Speedup the building of Docker images #18038
+154
−138
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -20,45 +20,16 @@ | |||||
| # `poetry export | pip install -r /dev/stdin`, but beware: we have experienced bugs in | ||||||
| # in `poetry export` in the past. | ||||||
|
|
||||||
| ARG DEBIAN_VERSION=bookworm | ||||||
| ARG PYTHON_VERSION=3.12 | ||||||
| ARG POETRY_VERSION=1.8.3 | ||||||
|
|
||||||
| ### | ||||||
| ### Stage 0: generate requirements.txt | ||||||
| ### | ||||||
| ### This stage is platform-agnostic, so we can use the build platform in case of cross-compilation. | ||||||
| ### | ||||||
| FROM --platform=$BUILDPLATFORM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS requirements | ||||||
|
|
||||||
| WORKDIR /synapse | ||||||
|
|
||||||
|
|
@@ -78,38 +49,20 @@ ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE | |||||
| # Export the dependencies, but only if we're actually going to use the Poetry lockfile. | ||||||
| # Otherwise, just create an empty requirements file so that the Dockerfile can | ||||||
| # proceed. | ||||||
| ARG POETRY_VERSION | ||||||
| RUN --mount=type=cache,target=/root/.cache/uv \ | ||||||
|
There was a problem hiding this comment. Should |
||||||
| if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \ | ||||||
| uvx poetry@${POETRY_VERSION} export --extras all -o /synapse/requirements.txt ${TEST_ONLY_SKIP_DEP_HASH_VERIFICATION:+--without-hashes}; \ | ||||||
| else \ | ||||||
| touch /synapse/requirements.txt; \ | ||||||
| fi | ||||||
|
|
||||||
| ### | ||||||
| ### Stage 1: builder | ||||||
| ### | ||||||
| FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS builder | ||||||
|
|
||||||
| ENV UV_LINK_MODE=copy | ||||||
|
There was a problem hiding this comment. Could you leave a comment explaining why this is useful? There was a problem hiding this comment. From https://github.com/astral-sh/uv/blob/main/docs/guides/integration/docker.md#caching:
|
||||||
|
|
||||||
| # Install rust and ensure its in the PATH | ||||||
| ENV RUSTUP_HOME=/rust | ||||||
|
|
@@ -119,7 +72,6 @@ RUN mkdir /rust /cargo | |||||
|
|
||||||
| RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path --default-toolchain stable --profile minimal | ||||||
|
|
||||||
| # arm64 builds consume a lot of memory if `CARGO_NET_GIT_FETCH_WITH_CLI` is not | ||||||
| # set to true, so we expose it as a build-arg. | ||||||
| ARG CARGO_NET_GIT_FETCH_WITH_CLI=false | ||||||
|
|
@@ -131,8 +83,8 @@ ENV CARGO_NET_GIT_FETCH_WITH_CLI=$CARGO_NET_GIT_FETCH_WITH_CLI | |||||
| # | ||||||
| # This is aiming at installing the `[tool.poetry.depdendencies]` from pyproject.toml. | ||||||
| COPY --from=requirements /synapse/requirements.txt /synapse/ | ||||||
| RUN --mount=type=cache,target=/root/.cache/uv \ | ||||||
| uv pip install --prefix="/install" --no-deps -r /synapse/requirements.txt | ||||||
|
|
||||||
| # Copy over the rest of the synapse source code. | ||||||
| COPY synapse /synapse/synapse/ | ||||||
|
|
@@ -146,41 +98,75 @@ ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE | |||||
| # Install the synapse package itself. | ||||||
| # If we have populated requirements.txt, we don't install any dependencies | ||||||
| # as we should already have those from the previous `pip install` step. | ||||||
| RUN \ | ||||||
