From 274a89b1380d7c2ac7bffc1782e2361f9bf77408 Mon Sep 17 00:00:00 2001 From: Diego Sampaio Date: Fri, 18 Oct 2024 19:12:55 -0300 Subject: [PATCH] chore!: Change default Docker flavor to Alpine (#28042) Co-authored-by: Guilherme Gazzo --- .changeset/six-horses-sin.md | 8 +++ .github/actions/build-docker-image/action.yml | 2 +- .github/workflows/ci-test-e2e.yml | 10 ++-- .github/workflows/ci.yml | 48 ++++++++-------- apps/meteor/.docker/Dockerfile | 56 +++++++----------- apps/meteor/.docker/Dockerfile.alpine | 49 ---------------- apps/meteor/.docker/Dockerfile.debian | 57 +++++++++++++++++++ 7 files changed, 117 insertions(+), 113 deletions(-) create mode 100644 .changeset/six-horses-sin.md delete mode 100644 apps/meteor/.docker/Dockerfile.alpine create mode 100644 apps/meteor/.docker/Dockerfile.debian diff --git a/.changeset/six-horses-sin.md b/.changeset/six-horses-sin.md new file mode 100644 index 000000000000..dcb75ef4ac6b --- /dev/null +++ b/.changeset/six-horses-sin.md @@ -0,0 +1,8 @@ +--- +"@rocket.chat/meteor": patch +--- + + + Changes the default base Docker image to Alpine. Previously we were shipping Alpine as an alternative flavor under the tag rocketchat/rocket.chat:{release}.alpine , we have been testing this for a while now so we're migrating to use the official one to Alpine. + +We'll still ship a Debian variant under the tag rocketchat/rocket.chat:{release}.debian. diff --git a/.github/actions/build-docker-image/action.yml b/.github/actions/build-docker-image/action.yml index 02a05d9605a7..fa0535d332c6 100644 --- a/.github/actions/build-docker-image/action.yml +++ b/.github/actions/build-docker-image/action.yml @@ -51,7 +51,7 @@ runs: fi; DOCKERFILE_PATH="${DOCKER_PATH}/Dockerfile" - if [[ '${{ inputs.release }}' = 'alpine' ]]; then + if [[ '${{ inputs.release }}' = 'debian' ]]; then DOCKERFILE_PATH="${DOCKERFILE_PATH}.${{ inputs.release }}" fi; diff --git a/.github/workflows/ci-test-e2e.yml b/.github/workflows/ci-test-e2e.yml index 7dc581450275..8f5d258ef165 100644 --- a/.github/workflows/ci-test-e2e.yml +++ b/.github/workflows/ci-test-e2e.yml @@ -18,10 +18,10 @@ on: rc-docker-tag: required: true type: string - rc-dockerfile-alpine: + rc-dockerfile-debian: required: true type: string - rc-docker-tag-alpine: + rc-docker-tag-debian: required: true type: string gh-docker-tag: @@ -83,8 +83,8 @@ jobs: test: runs-on: ubuntu-20.04 env: - RC_DOCKERFILE: ${{ matrix.mongodb-version == '7.0' && inputs.rc-dockerfile-alpine || inputs.rc-dockerfile }} - RC_DOCKER_TAG: ${{ matrix.mongodb-version == '7.0' && inputs.rc-docker-tag-alpine || inputs.rc-docker-tag }} + RC_DOCKERFILE: ${{ matrix.mongodb-version == '7.0' && inputs.rc-dockerfile-debian || inputs.rc-dockerfile }} + RC_DOCKER_TAG: ${{ matrix.mongodb-version == '7.0' && inputs.rc-docker-tag-debian || inputs.rc-docker-tag }} strategy: fail-fast: false @@ -92,7 +92,7 @@ jobs: mongodb-version: ${{ fromJSON(inputs.mongodb-version) }} shard: ${{ fromJSON(inputs.shard) }} - name: MongoDB ${{ matrix.mongodb-version }}${{ inputs.db-watcher-disabled == 'true' && ' [no watchers]' || '' }} (${{ matrix.shard }}/${{ inputs.total-shard }})${{ matrix.mongodb-version == '7.0' && ' - Alpine' || '' }} + name: MongoDB ${{ matrix.mongodb-version }}${{ inputs.db-watcher-disabled == 'true' && ' [no watchers]' || '' }} (${{ matrix.shard }}/${{ inputs.total-shard }}) - ${{ matrix.mongodb-version == '7.0' && 'Debian' || 'Alpine (Official)' }} steps: - name: Collect Workflow Telemetry diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e70557bbd31d..90b7d93f642a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,8 +32,8 @@ jobs: lowercase-repo: ${{ steps.var.outputs.lowercase-repo }} rc-dockerfile: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile' rc-docker-tag: '${{ steps.docker.outputs.gh-docker-tag }}.official' - rc-dockerfile-alpine: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile.alpine' - rc-docker-tag-alpine: '${{ steps.docker.outputs.gh-docker-tag }}.alpine' + rc-dockerfile-debian: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile.debian' + rc-docker-tag-debian: '${{ steps.docker.outputs.gh-docker-tag }}.debian' node-version: ${{ steps.var.outputs.node-version }} deno-version: ${{ steps.var.outputs.deno-version }} # this is 100% intentional, secrets are not available for forks, so ee-tests will always fail @@ -327,15 +327,15 @@ jobs: runs-on: ubuntu-20.04 env: - RC_DOCKERFILE: ${{ matrix.platform == 'alpine' && needs.release-versions.outputs.rc-dockerfile-alpine || needs.release-versions.outputs.rc-dockerfile }} - RC_DOCKER_TAG: ${{ matrix.platform == 'alpine' && needs.release-versions.outputs.rc-docker-tag-alpine || needs.release-versions.outputs.rc-docker-tag }} + RC_DOCKERFILE: ${{ matrix.platform == 'debian' && needs.release-versions.outputs.rc-dockerfile-debian || needs.release-versions.outputs.rc-dockerfile }} + RC_DOCKER_TAG: ${{ matrix.platform == 'debian' && needs.release-versions.outputs.rc-docker-tag-debian || needs.release-versions.outputs.rc-docker-tag }} DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} LOWERCASE_REPOSITORY: ${{ needs.release-versions.outputs.lowercase-repo }} strategy: fail-fast: false matrix: - platform: ['official', 'alpine'] + platform: ['official', 'debian'] steps: - uses: actions/checkout@v4 @@ -349,7 +349,7 @@ jobs: node-version: ${{ needs.release-versions.outputs.node-version }} deno-version: ${{ needs.release-versions.outputs.deno-version }} platform: ${{ matrix.platform }} - build-containers: ${{ matrix.platform == 'alpine' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }} + build-containers: ${{ matrix.platform == 'debian' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Make sure matrix bindings load @@ -363,15 +363,15 @@ jobs: runs-on: ubuntu-20.04 env: - RC_DOCKERFILE: ${{ matrix.platform == 'alpine' && needs.release-versions.outputs.rc-dockerfile-alpine || needs.release-versions.outputs.rc-dockerfile }} - RC_DOCKER_TAG: ${{ matrix.platform == 'alpine' && needs.release-versions.outputs.rc-docker-tag-alpine || needs.release-versions.outputs.rc-docker-tag }} + RC_DOCKERFILE: ${{ matrix.platform == 'debian' && needs.release-versions.outputs.rc-dockerfile-debian || needs.release-versions.outputs.rc-dockerfile }} + RC_DOCKER_TAG: ${{ matrix.platform == 'debian' && needs.release-versions.outputs.rc-docker-tag-debian || needs.release-versions.outputs.rc-docker-tag }} DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }} LOWERCASE_REPOSITORY: ${{ needs.release-versions.outputs.lowercase-repo }} strategy: fail-fast: false matrix: - platform: ['official', 'alpine'] + platform: ['official', 'debian'] steps: - uses: actions/checkout@v4 @@ -383,7 +383,7 @@ jobs: node-version: ${{ needs.release-versions.outputs.node-version }} deno-version: ${{ needs.release-versions.outputs.deno-version }} platform: ${{ matrix.platform }} - build-containers: ${{ matrix.platform == 'alpine' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }} + build-containers: ${{ matrix.platform == 'debian' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }} NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - name: Rename official Docker tag to GitHub Container Registry @@ -429,8 +429,8 @@ jobs: lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }} rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }} rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }} - rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }} - rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }} + rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }} + rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }} gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }} secrets: CR_USER: ${{ secrets.CR_USER }} @@ -453,8 +453,8 @@ jobs: lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }} rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }} rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }} - rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }} - rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }} + rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }} + rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }} gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }} retries: ${{ (github.event_name == 'release' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') && 2 || 0 }} secrets: @@ -481,8 +481,8 @@ jobs: lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }} rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }} rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }} - rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }} - rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }} + rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }} + rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }} gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }} secrets: CR_USER: ${{ secrets.CR_USER }} @@ -506,8 +506,8 @@ jobs: lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }} rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }} rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }} - rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }} - rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }} + rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }} + rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }} gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }} retries: ${{ (github.event_name == 'release' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') && 2 || 0 }} secrets: @@ -537,8 +537,8 @@ jobs: lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }} rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }} rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }} - rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }} - rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }} + rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }} + rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }} gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }} retries: ${{ (github.event_name == 'release' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') && 2 || 0 }} db-watcher-disabled: 'true' @@ -683,7 +683,7 @@ jobs: strategy: matrix: # this is currently a mix of variants and different images - release: ['official', 'preview', 'alpine'] + release: ['official', 'preview', 'debian'] env: IMAGE_NAME: 'rocketchat/rocket.chat' @@ -729,7 +729,7 @@ jobs: DOCKER_TAG=$GITHUB_REF_NAME # append the variant name to docker tag - if [[ '${{ matrix.release }}' = 'alpine' ]]; then + if [[ '${{ matrix.release }}' = 'debian'] ]]; then DOCKER_TAG="${DOCKER_TAG}-${{ matrix.release }}" fi; @@ -744,7 +744,7 @@ jobs: if [[ $GITHUB_REF == refs/tags/* ]]; then RELEASE="${{ needs.release-versions.outputs.release }}" - if [[ '${{ matrix.release }}' = 'alpine' ]]; then + if [[ '${{ matrix.release }}' = 'debian' ]]; then RELEASE="${RELEASE}-${{ matrix.release }}" fi; @@ -769,7 +769,7 @@ jobs: TAG_SHA="${{ steps.gh-docker.outputs.gh-docker-tag-sha }}" # append the variant name to docker tag - if [[ '${{ matrix.release }}' = 'alpine' ]]; then + if [[ '${{ matrix.release }}' = 'debian'] ]]; then TAG_SHA="${TAG_SHA}-${{ matrix.release }}" fi; diff --git a/apps/meteor/.docker/Dockerfile b/apps/meteor/.docker/Dockerfile index c8ede9db3cae..e225594ec44f 100644 --- a/apps/meteor/.docker/Dockerfile +++ b/apps/meteor/.docker/Dockerfile @@ -1,25 +1,14 @@ -ARG DENO_VERSION="1.37.1" - -FROM denoland/deno:bin-${DENO_VERSION} as deno - -FROM node:20.17.0-bullseye-slim +FROM node:20.17.0-alpine3.20 LABEL maintainer="buildmaster@rocket.chat" -# dependencies -RUN groupadd -g 65533 -r rocketchat \ - && useradd -u 65533 -r -g rocketchat rocketchat \ - && mkdir -p /app/uploads \ - && chown rocketchat:rocketchat /app/uploads \ - && apt-get update \ - && apt-get install -y --no-install-recommends fontconfig +ENV LANG=C.UTF-8 -COPY --from=deno /deno /bin/deno +RUN apk add --no-cache deno ttf-dejavu -# --chown requires Docker 17.12 and works only on Linux -ADD --chown=rocketchat:rocketchat . /app +ADD . /app -# needs a mongoinstance - defaults to container linking with alias 'mongo' +# needs a mongo instance - defaults to container linking with alias 'mongo' ENV DEPLOY_METHOD=docker \ NODE_ENV=production \ MONGO_URL=mongodb://mongo:27017/rocketchat \ @@ -28,25 +17,24 @@ ENV DEPLOY_METHOD=docker \ ROOT_URL=http://localhost:3000 \ Accounts_AvatarStorePath=/app/uploads -RUN aptMark="$(apt-mark showmanual)" \ - && apt-get install -y --no-install-recommends g++ make python3 ca-certificates \ +RUN set -x \ + && apk add --no-cache --virtual .fetch-deps python3 make g++ py3-setuptools libc6-compat \ && cd /app/bundle/programs/server \ - && npm install \ - && cd npm/node_modules/isolated-vm \ - && npm install \ - && apt-mark auto '.