首頁 探索 說明
註冊 登入
Apq
/
vaultwarden
镜像来自 https://github.com/dani-garcia/vaultwarden.git
1
0
複刻 0
Files 問題管理 0 Wiki
分支: test_dylint
分支列表 標籤列表
vaultwarden
/
docker
/
Dockerfile.alpine

Dockerfile.alpine 6.4 KB
永久連結 文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158 
  1. # syntax=docker/dockerfile:1
    2. 

  2. # check=skip=FromPlatformFlagConstDisallowed,RedundantTargetPlatform
    3. 

  3. 

  4. # This file was generated using a Jinja2 template.
    5. 

  5. # Please make your changes in `DockerSettings.yaml` or `Dockerfile.j2` and then `make`
    6. 

  6. # This will generate two Dockerfile's `Dockerfile.debian` and `Dockerfile.alpine`
    7. 

  7. 

  8. # Using multistage build:
    9. 

  9. # 	https://docs.docker.com/develop/develop-images/multistage-build/
    10. 

  10. # 	https://whitfin.io/speeding-up-rust-docker-builds/
    11. 

  11. 

  12. ####################### VAULT BUILD IMAGE #######################
    13. 

  13. # The web-vault digest specifies a particular web-vault build on Docker Hub.
    14. 

  14. # Using the digest instead of the tag name provides better security,
    15. 

  15. # as the digest of an image is immutable, whereas a tag name can later
    16. 

  16. # be changed to point to a malicious image.
    17. 

  17. #
    18. 

  18. # To verify the current digest for a given tag name:
    19. 

  19. # - From https://hub.docker.com/r/vaultwarden/web-vault/tags,
    20. 

  20. #   click the tag name to view the digest of the image it currently points to.
    21. 

  21. # - From the command line:
    22. 

  22. #     $ docker pull docker.io/vaultwarden/web-vault:v2024.6.2c
    23. 

  23. #     $ docker image inspect --format "{{.RepoDigests}}" docker.io/vaultwarden/web-vault:v2024.6.2c
    24. 

  24. #     [docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b]
    25. 

  25. #
    26. 

  26. # - Conversely, to get the tag name from the digest:
    27. 

  27. #     $ docker image inspect --format "{{.RepoTags}}" docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b
    28. 

  28. #     [docker.io/vaultwarden/web-vault:v2024.6.2c]
    29. 

  29. #
    30. 

  30. FROM --platform=linux/amd64 docker.io/vaultwarden/web-vault@sha256:409ab328ca931439cb916b388a4bb784bd44220717aaf74cf71620c23e34fc2b AS vault
    31. 

  31. 

  32. ########################## ALPINE BUILD IMAGES ##########################
    33. 

  33. ## NOTE: The Alpine Base Images do not support other platforms then linux/amd64
    34. 

  34. ## And for Alpine we define all build images here, they will only be loaded when actually used
    35. 

  35. FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:x86_64-musl-stable-1.82.0 AS build_amd64
    36. 

  36. FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:aarch64-musl-stable-1.82.0 AS build_arm64
    37. 

  37. FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:armv7-musleabihf-stable-1.82.0 AS build_armv7
    38. 

  38. FROM --platform=linux/amd64 ghcr.io/blackdex/rust-musl:arm-musleabi-stable-1.82.0 AS build_armv6
    39. 

  39. 

  40. ########################## BUILD IMAGE ##########################
    41. 

  41. # hadolint ignore=DL3006
    42. 

  42. FROM --platform=linux/amd64 build_${TARGETARCH}${TARGETVARIANT} AS build
    43. 

  43. ARG TARGETARCH
    44. 

  44. ARG TARGETVARIANT
    45. 

  45. ARG TARGETPLATFORM
    46. 

  46. 

  47. SHELL ["/bin/bash", "-o", "pipefail", "-c"]
    48. 

  48. 

  49. # Build time options to avoid dpkg warnings and help with reproducible builds.
    50. 

  50. ENV DEBIAN_FRONTEND=noninteractive \
    51. 

  51.     LANG=C.UTF-8 \
    52. 

  52.     TZ=UTC \
    53. 

  53.     TERM=xterm-256color \
    54. 

  54.     CARGO_HOME="/root/.cargo" \
    55. 

  55.     USER="root" \
    56. 

  56.     # Use PostgreSQL v15 during Alpine/MUSL builds instead of the default v11
    57. 

  57.     # Debian Bookworm already contains libpq v15
    58. 

  58.     PQ_LIB_DIR="/usr/local/musl/pq15/lib"
    59. 

  59. 

  60. 

  61. # Create CARGO_HOME folder and don't download rust docs
    62. 

  62. RUN mkdir -pv "${CARGO_HOME}" && \
    63. 

  63.     rustup set profile minimal
    64. 

  64. 

  65. # Creates a dummy project used to grab dependencies
    66. 

  66. RUN USER=root cargo new --bin /app
    67. 

  67. WORKDIR /app
    68. 

  68. 

  69. # Environment variables for Cargo on Alpine based builds
    70. 

