Dockerfile 5.7 KB

  1. # syntax=docker/dockerfile:1
  2. # Dockerfile to build the matrixdotorg/synapse docker images.
  3. #
  4. # Note that it uses features which are only available in BuildKit - see
  5. # for more information.
  6. #
  7. # To build the image, run `docker build` command from the root of the
  8. # synapse repository:
  9. #
  10. # DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile .
  11. #
  12. # There is an optional PYTHON_VERSION build argument which sets the
  13. # version of python to build against: for example:
  14. #
  15. # DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile --build-arg PYTHON_VERSION=3.10 .
  16. #
  17. # Irritatingly, there is no blessed guide on how to distribute an application with its
  18. # poetry-managed environment in a docker image. We have opted for
  19. # `poetry export | pip install -r /dev/stdin`, but there are known bugs in
  20. # in `poetry export` whose fixes (scheduled for poetry 1.2) have yet to be released.
  21. # In case we get bitten by those bugs in the future, the recommendations here might
  22. # be useful:
  23. #
  24. #
  26. ###
  27. ### Stage 0: generate requirements.txt
  28. ###
  29. FROM${PYTHON_VERSION}-slim as requirements
  30. # RUN --mount is specific to buildkit and is documented at
  31. #
  32. # Here we use it to set up a cache for apt (and below for pip), to improve
  33. # rebuild speeds on slow connections.
  34. RUN \
  35. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  36. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  37. apt-get update -qq && apt-get install -yqq \
  38. build-essential cargo git libffi-dev libssl-dev \
  39. && rm -rf /var/lib/apt/lists/*
  40. # We install poetry in its own build stage to avoid its dependencies conflicting with
  41. # synapse's dependencies.
  42. RUN --mount=type=cache,target=/root/.cache/pip \
  43. pip install --user "poetry==1.2.0"
  44. WORKDIR /synapse
  45. # Copy just what we need to run `poetry export`...
  46. COPY pyproject.toml poetry.lock /synapse/
  47. # If specified, we won't verify the hashes of dependencies.
  48. # This is only needed if the hashes of dependencies cannot be checked for some
  49. # reason, such as when a git repository is used directly as a dependency.
  51. # If specified, we won't use the Poetry lockfile.
  52. # Instead, we'll just install what a regular `pip install` would from PyPI.
  54. # Export the dependencies, but only if we're actually going to use the Poetry lockfile.
  55. # Otherwise, just create an empty requirements file so that the Dockerfile can
  56. # proceed.
  57. RUN if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
  58. /root/.local/bin/poetry export --extras all -o /synapse/requirements.txt ${TEST_ONLY_SKIP_DEP_HASH_VERIFICATION:+--without-hashes}; \
  59. else \
  60. touch /synapse/requirements.txt; \
  61. fi
  62. ###
  63. ### Stage 1: builder
  64. ###
  65. FROM${PYTHON_VERSION}-slim as builder
  66. # install the OS build deps
  67. RUN \
  68. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  69. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  70. apt-get update -qq && apt-get install -yqq \
  71. build-essential \
  72. libffi-dev \
  73. libjpeg-dev \
  74. libpq-dev \
  75. libssl-dev \
  76. libwebp-dev \
  77. libxml++2.6-dev \
  78. libxslt1-dev \
  79. openssl \
  80. rustc \
  81. zlib1g-dev \
  82. git \
  83. && rm -rf /var/lib/apt/lists/*
  84. # To speed up rebuilds, install all of the dependencies before we copy over
  85. # the whole synapse project, so that this layer in the Docker cache can be
  86. # used while you develop on the source
  87. #
  88. # This is aiming at installing the `[tool.poetry.depdendencies]` from pyproject.toml.
  89. COPY --from=requirements /synapse/requirements.txt /synapse/
  90. RUN --mount=type=cache,target=/root/.cache/pip \
  91. pip install --prefix="/install" --no-deps --no-warn-script-location -r /synapse/requirements.txt
  92. # Copy over the rest of the synapse source code.
  93. COPY synapse /synapse/synapse/
  94. # ... and what we need to `pip install`.
  95. COPY pyproject.toml README.rst /synapse/
  96. # Repeat of earlier build argument declaration, as this is a new build stage.
  98. # Install the synapse package itself.
  99. # If we have populated requirements.txt, we don't install any dependencies
  100. # as we should already have those from the previous `pip install` step.
  101. RUN if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
  102. pip install --prefix="/install" --no-deps --no-warn-script-location /synapse[all]; \
  103. else \
  104. pip install --prefix="/install" --no-warn-script-location /synapse[all]; \
  105. fi
  106. ###
  107. ### Stage 2: runtime
  108. ###
  110. LABEL org.opencontainers.image.url=''
  111. LABEL org.opencontainers.image.documentation=''
  112. LABEL org.opencontainers.image.source=''
  113. LABEL org.opencontainers.image.licenses='Apache-2.0'
  114. RUN \
  115. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  116. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  117. apt-get update -qq && apt-get install -yqq \
  118. curl \
  119. gosu \
  120. libjpeg62-turbo \
  121. libpq5 \
  122. libwebp6 \
  123. xmlsec1 \
  124. libjemalloc2 \
  125. libssl-dev \
  126. openssl \
  127. && rm -rf /var/lib/apt/lists/*
  128. COPY --from=builder /install /usr/local
  129. COPY ./docker/ /
  130. COPY ./docker/conf /conf
  131. EXPOSE 8008/tcp 8009/tcp 8448/tcp
  132. ENTRYPOINT ["/"]
  133. HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
  134. CMD curl -fSs http://localhost:8008/health || exit 1