*' > /dev/null \ - && apt-mark manual $aptMark > /dev/null \ - && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && npm cache clear --force - -USER rocketchat + && npm install --omit=dev --unsafe-perm \ + # Start hack for sharp... + && rm -rf npm/node_modules/sharp \ + && npm install sharp@0.32.6 \ + && mv node_modules/sharp npm/node_modules/sharp \ + # End hack for sharp + # # Start hack for isolated-vm... + # && rm -rf npm/node_modules/isolated-vm \ + # && npm install isolated-vm@4.6.0 \ + # && mv node_modules/isolated-vm npm/node_modules/isolated-vm \ + # # End hack for isolated-vm + && cd /app/bundle/programs/server/npm \ + && npm rebuild bcrypt --build-from-source \ + && npm cache clear --force \ + && apk del .fetch-deps VOLUME /app/uploads diff --git a/apps/meteor/.docker/Dockerfile.alpine b/apps/meteor/.docker/Dockerfile.alpine deleted file mode 100644 index 7138711c3b11..000000000000 --- a/apps/meteor/.docker/Dockerfile.alpine +++ /dev/null @@ -1,49 +0,0 @@ -FROM node:20.17.0-alpine3.20 - -LABEL maintainer="buildmaster@rocket.chat" - -ENV LANG=C.UTF-8 - -RUN apk add --no-cache deno ttf-dejavu - -ADD . /app - -# needs a mongo instance - defaults to container linking with alias 'mongo' -ENV DEPLOY_METHOD=docker \ - NODE_ENV=production \ - MONGO_URL=mongodb://mongo:27017/rocketchat \ - HOME=/tmp \ - PORT=3000 \ - ROOT_URL=http://localhost:3000 \ - Accounts_AvatarStorePath=/app/uploads - -RUN set -x \ - && apk add --no-cache --virtual .fetch-deps python3 make g++ py3-setuptools libc6-compat \ - && cd /app/bundle/programs/server \ - && npm install --omit=dev --unsafe-perm \ - # Start hack for sharp... - && rm -rf npm/node_modules/sharp \ - && npm install sharp@0.32.6 \ - && mv node_modules/sharp npm/node_modules/sharp \ - # End hack for sharp - # # Start hack for isolated-vm... - # && rm -rf npm/node_modules/isolated-vm \ - # && npm install isolated-vm@4.6.0 \ - # && mv node_modules/isolated-vm npm/node_modules/isolated-vm \ - # # End hack for isolated-vm - && cd /app/bundle/programs/server/npm \ - && npm rebuild bcrypt --build-from-source \ - && npm cache clear --force \ - && apk del .fetch-deps - -# TODO: remove hack once upstream builds are fixed -COPY matrix-sdk-crypto.linux-x64-musl.node /app/bundle/programs/server/npm/node_modules/@matrix-org/matrix-sdk-crypto-nodejs -COPY matrix-sdk-crypto.linux-x64-musl.node /app/bundle/programs/server/npm/node_modules/@vector-im/matrix-bot-sdk/node_modules/@matrix-org/matrix-sdk-crypto-nodejs - -VOLUME /app/uploads - -WORKDIR /app/bundle - -EXPOSE 3000 - -CMD ["node", "main.js"] diff --git a/apps/meteor/.docker/Dockerfile.debian b/apps/meteor/.docker/Dockerfile.debian new file mode 100644 index 000000000000..c8ede9db3cae --- /dev/null +++ b/apps/meteor/.docker/Dockerfile.debian @@ -0,0 +1,57 @@ +ARG DENO_VERSION="1.37.1" + +FROM denoland/deno:bin-${DENO_VERSION} as deno + +FROM node:20.17.0-bullseye-slim + +LABEL maintainer="buildmaster@rocket.chat" + +# dependencies +RUN groupadd -g 65533 -r rocketchat \ + && useradd -u 65533 -r -g rocketchat rocketchat \ + && mkdir -p /app/uploads \ + && chown rocketchat:rocketchat /app/uploads \ + && apt-get update \ + && apt-get install -y --no-install-recommends fontconfig + +COPY --from=deno /deno /bin/deno + +# --chown requires Docker 17.12 and works only on Linux +ADD --chown=rocketchat:rocketchat . /app + +# needs a mongoinstance - defaults to container linking with alias 'mongo' +ENV DEPLOY_METHOD=docker \ + NODE_ENV=production \ + MONGO_URL=mongodb://mongo:27017/rocketchat \ + HOME=/tmp \ + PORT=3000 \ + ROOT_URL=http://localhost:3000 \ + Accounts_AvatarStorePath=/app/uploads + +RUN aptMark="$(apt-mark showmanual)" \ + && apt-get install -y --no-install-recommends g++ make python3 ca-certificates \ + && cd /app/bundle/programs/server \ + && npm install \ + && cd npm/node_modules/isolated-vm \ + && npm install \ + && apt-mark auto '.*' > /dev/null \ + && apt-mark manual $aptMark > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { print $(NF-1) }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && npm cache clear --force + +USER rocketchat + +VOLUME /app/uploads + +WORKDIR /app/bundle + +EXPOSE 3000 + +CMD ["node", "main.js"]