Dockerfile 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178
  1. # syntax=docker/dockerfile:1
  2. # Dockerfile to build the matrixdotorg/synapse docker images.
  3. #
  4. # Note that it uses features which are only available in BuildKit - see
  5. # https://docs.docker.com/go/buildkit/ for more information.
  6. #
  7. # To build the image, run `docker build` command from the root of the
  8. # synapse repository:
  9. #
  10. # DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile .
  11. #
  12. # There is an optional PYTHON_VERSION build argument which sets the
  13. # version of python to build against: for example:
  14. #
  15. # DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile --build-arg PYTHON_VERSION=3.10 .
  16. #
  17. # Irritatingly, there is no blessed guide on how to distribute an application with its
  18. # poetry-managed environment in a docker image. We have opted for
  19. # `poetry export | pip install -r /dev/stdin`, but beware: we have experienced bugs in
  20. # in `poetry export` in the past.
  21. ARG PYTHON_VERSION=3.11
  22. ###
  23. ### Stage 0: generate requirements.txt
  24. ###
  25. # We hardcode the use of Debian bullseye here because this could change upstream
  26. # and other Dockerfiles used for testing are expecting bullseye.
  27. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as requirements
  28. # RUN --mount is specific to buildkit and is documented at
  29. # https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#build-mounts-run---mount.
  30. # Here we use it to set up a cache for apt (and below for pip), to improve
  31. # rebuild speeds on slow connections.
  32. RUN \
  33. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  34. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  35. apt-get update -qq && apt-get install -yqq \
  36. build-essential git libffi-dev libssl-dev \
  37. && rm -rf /var/lib/apt/lists/*
  38. # We install poetry in its own build stage to avoid its dependencies conflicting with
  39. # synapse's dependencies.
  40. RUN --mount=type=cache,target=/root/.cache/pip \
  41. pip install --user "poetry==1.3.2"
  42. WORKDIR /synapse
  43. # Copy just what we need to run `poetry export`...
  44. COPY pyproject.toml poetry.lock /synapse/
  45. # If specified, we won't verify the hashes of dependencies.
  46. # This is only needed if the hashes of dependencies cannot be checked for some
  47. # reason, such as when a git repository is used directly as a dependency.
  48. ARG TEST_ONLY_SKIP_DEP_HASH_VERIFICATION
  49. # If specified, we won't use the Poetry lockfile.
  50. # Instead, we'll just install what a regular `pip install` would from PyPI.
  51. ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE
  52. # Export the dependencies, but only if we're actually going to use the Poetry lockfile.
  53. # Otherwise, just create an empty requirements file so that the Dockerfile can
  54. # proceed.
  55. RUN if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
  56. /root/.local/bin/poetry export --extras all -o /synapse/requirements.txt ${TEST_ONLY_SKIP_DEP_HASH_VERIFICATION:+--without-hashes}; \
  57. else \
  58. touch /synapse/requirements.txt; \
  59. fi
  60. ###
  61. ### Stage 1: builder
  62. ###
  63. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as builder
  64. # install the OS build deps
  65. RUN \
  66. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  67. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  68. apt-get update -qq && apt-get install -yqq \
  69. build-essential \
  70. libffi-dev \
  71. libjpeg-dev \
  72. libpq-dev \
  73. libssl-dev \
  74. libwebp-dev \
  75. libxml++2.6-dev \
  76. libxslt1-dev \
  77. openssl \
  78. zlib1g-dev \
  79. git \
  80. curl \
  81. libicu-dev \
  82. pkg-config \
  83. && rm -rf /var/lib/apt/lists/*
  84. # Install rust and ensure its in the PATH
  85. ENV RUSTUP_HOME=/rust
  86. ENV CARGO_HOME=/cargo
  87. ENV PATH=/cargo/bin:/rust/bin:$PATH
  88. RUN mkdir /rust /cargo
  89. RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path --default-toolchain stable --profile minimal
  90. # arm64 builds consume a lot of memory if `CARGO_NET_GIT_FETCH_WITH_CLI` is not
  91. # set to true, so we expose it as a build-arg.
  92. ARG CARGO_NET_GIT_FETCH_WITH_CLI=false
  93. ENV CARGO_NET_GIT_FETCH_WITH_CLI=$CARGO_NET_GIT_FETCH_WITH_CLI
  94. # To speed up rebuilds, install all of the dependencies before we copy over
  95. # the whole synapse project, so that this layer in the Docker cache can be
  96. # used while you develop on the source
  97. #
  98. # This is aiming at installing the `[tool.poetry.depdendencies]` from pyproject.toml.
  99. COPY --from=requirements /synapse/requirements.txt /synapse/
  100. RUN --mount=type=cache,target=/root/.cache/pip \
  101. pip install --prefix="/install" --no-deps --no-warn-script-location -r /synapse/requirements.txt
  102. # Copy over the rest of the synapse source code.
  103. COPY synapse /synapse/synapse/
  104. COPY rust /synapse/rust/
  105. # ... and what we need to `pip install`.
  106. COPY pyproject.toml README.rst build_rust.py Cargo.toml Cargo.lock /synapse/
  107. # Repeat of earlier build argument declaration, as this is a new build stage.
  108. ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE
  109. # Install the synapse package itself.
  110. # If we have populated requirements.txt, we don't install any dependencies
  111. # as we should already have those from the previous `pip install` step.
  112. RUN --mount=type=cache,target=/synapse/target,sharing=locked \
  113. --mount=type=cache,target=${CARGO_HOME}/registry,sharing=locked \
  114. if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
  115. pip install --prefix="/install" --no-deps --no-warn-script-location /synapse[all]; \
  116. else \
  117. pip install --prefix="/install" --no-warn-script-location /synapse[all]; \
  118. fi
  119. ###
  120. ### Stage 2: runtime
  121. ###
  122. FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye
  123. LABEL org.opencontainers.image.url='https://matrix.org/docs/projects/server/synapse'
  124. LABEL org.opencontainers.image.documentation='https://github.com/matrix-org/synapse/blob/master/docker/README.md'
  125. LABEL org.opencontainers.image.source='https://github.com/matrix-org/synapse.git'
  126. LABEL org.opencontainers.image.licenses='Apache-2.0'
  127. RUN \
  128. --mount=type=cache,target=/var/cache/apt,sharing=locked \
  129. --mount=type=cache,target=/var/lib/apt,sharing=locked \
  130. apt-get update -qq && apt-get install -yqq \
  131. curl \
  132. gosu \
  133. libjpeg62-turbo \
  134. libpq5 \
  135. libwebp6 \
  136. xmlsec1 \
  137. libjemalloc2 \
  138. libicu67 \
  139. libssl-dev \
  140. openssl \
  141. && rm -rf /var/lib/apt/lists/*
  142. COPY --from=builder /install /usr/local
  143. COPY ./docker/start.py /start.py
  144. COPY ./docker/conf /conf
  145. EXPOSE 8008/tcp 8009/tcp 8448/tcp
  146. ENTRYPOINT ["/start.py"]
  147. HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
  148. CMD curl -fSs http://localhost:8008/health || exit 1