Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore!: Change default Docker flavor to Alpine #28042

Merged
merged 2 commits into from
Oct 18, 2024
Merged

chore!: Change default Docker flavor to Alpine #28042

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ef9a16b
Change default Dockerfile to alpine based flavor
sampaiodiego Feb 14, 2023
e25b972
Apply suggestions from code review
ggazzo Oct 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .changeset/six-horses-sin.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
"@rocket.chat/meteor": patch
---


Changes the default base Docker image to Alpine. We will generate a tag with the debian suffix, e.g., `7.0.0` -> `7.0.0-debian`. On the other hand, if you are already used to using alpine verision, you will need to remove the alpine suffix from the tag `7.0.0-alpine` -> `7.0.0`.
ggazzo marked this conversation as resolved.
Show resolved Hide resolved
2 changes: 1 addition & 1 deletion .github/actions/build-docker-image/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ runs:
fi;

DOCKERFILE_PATH="${DOCKER_PATH}/Dockerfile"
if [[ '${{ inputs.release }}' = 'alpine' ]]; then
if [[ '${{ inputs.release }}' = 'debian' ]]; then
DOCKERFILE_PATH="${DOCKERFILE_PATH}.${{ inputs.release }}"
fi;

Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/ci-test-e2e.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,10 @@ on:
rc-docker-tag:
required: true
type: string
rc-dockerfile-alpine:
rc-dockerfile-debian:
required: true
type: string
rc-docker-tag-alpine:
rc-docker-tag-debian:
required: true
type: string
gh-docker-tag:
Expand Down Expand Up @@ -83,16 +83,16 @@ jobs:
test:
runs-on: ubuntu-20.04
env:
RC_DOCKERFILE: ${{ matrix.mongodb-version == '7.0' && inputs.rc-dockerfile-alpine || inputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ matrix.mongodb-version == '7.0' && inputs.rc-docker-tag-alpine || inputs.rc-docker-tag }}
RC_DOCKERFILE: ${{ matrix.mongodb-version == '7.0' && inputs.rc-dockerfile-debian || inputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ matrix.mongodb-version == '7.0' && inputs.rc-docker-tag-debian || inputs.rc-docker-tag }}

strategy:
fail-fast: false
matrix:
mongodb-version: ${{ fromJSON(inputs.mongodb-version) }}
shard: ${{ fromJSON(inputs.shard) }}

name: MongoDB ${{ matrix.mongodb-version }}${{ inputs.db-watcher-disabled == 'true' && ' [no watchers]' || '' }} (${{ matrix.shard }}/${{ inputs.total-shard }})${{ matrix.mongodb-version == '7.0' && ' - Alpine' || '' }}
name: MongoDB ${{ matrix.mongodb-version }}${{ inputs.db-watcher-disabled == 'true' && ' [no watchers]' || '' }} (${{ matrix.shard }}/${{ inputs.total-shard }}) - ${{ matrix.mongodb-version == '7.0' && 'Debian' || 'Alpine (Official)' }}

steps:
- name: Collect Workflow Telemetry
Expand Down
48 changes: 24 additions & 24 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ jobs:
lowercase-repo: ${{ steps.var.outputs.lowercase-repo }}
rc-dockerfile: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile'
rc-docker-tag: '${{ steps.docker.outputs.gh-docker-tag }}.official'
rc-dockerfile-alpine: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile.alpine'
rc-docker-tag-alpine: '${{ steps.docker.outputs.gh-docker-tag }}.alpine'
rc-dockerfile-debian: '${{ github.workspace }}/apps/meteor/.docker/Dockerfile.debian'
rc-docker-tag-debian: '${{ steps.docker.outputs.gh-docker-tag }}.debian'
node-version: ${{ steps.var.outputs.node-version }}
deno-version: ${{ steps.var.outputs.deno-version }}
# this is 100% intentional, secrets are not available for forks, so ee-tests will always fail
Expand Down Expand Up @@ -323,15 +323,15 @@ jobs:
runs-on: ubuntu-20.04

env:
RC_DOCKERFILE: ${{ matrix.platform == 'alpine' && needs.release-versions.outputs.rc-dockerfile-alpine || needs.release-versions.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ matrix.platform == 'alpine' && needs.release-versions.outputs.rc-docker-tag-alpine || needs.release-versions.outputs.rc-docker-tag }}
RC_DOCKERFILE: ${{ matrix.platform == 'debian' && needs.release-versions.outputs.rc-dockerfile-debian || needs.release-versions.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ matrix.platform == 'debian' && needs.release-versions.outputs.rc-docker-tag-debian || needs.release-versions.outputs.rc-docker-tag }}
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
LOWERCASE_REPOSITORY: ${{ needs.release-versions.outputs.lowercase-repo }}

strategy:
fail-fast: false
matrix:
platform: ['official', 'alpine']
platform: ['official', 'debian']

