From 6e93d17359867599067ace39b36408848335bb05 Mon Sep 17 00:00:00 2001 From: Jason Little Date: Tue, 30 May 2023 05:30:37 -0500 Subject: [PATCH 1/5] Fully qualified docker image names for the main Dockerfile and Complement related. --- docker/Dockerfile | 6 +++--- docker/Dockerfile-workers | 6 ++++-- docker/complement/Dockerfile | 6 ++++-- docker/editable.Dockerfile | 2 +- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 6107dced43f9..12cff84131b7 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -27,7 +27,7 @@ ARG PYTHON_VERSION=3.11 ### # We hardcode the use of Debian bullseye here because this could change upstream # and other Dockerfiles used for testing are expecting bullseye. -FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as requirements +FROM docker.io/library/python:${PYTHON_VERSION}-slim-bullseye as requirements # RUN --mount is specific to buildkit and is documented at # https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#build-mounts-run---mount. @@ -87,7 +87,7 @@ RUN if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \ ### ### Stage 1: builder ### -FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as builder +FROM docker.io/library/python:${PYTHON_VERSION}-slim-bullseye as builder # install the OS build deps RUN \ @@ -158,7 +158,7 @@ RUN --mount=type=cache,target=/synapse/target,sharing=locked \ ### Stage 2: runtime ### -FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye +FROM docker.io/library/python:${PYTHON_VERSION}-slim-bullseye LABEL org.opencontainers.image.url='https://matrix.org/docs/projects/server/synapse' LABEL org.opencontainers.image.documentation='https://github.com/matrix-org/synapse/blob/master/docker/README.md' diff --git a/docker/Dockerfile-workers b/docker/Dockerfile-workers index faf7f2cef8a5..805bb44f248d 100644 --- a/docker/Dockerfile-workers +++ b/docker/Dockerfile-workers @@ -1,13 +1,15 @@ # syntax=docker/dockerfile:1 ARG SYNAPSE_VERSION=latest +# This one doesn't get hardcoded, as it's an intermediate build step for Complement and +# is not pulled from a registry. ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION # first of all, we create a base image with an nginx which we can copy into the # target image. For repeated rebuilds, this is much faster than apt installing # each time. -FROM debian:bullseye-slim AS deps_base +FROM docker.io/library/debian:bullseye-slim AS deps_base RUN \ --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ @@ -21,7 +23,7 @@ FROM debian:bullseye-slim AS deps_base # which makes it much easier to copy (but we need to make sure we use an image # based on the same debian version as the synapse image, to make sure we get # the expected version of libc. -FROM redis:6-bullseye AS redis_base +FROM docker.io/library/redis:6-bullseye AS redis_base # now build the final image, based on the the regular Synapse docker image FROM $FROM diff --git a/docker/complement/Dockerfile b/docker/complement/Dockerfile index be1aa1c55e09..238afaf787e9 100644 --- a/docker/complement/Dockerfile +++ b/docker/complement/Dockerfile @@ -7,6 +7,8 @@ # https://github.com/matrix-org/synapse/blob/develop/docker/README-testing.md#testing-with-postgresql-and-single-or-multi-process-synapse ARG SYNAPSE_VERSION=latest +# This one doesn't get hardcoded, as it's an intermediate build step. The previous step +# is built locally, not pulled from any registry. ARG FROM=matrixdotorg/synapse-workers:$SYNAPSE_VERSION FROM $FROM @@ -19,8 +21,8 @@ FROM $FROM # the same debian version as Synapse's docker image (so the versions of the # shared libraries match). RUN adduser --system --uid 999 postgres --home /var/lib/postgresql - COPY --from=postgres:13-bullseye /usr/lib/postgresql /usr/lib/postgresql - COPY --from=postgres:13-bullseye /usr/share/postgresql /usr/share/postgresql + COPY --from=docker.io/library/postgres:13-bullseye /usr/lib/postgresql /usr/lib/postgresql + COPY --from=docker.io/library/postgres:13-bullseye /usr/share/postgresql /usr/share/postgresql RUN mkdir /var/run/postgresql && chown postgres /var/run/postgresql ENV PATH="${PATH}:/usr/lib/postgresql/13/bin" ENV PGDATA=/var/lib/postgresql/data diff --git a/docker/editable.Dockerfile b/docker/editable.Dockerfile index 0e8cf2e712ff..c53ce1c718e8 100644 --- a/docker/editable.Dockerfile +++ b/docker/editable.Dockerfile @@ -10,7 +10,7 @@ ARG PYTHON_VERSION=3.9 ### # We hardcode the use of Debian bullseye here because this could change upstream # and other Dockerfiles used for testing are expecting bullseye. -FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye +FROM docker.io/library/python:${PYTHON_VERSION}-slim-bullseye # Install Rust and other dependencies (stolen from normal Dockerfile) # install the OS build deps From 265b7c0ac0d87eb7834ff0662cdd4068163d2a72 Mon