mirror of
				https://github.com/matrix-org/synapse.git
				synced 2025-10-25 17:28:16 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			174 lines
		
	
	
		
			6.1 KiB
		
	
	
	
		
			Docker
		
	
	
	
	
	
			
		
		
	
	
			174 lines
		
	
	
		
			6.1 KiB
		
	
	
	
		
			Docker
		
	
	
	
	
	
| # syntax=docker/dockerfile:1
 | |
| # Dockerfile to build the matrixdotorg/synapse docker images.
 | |
| #
 | |
| # Note that it uses features which are only available in BuildKit - see
 | |
| # https://docs.docker.com/go/buildkit/ for more information.
 | |
| #
 | |
| # To build the image, run `docker build` command from the root of the
 | |
| # synapse repository:
 | |
| #
 | |
| #    DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile .
 | |
| #
 | |
| # There is an optional PYTHON_VERSION build argument which sets the
 | |
| # version of python to build against: for example:
 | |
| #
 | |
| #    DOCKER_BUILDKIT=1 docker build -f docker/Dockerfile --build-arg PYTHON_VERSION=3.10 .
 | |
| #
 | |
| 
 | |
| # Irritatingly, there is no blessed guide on how to distribute an application with its
 | |
| # poetry-managed environment in a docker image. We have opted for
 | |
| # `poetry export | pip install -r /dev/stdin`, but there are known bugs in
 | |
| # in `poetry export` whose fixes (scheduled for poetry 1.2) have yet to be released.
 | |
| # In case we get bitten by those bugs in the future, the recommendations here might
 | |
| # be useful:
 | |
| #     https://github.com/python-poetry/poetry/discussions/1879#discussioncomment-216865
 | |
| #     https://stackoverflow.com/questions/53835198/integrating-python-poetry-with-docker?answertab=scoredesc
 | |
| 
 | |
| 
 | |
| 
 | |
| ARG PYTHON_VERSION=3.9
 | |
| 
 | |
| ###
 | |
| ### Stage 0: generate requirements.txt
 | |
| ###
 | |
| # We hardcode the use of Debian bullseye here because this could change upstream
 | |
| # and other Dockerfiles used for testing are expecting bullseye.
 | |
| FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as requirements
 | |
| 
 | |
| # RUN --mount is specific to buildkit and is documented at
 | |
| # https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/syntax.md#build-mounts-run---mount.
 | |
| # Here we use it to set up a cache for apt (and below for pip), to improve
 | |
| # rebuild speeds on slow connections.
 | |
| RUN \
 | |
|    --mount=type=cache,target=/var/cache/apt,sharing=locked \
 | |
|    --mount=type=cache,target=/var/lib/apt,sharing=locked \
 | |
|     apt-get update -qq && apt-get install -yqq \
 | |
|       build-essential cargo git libffi-dev libssl-dev \
 | |
|     && rm -rf /var/lib/apt/lists/*
 | |
| 
 | |
| # We install poetry in its own build stage to avoid its dependencies conflicting with
 | |
| # synapse's dependencies.
 | |
| RUN --mount=type=cache,target=/root/.cache/pip \
 | |
|   pip install --user "poetry==1.2.0"
 | |
| 
 | |
| WORKDIR /synapse
 | |
| 
 | |
| # Copy just what we need to run `poetry export`...
 | |
| COPY pyproject.toml poetry.lock /synapse/
 | |
| 
 | |
| 
 | |
| # If specified, we won't verify the hashes of dependencies.
 | |
| # This is only needed if the hashes of dependencies cannot be checked for some
 | |
| # reason, such as when a git repository is used directly as a dependency.
 | |
| ARG TEST_ONLY_SKIP_DEP_HASH_VERIFICATION
 | |
| 
 | |
| # If specified, we won't use the Poetry lockfile.
 | |
| # Instead, we'll just install what a regular `pip install` would from PyPI.
 | |
| ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE
 | |
| 
 | |
| # Export the dependencies, but only if we're actually going to use the Poetry lockfile.
 | |
| # Otherwise, just create an empty requirements file so that the Dockerfile can
 | |
| # proceed.
 | |
| RUN if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
 | |