steps:
- uses: actions/checkout@v4
Expand All @@ -345,7 +345,7 @@ jobs:
node-version: ${{ needs.release-versions.outputs.node-version }}
deno-version: ${{ needs.release-versions.outputs.deno-version }}
platform: ${{ matrix.platform }}
build-containers: ${{ matrix.platform == 'alpine' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }}
build-containers: ${{ matrix.platform == 'debian' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Make sure matrix bindings load
Expand All @@ -359,15 +359,15 @@ jobs:
runs-on: ubuntu-20.04

env:
RC_DOCKERFILE: ${{ matrix.platform == 'alpine' && needs.release-versions.outputs.rc-dockerfile-alpine || needs.release-versions.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ matrix.platform == 'alpine' && needs.release-versions.outputs.rc-docker-tag-alpine || needs.release-versions.outputs.rc-docker-tag }}
RC_DOCKERFILE: ${{ matrix.platform == 'debian' && needs.release-versions.outputs.rc-dockerfile-debian || needs.release-versions.outputs.rc-dockerfile }}
RC_DOCKER_TAG: ${{ matrix.platform == 'debian' && needs.release-versions.outputs.rc-docker-tag-debian || needs.release-versions.outputs.rc-docker-tag }}
DOCKER_TAG: ${{ needs.release-versions.outputs.gh-docker-tag }}
LOWERCASE_REPOSITORY: ${{ needs.release-versions.outputs.lowercase-repo }}

strategy:
fail-fast: false
matrix:
platform: ['official', 'alpine']
platform: ['official', 'debian']

steps:
- uses: actions/checkout@v4
Expand All @@ -379,7 +379,7 @@ jobs:
node-version: ${{ needs.release-versions.outputs.node-version }}
deno-version: ${{ needs.release-versions.outputs.deno-version }}
platform: ${{ matrix.platform }}
build-containers: ${{ matrix.platform == 'alpine' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }}
build-containers: ${{ matrix.platform == 'debian' && 'authorization-service account-service ddp-streamer-service presence-service stream-hub-service queue-worker-service omnichannel-transcript-service' || '' }}
NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

- name: Rename official Docker tag to GitHub Container Registry
Expand Down Expand Up @@ -425,8 +425,8 @@ jobs:
lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }}
rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }}
rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }}
rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }}
rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }}
rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }}
rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }}
gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }}
secrets:
CR_USER: ${{ secrets.CR_USER }}
Expand All @@ -449,8 +449,8 @@ jobs:
lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }}
rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }}
rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }}
rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }}
rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }}
rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }}
rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }}
gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }}
retries: ${{ (github.event_name == 'release' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') && 2 || 0 }}
secrets:
Expand All @@ -477,8 +477,8 @@ jobs:
lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }}
rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }}
rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }}
rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }}
rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }}
rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }}
rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }}
gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }}
secrets:
CR_USER: ${{ secrets.CR_USER }}
Expand All @@ -502,8 +502,8 @@ jobs:
lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }}
rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }}
rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }}
rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }}
rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }}
rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }}
rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }}
gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }}
retries: ${{ (github.event_name == 'release' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') && 2 || 0 }}
secrets:
Expand Down Expand Up @@ -533,8 +533,8 @@ jobs:
lowercase-repo: ${{ needs.release-versions.outputs.lowercase-repo }}
rc-dockerfile: ${{ needs.release-versions.outputs.rc-dockerfile }}
rc-docker-tag: ${{ needs.release-versions.outputs.rc-docker-tag }}
rc-dockerfile-alpine: ${{ needs.release-versions.outputs.rc-dockerfile-alpine }}
rc-docker-tag-alpine: ${{ needs.release-versions.outputs.rc-docker-tag-alpine }}
rc-dockerfile-debian: ${{ needs.release-versions.outputs.rc-dockerfile-debian }}
rc-docker-tag-debian: ${{ needs.release-versions.outputs.rc-docker-tag-debian }}
gh-docker-tag: ${{ needs.release-versions.outputs.gh-docker-tag }}
retries: ${{ (github.event_name == 'release' || github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master') && 2 || 0 }}
db-watcher-disabled: 'true'
Expand Down Expand Up @@ -679,7 +679,7 @@ jobs:
strategy:
matrix:
# this is currently a mix of variants and different images
release: ['official', 'preview', 'alpine']
release: ['official', 'preview', 'debian']

env:
IMAGE_NAME: 'rocketchat/rocket.chat'
Expand Down Expand Up @@ -725,7 +725,7 @@ jobs:
DOCKER_TAG=$GITHUB_REF_NAME

# append the variant name to docker tag
if [[ '${{ matrix.release }}' = 'alpine' ]]; then
if [[ '${{ matrix.release }}' = 'debian'] ]]; then
DOCKER_TAG="${DOCKER_TAG}-${{ matrix.release }}"
fi;

Expand All @@ -740,7 +740,7 @@ jobs:
if [[ $GITHUB_REF == refs/tags/* ]]; then
RELEASE="${{ needs.release-versions.outputs.release }}"

if [[ '${{ matrix.release }}' = 'alpine' ]]; then
if [[ '${{ matrix.release }}' = 'debian' ]]; then
RELEASE="${RELEASE}-${{ matrix.release }}"
fi;

Expand All @@ -765,7 +765,7 @@ jobs:
TAG_SHA="${{ steps.gh-docker.outputs.gh-docker-tag-sha }}"

