Dockerfile 6.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184
  1. # syntax=docker/dockerfile:1
  2. # Dockerfile to build the matrixdotorg/synapse docker images.
  3. #
  4. # Note that it uses features which are only available in BuildKit - see
  5. # https://docs.docker.com/go/buildkit/ for more information.
  6. #
  7. # To build the image, run `docker build` command from the root of the
  8. # synapse repository:
  9. #
  10. # DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile .
  11. #
  12. # There is an optional PYTHON_VERSION build argument which sets the
  13. # version of python to build against: for example:
  14. #
  15. # DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile --build-arg PYTHON_VERSION=3.10 .
  16. #
  17. # Irritatingly, there is no blessed guide on how to distribute an application with its
  18. # poetry-managed environment in a docker image. We have opted for
  19. # `poetry export | pip install -r /dev/stdin`, but there are known bugs in
  20. # in `poetry export` whose fixes (scheduled for poetry 1.2) have yet to be released.
  21. # In case we get bitten by those bugs in the future, the recommendations here might
  22. # be useful:
  23. # https://github.com/python-poetry/poetry/discussions/1879#discussioncomment-216865
  24. # https://stackoverflow.com/questions/53835198/integrating-python-poetry-with-docker?answertab=scoredesc
  25. ARG PYTHON_VERSION=3.9
  26. ###
  27. ### Stage 0: generate requirements.txt
  28. ###
  29. # We hardcode the use of Debian bullseye here because this could change upstream
  30. # and other Dockerfiles used for testing are expecting bullseye.
  31. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as requirements
  32. # RUN --mount is specific to buildkit and is documented at
  33. # https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#build-mounts-run---mount.
  34. # Here we use it to set up a cache for apt (and below for pip), to improve
  35. # rebuild speeds on slow connections.
  36. RUN \
  37. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  38. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  39. apt-get update -qq && apt-get install -yqq \
  40. build-essential git libffi-dev libssl-dev \
  41. && rm -rf /var/lib/apt/lists/*
  42. # We install poetry in its own build stage to avoid its dependencies conflicting with
  43. # synapse's dependencies.
  44. RUN --mount=type=cache,target=/root/.cache/pip \
  45. pip install --user "poetry==1.2.0"
  46. WORKDIR /synapse
  47. # Copy just what we need to run `poetry export`...
  48. COPY pyproject.toml poetry.lock /synapse/
  49. # If specified, we won't verify the hashes of dependencies.
  50. # This is only needed if the hashes of dependencies cannot be checked for some
  51. # reason, such as when a git repository is used directly as a dependency.
  52. ARG TEST_ONLY_SKIP_DEP_HASH_VERIFICATION
  53. # If specified, we won't use the Poetry lockfile.
  54. # Instead, we'll just install what a regular `pip install` would from PyPI.
  55. ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE
  56. # Export the dependencies, but only if we're actually going to use the Poetry lockfile.
  57. # Otherwise, just create an empty requirements file so that the Dockerfile can
  58. # proceed.
  59. RUN if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
  60. /root/.local/bin/poetry export --extras all -o /synapse/requirements.txt ${TEST_ONLY_SKIP_DEP_HASH_VERIFICATION:+--without-hashes}; \
  61. else \
  62. touch /synapse/requirements.txt; \
  63. fi
  64. ###
  65. ### Stage 1: builder
  66. ###
  67. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as builder
  68. # install the OS build deps
  69. RUN \
  70. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  71. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  72. apt-get update -qq && apt-get install -yqq \
  73. build-essential \
  74. libffi-dev \
  75. libjpeg-dev \
  76. libpq-dev \
  77. libssl-dev \
  78. libwebp-dev \
  79. libxml++2.6-dev \
  80. libxslt1-dev \
  81. openssl \
  82. zlib1g-dev \
  83. git \
  84. curl \
  85. libicu-dev \
  86. pkg-config \
  87. && rm -rf /var/lib/apt/lists/*
  88. # Install rust and ensure its in the PATH
  89. ENV RUSTUP_HOME=/rust
  90. ENV CARGO_HOME=/cargo
  91. ENV PATH=/cargo/bin:/rust/bin:$PATH
  92. RUN mkdir /rust /cargo
  93. RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path --default-toolchain stable --profile minimal
  94. # arm64 builds consume a lot of memory if `CARGO_NET_GIT_FETCH_WITH_CLI` is not
  95. # set to true, so we expose it as a build-arg.
  96. ARG CARGO_NET_GIT_FETCH_WITH_CLI=false
  97. ENV CARGO_NET_GIT_FETCH_WITH_CLI=$CARGO_NET_GIT_FETCH_WITH_CLI
  98. # To speed up rebuilds, install all of the dependencies before we copy over
  99. # the whole synapse project, so that this layer in the Docker cache can be
  100. # used while you develop on the source
  101. #
  102. # This is aiming at installing the `[tool.poetry.depdendencies]` from pyproject.toml.
  103. COPY --from=requirements /synapse/requirements.txt /synapse/
  104. RUN --mount=type=cache,target=/root/.cache/pip \
  105. pip install --prefix="/install" --no-deps --no-warn-script-location -r /synapse/requirements.txt
  106. # Copy over the rest of the synapse source code.
  107. COPY synapse /synapse/synapse/
  108. COPY rust /synapse/rust/
  109. # ... and what we need to `pip install`.
  110. COPY pyproject.toml README.rst build_rust.py Cargo.toml Cargo.lock /synapse/
  111. # Repeat of earlier build argument declaration, as this is a new build stage.
  112. ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE
  113. # Install the synapse package itself.
  114. # If we have populated requirements.txt, we don't install any dependencies
  115. # as we should already have those from the previous `pip install` step.
  116. RUN --mount=type=cache,target=/synapse/target,sharing=locked \
  117. --mount=type=cache,target=${CARGO_HOME}/registry,sharing=locked \
  118. if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
  119. pip install --prefix="/install" --no-deps --no-warn-script-location /synapse[all]; \
  120. else \
  121. pip install --prefix="/install" --no-warn-script-location /synapse[all]; \
  122. fi
  123. ###
  124. ### Stage 2: runtime
  125. ###
  126. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye
  127. LABEL org.opencontainers.image.url='https://matrix.org/docs/projects/server/synapse'
  128. LABEL org.opencontainers.image.documentation='https://github.com/matrix-org/synapse/blob/master/docker/README.md'
  129. LABEL org.opencontainers.image.source='https://github.com/matrix-org/synapse.git'
  130. LABEL org.opencontainers.image.licenses='Apache-2.0'
  131. RUN \
  132. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  133. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  134. apt-get update -qq && apt-get install -yqq \
  135. curl \
  136. gosu \
  137. libjpeg62-turbo \
  138. libpq5 \
  139. libwebp6 \
  140. xmlsec1 \
  141. libjemalloc2 \
  142. libicu67 \
  143. libssl-dev \
  144. openssl \
  145. && rm -rf /var/lib/apt/lists/*
  146. COPY --from=builder /install /usr/local
  147. COPY ./docker/start.py /start.py
  148. COPY ./docker/conf /conf
  149. EXPOSE 8008/tcp 8009/tcp 8448/tcp
  150. ENTRYPOINT ["/start.py"]
  151. HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
  152. CMD curl -fSs http://localhost:8008/health || exit 1