Fix CI and extend it to build and publish ARM64 Docker images #241
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bitname decided to limit distribution of such an image to a commercial subscription. Needless to say, this project isn't going to pay for such a subscription. There is an alternative image packaged by CleanStart, but it lacks the amenities used in this codebase for setting up the LDAP server. I'd also like to avoid migrating to e.g. LLDAP because that's a too big endeavor for the purposes of getting CI working again. Therefore, let's switch to the `bitnamilegacy` organization for now, as having a very up to date OpenLDAP server is not critical for development and running tests.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First of all, thank you for your work on this project, which makes convenient administration of SSO homelab Vaultwarden setups possible outside of commercial offerings! ❤️
I think it's easy to agree that first-class ARM64 architecture support for published Docker images is becoming increasingly relevant. Beyond the obvious niche of tinkerers using SBCs like the Raspberry Pi or other embedded devices, ARM64 CPUs are now found in all recent Macs (where they are branded as "Apple Silicon") as well as in several low-cost cloud VM offerings. In fact, I've been running
vaultwarden_ldapon an ARM64-based server for a while now, but the convenience was lackluster because it either required buildingvaultwarden_ldapfrom source for that architecture or setting up QEMU for runtime emulation (which can be a workable solution in my experience, at the cost of significant CPU usage spikes and overhead).Therefore, I decided to spend some time adapting the
Dockerfileto support transparent cross-compilation of the project, following guidelines from several pieces of authoritative documentation12345. I strived to keep all observable behavior of the resulting binaries intact, but there are a few notable changes in other regards that I'd like to highlight:xxcross-compilation helpers,clangandlldare now used to compile C code and link the resulting objects. Theclangtoolchain is much better suited for cross-compilation and otherwise behaves as a mostly drop-in replacement forgcc/ld, though, generating functionally equivalent binaries.cargo buildoutside a container: dependencies are neither re-downloaded nor recompiled unless required.RUNinstructions that install them, ruling out slim Debian and Ubuntu images as well as Alpine, which is musl-based); providing a shell and basic POSIX utilities (to simplify debugging, health checks, and similar tasks, which ruled out Google'sdistrolessimages); and being lightweight (compressed layers of ~6 MiB versus ~28 MiB).docker/build-push-actionto store the layer cache in the GitHub Actions cache. This should help carry some of the benefits of faster recompilation with warm caches over to CI workflows.While doing the above work, I also stumbled upon two unrelated issues that prevented CI from passing, so I took the liberty of addressing them as well:
bitnami/openldapimages after deciding they were no longer willing to tolerate hassle-free downloads from Docker Hub. Unfortunately, the newbitnamisecureorganization does not provide an OpenLDAP image, and every publicly available alternative I could find would have required a relatively large migration effort for the purposes of this PR. Therefore, I switched the image tobitnamilegacy/openldap, which should, for the time being, be recent enough to keep all development workflows running with minimal changes.Finally, I tested this entire PR by publishing the generated multi-platform Docker image to the GitHub Container Registry of my
vaultwarden_ldapfork, where you can verify that all CI steps complete successfully. I've also successfully deployed the new generated ARM64 images to my ARM64 server.Footnotes
https://docs.docker.com/build/building/multi-platform/ ↩
https://doc.rust-lang.org/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci ↩
https://docs.docker.com/reference/dockerfile#run---mounttypecache ↩
https://github.com/tonistiigi/xx/tree/master ↩
https://github.com/rust-lang/pkg-config-rs?tab=readme-ov-file#external-configuration-via-target-scoped-environment-variables ↩