# append the variant name to docker tag
if [[ '${{ matrix.release }}' = 'alpine' ]]; then
if [[ '${{ matrix.release }}' = 'debian'] ]]; then
TAG_SHA="${TAG_SHA}-${{ matrix.release }}"
fi;

Expand Down
56 changes: 22 additions & 34 deletions apps/meteor/.docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,25 +1,14 @@
ARG DENO_VERSION="1.37.1"

FROM denoland/deno:bin-${DENO_VERSION} as deno

FROM node:20.17.0-bullseye-slim
FROM node:20.17.0-alpine3.20

LABEL maintainer="[email protected]"

# dependencies
RUN groupadd -g 65533 -r rocketchat \
&& useradd -u 65533 -r -g rocketchat rocketchat \
&& mkdir -p /app/uploads \
&& chown rocketchat:rocketchat /app/uploads \
&& apt-get update \
&& apt-get install -y --no-install-recommends fontconfig
ENV LANG=C.UTF-8

COPY --from=deno /deno /bin/deno
RUN apk add --no-cache deno ttf-dejavu

# --chown requires Docker 17.12 and works only on Linux
ADD --chown=rocketchat:rocketchat . /app
ADD . /app

# needs a mongoinstance - defaults to container linking with alias 'mongo'
# needs a mongo instance - defaults to container linking with alias 'mongo'
ENV DEPLOY_METHOD=docker \
NODE_ENV=production \
MONGO_URL=mongodb://mongo:27017/rocketchat \
Expand All @@ -28,25 +17,24 @@ ENV DEPLOY_METHOD=docker \
ROOT_URL=http://localhost:3000 \
Accounts_AvatarStorePath=/app/uploads

RUN aptMark="$(apt-mark showmanual)" \
&& apt-get install -y --no-install-recommends g++ make python3 ca-certificates \
RUN set -x \
&& apk add --no-cache --virtual .fetch-deps python3 make g++ py3-setuptools libc6-compat \
&& cd /app/bundle/programs/server \
&& npm install \
&& cd npm/node_modules/isolated-vm \
&& npm install \
&& apt-mark auto '.*' > /dev/null \
&& apt-mark manual $aptMark > /dev/null \
&& find /usr/local -type f -executable -exec ldd '{}' ';' \
| awk '/=>/ { print $(NF-1) }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual \
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& npm cache clear --force

USER rocketchat
&& npm install --omit=dev --unsafe-perm \
# Start hack for sharp...
&& rm -rf npm/node_modules/sharp \
&& npm install [email protected] \
&& mv node_modules/sharp npm/node_modules/sharp \
# End hack for sharp
# # Start hack for isolated-vm...
# && rm -rf npm/node_modules/isolated-vm \
# && npm install [email protected] \
# && mv node_modules/isolated-vm npm/node_modules/isolated-vm \
# # End hack for isolated-vm
&& cd /app/bundle/programs/server/npm \
&& npm rebuild bcrypt --build-from-source \
&& npm cache clear --force \
&& apk del .fetch-deps

VOLUME /app/uploads

Expand Down
49 changes: 0 additions & 49 deletions apps/meteor/.docker/Dockerfile.alpine
View file
Open in desktop

This file was deleted.

57 changes: 57 additions & 0 deletions apps/meteor/.docker/Dockerfile.debian
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
ARG DENO_VERSION="1.37.1"

FROM denoland/deno:bin-${DENO_VERSION} as deno

FROM node:20.17.0-bullseye-slim

LABEL maintainer="[email protected]"

# dependencies
RUN groupadd -g 65533 -r rocketchat \
&& useradd -u 65533 -r -g rocketchat rocketchat \
&& mkdir -p /app/uploads \
&& chown rocketchat:rocketchat /app/uploads \
&& apt-get update \
&& apt-get install -y --no-install-recommends fontconfig

COPY --from=deno /deno /bin/deno

# --chown requires Docker 17.12 and works only on Linux
ADD --chown=rocketchat:rocketchat . /app

# needs a mongoinstance - defaults to container linking with alias 'mongo'
ENV DEPLOY_METHOD=docker \
NODE_ENV=production \
MONGO_URL=mongodb://mongo:27017/rocketchat \
HOME=/tmp \
PORT=3000 \
ROOT_URL=http://localhost:3000 \
Accounts_AvatarStorePath=/app/uploads

RUN aptMark="$(apt-mark showmanual)" \
&& apt-get install -y --no-install-recommends g++ make python3 ca-certificates \
&& cd /app/bundle/programs/server \
&& npm install \
&& cd npm/node_modules/isolated-vm \
&& npm install \
&& apt-mark auto '.*' > /dev/null \
&& apt-mark manual $aptMark > /dev/null \
&& find /usr/local -type f -executable -exec ldd '{}' ';' \
| awk '/=>/ { print $(NF-1) }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual \
&& apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
&& npm cache clear --force

USER rocketchat

VOLUME /app/uploads

WORKDIR /app/bundle

EXPOSE 3000

CMD ["node", "main.js"]
Loading