kanidm/server/Dockerfile

# Build the main Kanidmd server
ARG BASE_IMAGE=opensuse/tumbleweed:latest
# ARG BASE_IMAGE=opensuse/leap:15.5

FROM ${BASE_IMAGE} AS repos
ADD scripts/zypper_fixing.sh /zypper_fixing.sh
RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh

# ======================
FROM repos AS builder
ARG KANIDM_FEATURES
ARG KANIDM_BUILD_PROFILE="container_generic"
ARG KANIDM_BUILD_OPTIONS=""

# Set the build profile
ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"

RUN \
    --mount=type=cache,id=zypp,target=/var/cache/zypp \
    zypper install -y --no-recommends \
        sccache \
        cargo \
        clang \
        gawk \
        make \
        automake \
        autoconf \
        libopenssl-3-devel \
        pam-devel \
        sqlite3-devel \
        rsync \
        findutils \
        which \
        mold

COPY . /usr/src/kanidm

# ======================

# WORKDIR /usr/src/kanidm/server/web_ui
# # This can't be used in the wasm build for now.
# # ENV RUSTFLAGS="-Clinker=clang"
# RUN ./build_wasm.sh

# ======================

WORKDIR /usr/src/kanidm/kanidmd/daemon

# Exports don't persist through RUN statements.
RUN --mount=type=cache,id=cargo,target=/cargo \
    --mount=type=cache,id=sccache,target=/sccache \
    export CARGO_HOME=/cargo && \
    export SCCACHE_DIR=/sccache && \
    export RUSTC_WRAPPER=/usr/bin/sccache && \
    export CC="/usr/bin/clang" && \
    cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
        --target-dir="/usr/src/kanidm/target/" \
        --features="${KANIDM_FEATURES}" \
        --release; \
    sccache -s

# ======================

FROM repos
RUN \
    --mount=type=cache,id=zypp,target=/var/cache/zypp \
    zypper install -y \
        timezone \
        openssl-3 \
        sqlite3 \
        pam

COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
COPY --from=builder /usr/src/kanidm/server/web_ui/pkg /pkg
COPY --from=builder /usr/src/kanidm/server/core/static /hpkg
RUN chmod +x /sbin/kanidmd

EXPOSE 8443 3636
VOLUME /data

ENV RUST_BACKTRACE 1

HEALTHCHECK \
    --interval=60s \
    --timeout=10s \
    --start-period=60s \
    --start-interval=5s \
    --retries=3 \
    CMD [ "/sbin/kanidmd", "healthcheck", "-c", "/data/server.toml"]

CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`# Build the main Kanidmd server`
195 rel cleanup (#268) Fixes #195 pre release cleanup. This does a LOT, clippy, formatting, and much much more. It fixes a lot of parts of the book, improves server config and more. 2020-06-18 02:30:42 +02:00			`ARG BASE_IMAGE=opensuse/tumbleweed:latest`
Add tools for remigration and domain level raising (#2481) 2024-02-06 11:01:06 +01:00			`# ARG BASE_IMAGE=opensuse/leap:15.5`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00
Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00			`FROM ${BASE_IMAGE} AS repos`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00			`ADD scripts/zypper_fixing.sh /zypper_fixing.sh`
			`RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh`
Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`# ======================`
Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00			`FROM repos AS builder`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`ARG KANIDM_FEATURES`
			`ARG KANIDM_BUILD_PROFILE="container_generic"`
			`ARG KANIDM_BUILD_OPTIONS=""`
12 totp (#201) Implements #12, TOTP. This adds support for TOTP to the api and server, with server side token generation, authentication and the correct URI for encoding into QR codes for client token addition. Some extra measures have been taken such as in the stepped auth to always notify on the success or failure of the TOTP first (regardless of order) to prevent PW bruteforce attacks. 2020-04-10 07:50:45 +02:00
1355 docker builds (#1384) 2023-02-17 08:02:01 +01:00			`# Set the build profile`
			`ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}`
			`ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00
1355 docker builds (#1384) 2023-02-17 08:02:01 +01:00			`RUN \`
			`--mount=type=cache,id=zypp,target=/var/cache/zypp \`
			`zypper install -y --no-recommends \`
			`sccache \`
			`cargo \`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`clang \`
Resolve issues with dyngroup members (#1986) 2023-08-17 07:52:12 +02:00			`gawk \`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00			`make \`
			`automake \`
			`autoconf \`
			`libopenssl-3-devel \`
			`pam-devel \`
Base web UI (#391) Initial web ui (not-functional yet) 2021-03-26 02:22:00 +01:00			`sqlite3-devel \`
A pile of Wasm UI tweaks (#958) 2022-08-01 07:52:01 +02:00			`rsync \`
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`findutils \`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`which \`
			`mold`
Merge docker image github actions into unique Use matrix and Makefile to build both images in the same workflow. Kanidmd image remove muslc version and come back to SUSE version because performance problems. Also fix a typo bug with kanidmd image build on CI. 2020-05-06 09:37:07 +02:00
			`COPY . /usr/src/kanidm`
Large rework of audit logging 2018-12-27 06:22:03 +01:00
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`# ======================`

