Update GHA, readme, tidy up

2026-01-11 08:03:09 -06:00 · 2022-09-27 13:28:46 +01:00 · 2022-09-27 13:28:46 +01:00 · 31fb209c28
parent 958d145f61
commit 31fb209c28
7 changed files with 45 additions and 99 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -54,7 +54,7 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          context: .
-          file: ./build/docker/Dockerfile.monolith
+          target: monolith
          platforms: ${{ env.PLATFORMS }}
          push: true
          tags: |
@ -65,13 +65,13 @@ jobs:
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-monolith:${{ github.ref_name }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+          format: "sarif"
+          output: "trivy-results.sarif"

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"

      - name: Build release monolith image
        if: github.event_name == 'release' # Only for GitHub releases
@ -81,7 +81,7 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          context: .
-          file: ./build/docker/Dockerfile.monolith
+          target: monolith
          platforms: ${{ env.PLATFORMS }}
          push: true
          tags: |
@ -126,7 +126,7 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          context: .
-          file: ./build/docker/Dockerfile.polylith
+          target: polylith
          platforms: ${{ env.PLATFORMS }}
          push: true
          tags: |
@ -137,13 +137,13 @@ jobs:
        uses: aquasecurity/trivy-action@master
        with:
          image-ref: ghcr.io/${{ env.GHCR_NAMESPACE }}/dendrite-polylith:${{ github.ref_name }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
+          format: "sarif"
+          output: "trivy-results.sarif"

      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: "trivy-results.sarif"

      - name: Build release polylith image
        if: github.event_name == 'release' # Only for GitHub releases
@ -153,7 +153,7 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          context: .
-          file: ./build/docker/Dockerfile.polylith
+          target: polylith
          platforms: ${{ env.PLATFORMS }}
          push: true
          tags: |
@ -198,7 +198,7 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          context: .
-          file: ./build/docker/Dockerfile.demo-pinecone
+          target: demo-pinecone
          platforms: ${{ env.PLATFORMS }}
          push: true
          tags: |
@ -213,7 +213,7 @@ jobs:
          cache-from: type=gha
          cache-to: type=gha,mode=max
          context: .
-          file: ./build/docker/Dockerfile.demo-pinecone
+          target: demo-pinecone
          platforms: ${{ env.PLATFORMS }}
          push: true
          tags: |
--- a/27
+++ b/27
@ -3,7 +3,7 @@
 #
 # base installs required dependencies and runs go mod download to cache dependencies
 #
-FROM --platform=${BUILDPLATFORM} docker.io/golang:1.18-alpine AS base
+FROM --platform=${BUILDPLATFORM} docker.io/golang:1.19-alpine AS base
 RUN apk --update --no-cache add bash build-base

 WORKDIR /src
@ -23,7 +23,7 @@ RUN --mount=target=. \
 #
 # The dendrite base image; mainly creates a user and switches to it
 #
-FROM alpine:3.16 AS dendrite-base
+FROM alpine:latest AS dendrite-base
 LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
 LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
@ -55,6 +55,23 @@ COPY --from=build /out/dendrite-monolith-server /usr/bin/dendrite-monolith-serve
 ENTRYPOINT ["/usr/bin/dendrite-monolith-server"]
 EXPOSE 8008 8448

