./
|
||||
|
||||
# # Debug build
|
||||
# RUN --mount=type=cache,target=/lemmy/target set -ex; \
|
||||
# if [ "${RUST_RELEASE_MODE}" = "debug" ]; then \
|
||||
# echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \
|
||||
# cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}"; \
|
||||
# mv target/aarch64-unknown-linux-musl/debug/lemmy_server ./lemmy; \
|
||||
# fi
|
||||
|
||||
# # Release build
|
||||
# RUN set -ex; \
|
||||
# if [ "${RUST_RELEASE_MODE}" = "release" ]; then \
|
||||
# echo "pub const VERSION: &str = \"$(git describe --tag)\";" > crates/utils/src/version.rs; \
|
||||
# cargo build --target=aarch64-unknown-linux-musl --features "${CARGO_BUILD_FEATURES}" --release; \
|
||||
# mv target/aarch64-unknown-linux-musl/release/lemmy_server ./lemmy; \
|
||||
# fi
|
||||
|
||||
## Final image
|
||||
FROM alpine:${ALPINE_VERSION}
|
||||
FROM ${AMD_RUNNER_IMAGE}
|
||||
|
||||
ARG UID
|
||||
ARG GID
|
||||
# Federation needs CA certificates
|
||||
RUN apt update && apt install -y libssl-dev libpq-dev ca-certificates
|
||||
|
||||
RUN apk add --no-cache \
|
||||
ca-certificates
|
||||
|
||||
COPY --from=build --chmod=0755 /lemmy/lemmy /usr/local/bin
|
||||
|
||||
RUN addgroup -S -g ${GID} lemmy && \
|
||||
adduser -S -H -D -G lemmy -u ${UID} -g "" -s /sbin/nologin lemmy
|
||||
|
||||
USER lemmy
|
||||
|
||||
CMD ["lemmy"]
|
||||
# Debian / Ubuntu non-root user creds
|
||||
ARG UNAME=lemmy
|
||||
ARG UID=1000
|
||||
ARG GID=1000
|
||||
RUN groupadd -g $GID -o $UNAME
|
||||
RUN useradd -m -u $UID -g $GID -o -s /bin/bash $UNAME
|
||||
USER $UNAME
|
||||
|
||||
COPY --from=build-amd64 /lemmy/lemmy ./
|
||||
CMD ["./lemmy"]
|
||||
EXPOSE 8536
|
||||
STOPSIGNAL SIGTERM
|
||||
|
||||
## Arm Runner
|
||||
# FROM --platform=${BUILDPLATFORM} ${ARM_RUNNER_IMAGE}
|
||||
|
||||
# ARG UNAME=lemmy
|
||||
# ARG UID=1000
|
||||
# ARG GID=1000
|
||||
|
||||
# RUN apk add --no-cache ca-certificates
|
||||
|
||||
# COPY --from=build-arm64 --chmod=0755 /lemmy/lemmy /usr/local/bin
|
||||
|
||||
# RUN addgroup -S -g ${GID} ${UNAME} && \
|
||||
# adduser -S -H -D -G ${UNAME} -u ${UID} -g "" -s /sbin/nologin ${UNAME}
|
||||
# USER $UNAME
|
||||
|
||||
# CMD ["lemmy"]
|
||||
# EXPOSE 8536
|
||||
# STOPSIGNAL SIGTERM
|
||||
|
||||
STOPSIGNAL SIGTERM
|
Loading…
Reference in New Issue