1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com> 2023-03-02 03:47:23 +01:00			`# WORKDIR /usr/src/kanidm/server/web_ui`
20221001 refactor (#1090) 2022-10-05 01:48:48 +02:00			`# # This can't be used in the wasm build for now.`
			`# # ENV RUSTFLAGS="-Clinker=clang"`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`# RUN ./build_wasm.sh`
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00
			`# ======================`
636 consent remembering in oauth2 (#824) 2022-06-20 03:37:39 +02:00
			`WORKDIR /usr/src/kanidm/kanidmd/daemon`

Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`# Exports don't persist through RUN statements.`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00			`RUN --mount=type=cache,id=cargo,target=/cargo \`
			`--mount=type=cache,id=sccache,target=/sccache \`
			`export CARGO_HOME=/cargo && \`
			`export SCCACHE_DIR=/sccache && \`
			`export RUSTC_WRAPPER=/usr/bin/sccache && \`
			`export CC="/usr/bin/clang" && \`
1355 docker builds (#1384) 2023-02-17 08:02:01 +01:00			`cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \`
			`--target-dir="/usr/src/kanidm/target/" \`
			`--features="${KANIDM_FEATURES}" \`
			`--release; \`
			`sccache -s`
Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00
Fix cargo.lock + Docker (#964) 2022-08-02 08:11:42 +02:00			`# ======================`

Resolve linker issues on arm. (#787) 2022-05-26 13:13:07 +02:00			`FROM repos`
1355 docker builds (#1384) 2023-02-17 08:02:01 +01:00			`RUN \`
			`--mount=type=cache,id=zypp,target=/var/cache/zypp \`
			`zypper install -y \`
Merge docker image github actions into unique Use matrix and Makefile to build both images in the same workflow. Kanidmd image remove muslc version and come back to SUSE version because performance problems. Also fix a typo bug with kanidmd image build on CI. 2020-05-06 09:37:07 +02:00			`timezone \`
1355 docker builds (#1357) 2023-02-06 00:50:10 +01:00			`openssl-3 \`
Build improvements 2020-08-06 08:05:33 +02:00			`sqlite3 \`
Dockerized containerybuilds (#741) * let us see if we can dockerize this crab 2022-05-08 05:00:34 +02:00			`pam`
Update outdated libraries and add helper make argument. 2020-04-11 02:32:56 +02:00
Merge pull request #222 from kanidm/20200508-docker-fix This fixes an incorrect path in the suse image 2020-05-08 02:50:05 +02:00			`COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/`
1399 cleanup cli docs (#1413) * Cleanup cli args * Update book * Update wasm * making the CI happy --------- Co-authored-by: James Hodgkinson <james@terminaloutcomes.com> 2023-03-02 03:47:23 +01:00			`COPY --from=builder /usr/src/kanidm/server/web_ui/pkg /pkg`
enable build htmx in docker (#2893) 2024-07-15 10:06:15 +02:00			`COPY --from=builder /usr/src/kanidm/server/core/static /hpkg`
Building kanidm cli in docker, disabling ARM kanidmd (#879) * adding kanidm image and config * removing npm deps from build and dockerfiles * moving to a non-root user in the dockerfile 2022-07-05 03:39:38 +02:00			`RUN chmod +x /sbin/kanidmd`
Large rework of audit logging 2018-12-27 06:22:03 +01:00
199 ldap gateway (#246) adds an LDAP gateway to the server. It supports TLS if configured for the webserver, using the same parameters. It is a read only interface, only supporting bind via the configured posix password. 2020-06-10 04:07:43 +02:00			`EXPOSE 8443 3636`
Create light images with static binaries - Change base builder image to `ekidd/rust-musl-builder` for create static binaries. - Add two flavours: alpine and stand alone binary. - Add makefile commands for build, test and push kanidmd images and refactor previous code. - Add missing things to `.dockerignore`. - Refactor CI to use Makefile. 2020-05-02 12:33:52 +02:00			`VOLUME /data`
Merge docker image github actions into unique Use matrix and Makefile to build both images in the same workflow. Kanidmd image remove muslc version and come back to SUSE version because performance problems. Also fix a typo bug with kanidmd image build on CI. 2020-05-06 09:37:07 +02:00
			`ENV RUST_BACKTRACE 1`
Fighting with zypper, tagging our images (#1964) * fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments 2023-08-14 02:06:53 +02:00
Oauth2 in htmx (#2912) * Apply suggestions from code review Co-authored-by: James Hodgkinson <james@terminaloutcomes.com> 2024-07-20 04:30:06 +02:00			`HEALTHCHECK \`
			`--interval=60s \`
			`--timeout=10s \`
			`--start-period=60s \`
			`--start-interval=5s \`
			`--retries=3 \`
			`CMD [ "/sbin/kanidmd", "healthcheck", "-c", "/data/server.toml"]`

Building kanidm cli in docker, disabling ARM kanidmd (#879) * adding kanidm image and config * removing npm deps from build and dockerfiles * moving to a non-root user in the dockerfile 2022-07-05 03:39:38 +02:00			`CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]`