| --mount=type=cache,target=/root/.cache/uv \ | ||||||
| --mount=type=cache,target=/synapse/target,sharing=locked \ | ||||||
| --mount=type=cache,target=${CARGO_HOME}/registry,sharing=locked \ | ||||||
| if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \ | ||||||
| uv pip install --prefix="/install" --no-deps /synapse[all]; \ | ||||||
| else \ | ||||||
| uv pip install --prefix="/install" /synapse[all]; \ | ||||||
| fi | ||||||
|
|
||||||
| ### | ||||||
| ### Stage 2: runtime dependencies download for ARM64 and AMD64 | ||||||
| ### | ||||||
| FROM --platform=$BUILDPLATFORM docker.io/library/debian:${DEBIAN_VERSION} AS runtime-deps | ||||||
|
|
||||||
| # Tell apt to keep downloaded package files, as we're using cache mounts. | ||||||
| RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache | ||||||
|
|
||||||
| # Add both target architectures | ||||||
| RUN dpkg --add-architecture arm64 | ||||||
| RUN dpkg --add-architecture amd64 | ||||||
|
|
||||||
| # Fetch the runtime dependencies debs for both architectures | ||||||
| RUN \ | ||||||
| --mount=type=cache,target=/var/cache/apt,sharing=locked \ | ||||||
| --mount=type=cache,target=/var/lib/apt,sharing=locked \ | ||||||
| apt-get update -qq && \ | ||||||
| for arch in arm64 amd64; do \ | ||||||
| mkdir -p /tmp/debs-${arch} && \ | ||||||
| cd /tmp/debs-${arch} && \ | ||||||
| apt-get download \ | ||||||
| curl:${arch} \ | ||||||
| gosu:${arch} \ | ||||||
| libjpeg62-turbo:${arch} \ | ||||||
| libpq5:${arch} \ | ||||||
| libwebp7:${arch} \ | ||||||
| xmlsec1:${arch} \ | ||||||
| libjemalloc2:${arch} \ | ||||||
| libicu72:${arch} \ | ||||||
| openssl:${arch} || exit 10; \ | ||||||
|
There was a problem hiding this comment. Why |
||||||
| done | ||||||
|
|
||||||
| # Extract the debs for each architecture | ||||||
| RUN \ | ||||||
| for arch in arm64 amd64; do \ | ||||||
| mkdir -p /install-${arch}/var/lib/dpkg/status.d/ && \ | ||||||
| for deb in /tmp/debs-${arch}/*.deb; do \ | ||||||
| package_name=$(dpkg-deb -I ${deb} | awk '/^ Package: .*$/ {print $2}'); \ | ||||||
| echo "Process: ${package_name}"; \ | ||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||
| dpkg --ctrl-tarfile $deb | tar -Ox ./control > /install-${arch}/var/lib/dpkg/status.d/${package_name}; \ | ||||||
| dpkg --extract $deb /install-${arch} || exit 10; \ | ||||||
| done \ | ||||||
| done | ||||||
|
|
||||||
|
|
||||||
| ### | ||||||
| ### Stage 3: runtime | ||||||
| ### | ||||||
|
|
||||||
| FROM docker.io/library/python:${PYTHON_VERSION}-slim-${DEBIAN_VERSION} | ||||||
|
|
||||||
| ARG TARGETARCH | ||||||
|
|
||||||
| LABEL org.opencontainers.image.url='https://matrix.org/docs/projects/server/synapse' | ||||||
| LABEL org.opencontainers.image.documentation='https://github.com/element-hq/synapse/blob/master/docker/README.md' | ||||||
| LABEL org.opencontainers.image.source='https://github.com/element-hq/synapse.git' | ||||||
| LABEL org.opencontainers.image.licenses='AGPL-3.0-or-later' | ||||||
|
|
||||||
| COPY --from=runtime-deps /install-${TARGETARCH} / | ||||||
| COPY --from=builder /install /usr/local | ||||||
| COPY ./docker/start.py /start.py | ||||||
| COPY ./docker/conf /conf | ||||||
|
|
||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nitpick: set this here instead of in the global scope, since no other build stage uses it.