+#
+# Builds the P2P demo image and contains all required binaries
+#
+FROM dendrite-base AS demo-pinecone
+LABEL org.opencontainers.image.title="Dendrite (P2P Demo)"
+
+COPY --from=build /out/create-account /usr/bin/create-account
+COPY --from=build /out/generate-config /usr/bin/generate-config
+COPY --from=build /out/generate-keys /usr/bin/generate-keys
+COPY --from=build /out/dendrite-demo-pinecone /usr/bin/dendrite-demo-pinecone
+
+VOLUME /etc/dendrite
+WORKDIR /etc/dendrite
+
+ENTRYPOINT ["/usr/bin/dendrite-demo-pinecone"]
+EXPOSE 8008 8448
+
 #
 # Builds the Complement image, used for integration tests
 #
@ -76,6 +93,6 @@ EXPOSE 8008 8448
 # At runtime, generate TLS cert based on the CA now mounted at /ca
 # At runtime, replace the SERVER_NAME with what we are told
 CMD /usr/bin/generate-keys --server $SERVER_NAME --tls-cert server.crt --tls-key server.key --tls-authority-cert /ca/ca.crt --tls-authority-key /ca/ca.key && \
- /usr/bin/generate-config -server $SERVER_NAME --ci > dendrite.yaml && \
- cp /ca/ca.crt /usr/local/share/ca-certificates/ && update-ca-certificates && \
- /usr/bin/dendrite-monolith-server --really-enable-open-registration --tls-cert server.crt --tls-key server.key --config dendrite.yaml -api=${API:-0}
+    /usr/bin/generate-config -server $SERVER_NAME --ci > dendrite.yaml && \
+    cp /ca/ca.crt /usr/local/share/ca-certificates/ && update-ca-certificates && \
+    /usr/bin/dendrite-monolith-server --really-enable-open-registration --tls-cert server.crt --tls-key server.key --config dendrite.yaml -api=${API:-0}
--- a/build/docker/Dockerfile.demo-pinecone
+++ b/build/docker/Dockerfile.demo-pinecone
@ -1,25 +0,0 @@
-FROM docker.io/golang:1.19-alpine AS base
-
-RUN apk --update --no-cache add bash build-base
-
-WORKDIR /build
-
-COPY . /build
-
-RUN mkdir -p bin
-RUN go build -trimpath -o bin/ ./cmd/dendrite-demo-pinecone
-RUN go build -trimpath -o bin/ ./cmd/create-account
-RUN go build -trimpath -o bin/ ./cmd/generate-keys
-
-FROM alpine:latest
-LABEL org.opencontainers.image.title="Dendrite (Pinecone demo)"
-LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
-LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-
-COPY --from=base /build/bin/* /usr/bin/
-
-VOLUME /etc/dendrite
-WORKDIR /etc/dendrite
-
-ENTRYPOINT ["/usr/bin/dendrite-demo-pinecone"]
--- a/build/docker/Dockerfile.monolith
+++ b/build/docker/Dockerfile.monolith
@ -1,25 +0,0 @@
-FROM docker.io/golang:1.19-alpine AS base
-
-RUN apk --update --no-cache add bash build-base
-
-WORKDIR /build
-
-COPY . /build
-
-RUN mkdir -p bin
-RUN go build -trimpath -o bin/ ./cmd/dendrite-monolith-server
-RUN go build -trimpath -o bin/ ./cmd/create-account
-RUN go build -trimpath -o bin/ ./cmd/generate-keys
-
-FROM alpine:latest
-LABEL org.opencontainers.image.title="Dendrite (Monolith)"
-LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
-LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-
-COPY --from=base /build/bin/* /usr/bin/
-
-VOLUME /etc/dendrite
-WORKDIR /etc/dendrite
-
-ENTRYPOINT ["/usr/bin/dendrite-monolith-server"]
--- a/build/docker/Dockerfile.polylith
+++ b/build/docker/Dockerfile.polylith
@ -1,25 +0,0 @@
-FROM docker.io/golang:1.19-alpine AS base
-
-RUN apk --update --no-cache add bash build-base
-
-WORKDIR /build
-
-COPY . /build
-
-RUN mkdir -p bin
-RUN go build -trimpath -o bin/ ./cmd/dendrite-polylith-multi
-RUN go build -trimpath -o bin/ ./cmd/create-account
-RUN go build -trimpath -o bin/ ./cmd/generate-keys
-
-FROM alpine:latest
-LABEL org.opencontainers.image.title="Dendrite (Polylith)"
-LABEL org.opencontainers.image.description="Next-generation Matrix homeserver written in Go"
-LABEL org.opencontainers.image.source="https://github.com/matrix-org/dendrite"
-LABEL org.opencontainers.image.licenses="Apache-2.0"
-
-COPY --from=base /build/bin/* /usr/bin/
-
-VOLUME /etc/dendrite
-WORKDIR /etc/dendrite
-
-ENTRYPOINT ["/usr/bin/dendrite-polylith-multi"]
--- a/build/docker/README.md
+++ b/build/docker/README.md
@ -9,11 +9,14 @@ They can be found on Docker Hub:

 ## Dockerfiles

-The `Dockerfile` builds the base image which contains all of the Dendrite
-components. The `Dockerfile.component` file takes the given component, as
-specified with `--buildarg component=` from the base image and produce
-smaller component-specific images, which are substantially smaller and do
-not contain the Go toolchain etc.
+The `Dockerfile` is a multistage file which can build all three Dendrite
+images depending on the supplied `--target`:
+
+```
+docker build . --target monolith -t matrixdotorg/dendrite-monolith
+docker build . --target polylith -t matrixdotorg/dendrite-monolith
+docker build . --target demo-pinecone -t matrixdotorg/dendrite-monolith
+```

 ## Compose files

--- a/build/docker/images-build.sh
+++ b/build/docker/images-build.sh
@ -6,5 +6,6 @@ TAG=${1:-latest}

 echo "Building tag '${TAG}'"

-docker build -t matrixdotorg/dendrite-monolith:${TAG}  -f build/docker/Dockerfile.monolith .
-docker build -t matrixdotorg/dendrite-polylith:${TAG}  -f build/docker/Dockerfile.polylith .
+docker build . --target monolith -t matrixdotorg/dendrite-monolith:${TAG}
+docker build . --target polylith -t matrixdotorg/dendrite-monolith:${TAG}
+docker build . --target demo-pinecone -t matrixdotorg/dendrite-demo-pinecone:${TAG}