Sep 17 00:00:00 2001 From: Jason Little Date: Tue, 30 May 2023 05:31:16 -0500 Subject: [PATCH 2/5] Fully qualified docker image names for Dockerfiles associated with building Debian release artifacts. This one is harder and is separate from the other commit in case it wasn't correct or was unwanted. I decided to do the expansion on the docker images in the Dockerfile itself, instead of the various source places that build which distribution that is selected, as it would have been more invasive with the scripts breaking up the string for tagging and such. This one is untested. --- .github/workflows/release-artifacts.yml | 1 + docker/Dockerfile-dhvirtualenv | 4 ++-- scripts-dev/build_debian_packages.py | 2 ++ 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-artifacts.yml b/.github/workflows/release-artifacts.yml index ebd7d298a9e9..09812004017f 100644 --- a/.github/workflows/release-artifacts.yml +++ b/.github/workflows/release-artifacts.yml @@ -34,6 +34,7 @@ jobs: - id: set-distros run: | # if we're running from a tag, get the full list of distros; otherwise just use debian:sid + # NOTE: inside the actual Dockerfile-dhvirtualenv, the image name is expanded into its full image path dists='["debian:sid"]' if [[ $GITHUB_REF == refs/tags/* ]]; then dists=$(scripts-dev/build_debian_packages.py --show-dists-json) diff --git a/docker/Dockerfile-dhvirtualenv b/docker/Dockerfile-dhvirtualenv index 2013732422ce..861129ebc225 100644 --- a/docker/Dockerfile-dhvirtualenv +++ b/docker/Dockerfile-dhvirtualenv @@ -24,7 +24,7 @@ ARG distro="" # https://launchpad.net/~jyrki-pulliainen/+archive/ubuntu/dh-virtualenv, but # it's not obviously easier to use that than to build our own.) -FROM ${distro} as builder +FROM docker.io/library/${distro} as builder RUN apt-get update -qq -o Acquire::Languages=none RUN env DEBIAN_FRONTEND=noninteractive apt-get install \ @@ -55,7 +55,7 @@ RUN cd /dh-virtualenv && DEB_BUILD_OPTIONS=nodoc dpkg-buildpackage -us -uc -b ### ### Stage 1 ### -FROM ${distro} +FROM docker.io/library/${distro} # Get the distro we want to pull from as a dynamic build variable # (We need to define it in each build stage) diff --git a/scripts-dev/build_debian_packages.py b/scripts-dev/build_debian_packages.py index ede766501100..4c9f134ddd83 100755 --- a/scripts-dev/build_debian_packages.py +++ b/scripts-dev/build_debian_packages.py @@ -20,6 +20,8 @@ from types import FrameType from typing import Collection, Optional, Sequence, Set +# These are expanded inside the dockerfile to be a fully qualified image name. +# e.g. docker.io/library/debian:bullseye DISTS = ( "debian:buster", # oldstable: EOL 2022-08 "debian:bullseye", From 9a504d9021f6a226b24fffe3dc836219d9a7f0fb Mon Sep 17 00:00:00 2001 From: Jason Little Date: Tue, 30 May 2023 06:07:53 -0500 Subject: [PATCH 3/5] Changelog --- changelog.d/15689.misc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/15689.misc diff --git a/changelog.d/15689.misc b/changelog.d/15689.misc new file mode 100644 index 000000000000..4262cc951507 --- /dev/null +++ b/changelog.d/15689.misc @@ -0,0 +1 @@ +Add fully qualified docker image names to Dockerfiles. From 55b0463e3852e5addc22d51ae30270b05db14276 Mon Sep 17 00:00:00 2001 From: reivilibre Date: Wed, 31 May 2023 15:24:10 +0100 Subject: [PATCH 4/5] Update docker/Dockerfile-workers --- docker/Dockerfile-workers | 2 -- 1 file changed, 2 deletions(-) diff --git a/docker/Dockerfile-workers b/docker/Dockerfile-workers index 805bb44f248d..adb9a725e33f 100644 --- a/docker/Dockerfile-workers +++ b/docker/Dockerfile-workers @@ -1,8 +1,6 @@ # syntax=docker/dockerfile:1 ARG SYNAPSE_VERSION=latest -# This one doesn't get hardcoded, as it's an intermediate build step for Complement and -# is not pulled from a registry. ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION # first of all, we create a base image with an nginx which we can copy into the From a30e650218906cd2d0a3eab4bec938d2b03d266b Mon Sep 17 00:00:00 2001 From: reivilibre Date: Wed, 31 May 2023 15:24:15 +0100 Subject: [PATCH 5/5] Update docker/complement/Dockerfile --- docker/complement/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker/complement/Dockerfile b/docker/complement/Dockerfile index 238afaf787e9..5103068a49fc 100644 --- a/docker/complement/Dockerfile +++ b/docker/complement/Dockerfile @@ -7,8 +7,7 @@ # https://github.com/matrix-org/synapse/blob/develop/docker/README-testing.md#testing-with-postgresql-and-single-or-multi-process-synapse ARG SYNAPSE_VERSION=latest -# This one doesn't get hardcoded, as it's an intermediate build step. The previous step -# is built locally, not pulled from any registry. +# This is an intermediate image, to be built locally (not pulled from a registry). ARG FROM=matrixdotorg/synapse-workers:$SYNAPSE_VERSION FROM $FROM