  70. RUN echo "export CARGO_TARGET=${RUST_MUSL_CROSS_TARGET}" >> /env-cargo && \
    71. 

  71.     # Output the current contents of the file
    72. 

  72.     cat /env-cargo
    73. 

  73. 

  74. RUN source /env-cargo && \
    75. 

  75.     rustup target add "${CARGO_TARGET}"
    76. 

  76. 

  77. # Copies over *only* your manifests and build files
    78. 

  78. COPY ./Cargo.* ./rust-toolchain.toml ./build.rs ./
    79. 

  79. 

  80. ARG CARGO_PROFILE=release
    81. 

  81. 

  82. # Configure the DB ARG as late as possible to not invalidate the cached layers above
    83. 

  83. # Enable MiMalloc to improve performance on Alpine builds
    84. 

  84. ARG DB=sqlite,mysql,postgresql,enable_mimalloc
    85. 

  85. 

  86. # Builds your dependencies and removes the
    87. 

  87. # dummy project, except the target folder
    88. 

  88. # This folder contains the compiled dependencies
    89. 

  89. RUN source /env-cargo && \
    90. 

  90.     cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
    91. 

  91.     find . -not -path "./target*" -delete
    92. 

  92. 

  93. # Copies the complete project
    94. 

  94. # To avoid copying unneeded files, use .dockerignore
    95. 

  95. COPY . .
    96. 

  96. 

  97. ARG VW_VERSION
    98. 

  98. 

  99. # Builds again, this time it will be the actual source files being build
    100. 

  100. RUN source /env-cargo && \
    101. 

  101.     # Make sure that we actually build the project by updating the src/main.rs timestamp
    102. 

  102.     # Also do this for build.rs to ensure the version is rechecked
    103. 

  103.     touch build.rs src/main.rs && \
    104. 

  104.     # Create a symlink to the binary target folder to easy copy the binary in the final stage
    105. 

  105.     cargo build --features ${DB} --profile "${CARGO_PROFILE}" --target="${CARGO_TARGET}" && \
    106. 

  106.     if [[ "${CARGO_PROFILE}" == "dev" ]] ; then \
    107. 

  107.         ln -vfsr "/app/target/${CARGO_TARGET}/debug" /app/target/final ; \
    108. 

  108.     else \
    109. 

  109.         ln -vfsr "/app/target/${CARGO_TARGET}/${CARGO_PROFILE}" /app/target/final ; \
    110. 

  110.     fi
    111. 

  111. 

  112. 

  113. ######################## RUNTIME IMAGE  ########################
    114. 

  114. # Create a new stage with a minimal image
    115. 

  115. # because we already have a binary built
    116. 

  116. #
    117. 

  117. # To build these images you need to have qemu binfmt support.
    118. 

  118. # See the following pages to help install these tools locally
    119. 

  119. # Ubuntu/Debian: https://wiki.debian.org/QemuUserEmulation
    120. 

  120. # Arch Linux: https://wiki.archlinux.org/title/QEMU#Chrooting_into_arm/arm64_environment_from_x86_64
    121. 

  121. #
    122. 

  122. # Or use a Docker image which modifies your host system to support this.
    123. 

  123. # The GitHub Actions Workflow uses the same image as used below.
    124. 

  124. # See: https://github.com/tonistiigi/binfmt
    125. 

  125. # Usage: docker run --privileged --rm tonistiigi/binfmt --install arm64,arm
    126. 

  126. # To uninstall: docker run --privileged --rm tonistiigi/binfmt --uninstall 'qemu-*'
    127. 

  127. #
    128. 

  128. # We need to add `--platform` here, because of a podman bug: https://github.com/containers/buildah/issues/4742
    129. 

  129. FROM --platform=$TARGETPLATFORM docker.io/library/alpine:3.20
    130. 

  130. 

  131. ENV ROCKET_PROFILE="release" \
    132. 

  132.     ROCKET_ADDRESS=0.0.0.0 \
    133. 

  133.     ROCKET_PORT=80 \
    134. 

  134.     SSL_CERT_DIR=/etc/ssl/certs
    135. 

  135. 

  136. # Create data folder and Install needed libraries
    137. 

  137. RUN mkdir /data && \
    138. 

  138.     apk --no-cache add \
    139. 

  139.         ca-certificates \
    140. 

  140.         curl \
    141. 

  141.         openssl \
    142. 

  142.         tzdata
    143. 

  143. 

  144. VOLUME /data
    145. 

  145. EXPOSE 80
    146. 

  146. 

  147. # Copies the files from the context (Rocket.toml file and web-vault)
    148. 

  148. # and the binary from the "build" stage to the current stage
    149. 

  149. WORKDIR /
    150. 

  150. 

  151. COPY docker/healthcheck.sh docker/start.sh /
    152. 

  152. 

  153. COPY --from=vault /web-vault ./web-vault
    154. 

  154. COPY --from=build /app/target/final/vaultwarden .
    155. 

  155. 

  156. HEALTHCHECK --interval=60s --timeout=10s CMD ["/healthcheck.sh"]
    157. 

  157. 

  158. CMD ["/start.sh"]
    159.