|     /root/.local/bin/poetry export --extras all -o /synapse/requirements.txt ${TEST_ONLY_SKIP_DEP_HASH_VERIFICATION:+--without-hashes}; \
 | |
|   else \
 | |
|     touch /synapse/requirements.txt; \
 | |
|   fi
 | |
| 
 | |
| ###
 | |
| ### Stage 1: builder
 | |
| ###
 | |
| FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye as builder
 | |
| 
 | |
| # install the OS build deps
 | |
| RUN \
 | |
|    --mount=type=cache,target=/var/cache/apt,sharing=locked \
 | |
|    --mount=type=cache,target=/var/lib/apt,sharing=locked \
 | |
|  apt-get update -qq && apt-get install -yqq \
 | |
|     build-essential \
 | |
|     libffi-dev \
 | |
|     libjpeg-dev \
 | |
|     libpq-dev \
 | |
|     libssl-dev \
 | |
|     libwebp-dev \
 | |
|     libxml++2.6-dev \
 | |
|     libxslt1-dev \
 | |
|     openssl \
 | |
|     zlib1g-dev \
 | |
|     git \
 | |
|     curl \
 | |
|     && rm -rf /var/lib/apt/lists/*
 | |
| 
 | |
| 
 | |
| # Install rust and ensure its in the PATH
 | |
| ENV RUSTUP_HOME=/rust
 | |
| ENV CARGO_HOME=/cargo
 | |
| ENV PATH=/cargo/bin:/rust/bin:$PATH
 | |
| RUN mkdir /rust /cargo
 | |
| 
 | |
| RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path --default-toolchain stable
 | |
| 
 | |
| # To speed up rebuilds, install all of the dependencies before we copy over
 | |
| # the whole synapse project, so that this layer in the Docker cache can be
 | |
| # used while you develop on the source
 | |
| #
 | |
| # This is aiming at installing the `[tool.poetry.depdendencies]` from pyproject.toml.
 | |
| COPY --from=requirements /synapse/requirements.txt /synapse/
 | |
| RUN --mount=type=cache,target=/root/.cache/pip \
 | |
|   pip install --prefix="/install" --no-deps --no-warn-script-location -r /synapse/requirements.txt
 | |
| 
 | |
| # Copy over the rest of the synapse source code.
 | |
| COPY synapse /synapse/synapse/
 | |
| COPY rust /synapse/rust/
 | |
| # ... and what we need to `pip install`.
 | |
| COPY pyproject.toml README.rst build_rust.py /synapse/
 | |
| 
 | |
| # Repeat of earlier build argument declaration, as this is a new build stage.
 | |
| ARG TEST_ONLY_IGNORE_POETRY_LOCKFILE
 | |
| 
 | |
| # Install the synapse package itself.
 | |
| # If we have populated requirements.txt, we don't install any dependencies
 | |
| # as we should already have those from the previous `pip install` step.
 | |
| RUN if [ -z "$TEST_ONLY_IGNORE_POETRY_LOCKFILE" ]; then \
 | |
|     pip install --prefix="/install" --no-deps --no-warn-script-location /synapse[all]; \
 | |
|   else \
 | |
|     pip install --prefix="/install" --no-warn-script-location /synapse[all]; \
 | |
|   fi
 | |
| 
 | |
| ###
 | |
| ### Stage 2: runtime
 | |
| ###
 | |
| 
 | |
| FROM docker.io/python:${PYTHON_VERSION}-slim-bullseye
 | |
| 
 | |
| LABEL org.opencontainers.image.url='https://matrix.org/docs/projects/server/synapse'
 | |
| LABEL org.opencontainers.image.documentation='https://github.com/matrix-org/synapse/blob/master/docker/README.md'
 | |
| LABEL org.opencontainers.image.source='https://github.com/matrix-org/synapse.git'
 | |
| LABEL org.opencontainers.image.licenses='Apache-2.0'
 | |
| 
 | |
| RUN \
 | |
|    --mount=type=cache,target=/var/cache/apt,sharing=locked \
 | |
|    --mount=type=cache,target=/var/lib/apt,sharing=locked \
 | |
|   apt-get update -qq && apt-get install -yqq \
 | |
|     curl \
 | |
|     gosu \
 | |
|     libjpeg62-turbo \
 | |
|     libpq5 \
 | |
|     libwebp6 \
 | |
|     xmlsec1 \
 | |
|     libjemalloc2 \
 | |
|     libssl-dev \
 | |
|     openssl \
 | |
|     && rm -rf /var/lib/apt/lists/*
 | |
| 
 | |
| COPY --from=builder /install /usr/local
 | |
| COPY ./docker/start.py /start.py
 | |
| COPY ./docker/conf /conf
 | |
| 
 | |
| EXPOSE 8008/tcp 8009/tcp 8448/tcp
 | |
| 
 | |
| ENTRYPOINT ["/start.py"]
 | |
| 
 | |
| HEALTHCHECK --start-period=5s --interval=15s --timeout=5s \
 | |
|     CMD curl -fSs http://localhost:8008/health || exit 1
 |