Merge pull request #314 from TriliumNext/fix-arm-builds

Fix ARM container builds

Author: eliandoran

.github/workflows/main-docker.yml

@@ -1,148 +1,155 @@
 on:
-    push:
-      branches:
-        - "develop"
-        - "feature/update**"
-        - "feature/server_esm**"
-      paths-ignore:
-        - "docs/**"
-        - "bin/**"
-      tags:
-        - "v*"
-    workflow_dispatch:  
+  push:
+    branches:
+      - "develop"
+      - "feature/update**"
+      - "feature/server_esm**"
+    paths-ignore:
+      - "docs/**"
+      - "bin/**"
+    tags:
+      - "v*"
+  workflow_dispatch:  
 
 env:
-    GHCR_REGISTRY: ghcr.io
-    DOCKERHUB_REGISTRY: docker.io
-    IMAGE_NAME: ${{ github.repository }}
-    TEST_TAG: triliumnext/notes:test
-    PLATFORMS: linux/amd64,linux/arm64
+  GHCR_REGISTRY: ghcr.io
+  DOCKERHUB_REGISTRY: docker.io
+  IMAGE_NAME: ${{ github.repository }}
+  TEST_TAG: triliumnext/notes:test
+  PLATFORMS: linux/amd64,linux/arm64,linux/arm/v7,linux/arm64/v8
 
 jobs:
-    test_docker:
-        name: Check Docker build
-        runs-on: ubuntu-latest
-        steps:
-            - name: Checkout the repository
-              uses: actions/checkout@v4
+  test_docker:
+      name: Check Docker build
+      runs-on: ubuntu-latest
+      steps:
+          - name: Checkout the repository
+            uses: actions/checkout@v4
 
-            - name: Set up Docker Buildx
-              uses: docker/setup-buildx-action@v3
+          - name: Set up Docker Buildx
+            uses: docker/setup-buildx-action@v3
 
-            - name: Set up node & dependencies
-              uses: actions/setup-node@v4
-              with:
-                node-version: 20
-                cache: "npm"
-            
-            - run: npm ci
-            
-            - name: Run the TypeScript build
-              run: npx tsc
-            
-            - name: Create server-package.json
-              run: cat package.json | grep -v electron > server-package.json
-
-            - name: Build and export to Docker
-              uses: docker/build-push-action@v6
-              with:
-                context: .
-                load: true
-                tags: ${{ env.TEST_TAG }}
-                cache-from: type=gha
-                cache-to: type=gha,mode=max
-
-            - name: Run the container in the background
-              run: docker run -d --rm --name trilium_local ${{ env.TEST_TAG }}
-
-            - name: Wait for the healthchecks to pass
-              uses: stringbean/docker-healthcheck-action@v1
-              with:
-                container: trilium_local
-                wait-time: 50
-                require-status: running
-                require-healthy: true
-
-    build_docker:
-        name: Build Docker images
-        runs-on: ubuntu-latest
-        needs:
-            - test_docker
-        permissions:
-          contents: read
-          packages: write
-          attestations: write
-          id-token: write
-        steps:                        
-          - uses: actions/checkout@v4
-          - name: Set up QEMU
-            uses: docker/setup-qemu-action@v3
-          - name: Extract metadata (tags, labels) for GHCR image
-            id: ghcr-meta
-            uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-            with:
-              images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
-              tags: 
-          - name: Extract metadata (tags, labels) for DockerHub image
-            id: dh-meta
-            uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
-            with:
-              images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
           - name: Set up node & dependencies
             uses: actions/setup-node@v4
             with:
               node-version: 20
               cache: "npm"
+          
           - run: npm ci
+          
           - name: Run the TypeScript build
             run: npx tsc
+          
           - name: Create server-package.json
             run: cat package.json | grep -v electron > server-package.json
-          - name: Log in to the GHCR container registry
-            uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-            with:
-              registry: ${{ env.GHCR_REGISTRY }}
-              username: ${{ github.actor }}
-              password: ${{ secrets.GITHUB_TOKEN }}
-          - uses: docker/setup-buildx-action@v3
-          - name: Build and push container image to GHCR
-            uses: docker/build-push-action@v6
-            id: ghcr-push
-            with:
-              context: .
-              platforms: ${{ env.PLATFORMS }}
-              push: true              
-              tags: ${{ steps.ghcr-meta.outputs.tags }}
-              labels: ${{ steps.ghcr-meta.outputs.labels }}
-              cache-from: type=gha
-              cache-to: type=gha,mode=max
-          - name: Generate and push artifact attestation to GHCR
-            uses: actions/attest-build-provenance@v1
-            with:
-              subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
-              subject-digest: ${{ steps.ghcr-push.outputs.digest }}
-              push-to-registry: true
-          - name: Log in to the DockerHub container registry
-            uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
-            with:
-              registry: ${{ env.DOCKERHUB_REGISTRY }}
-              username: ${{ secrets.DOCKERHUB_USERNAME }}
-              password: ${{ secrets.DOCKERHUB_TOKEN }}
-          - name: Build and push image to DockerHub
+
+          - name: Build and export to Docker
             uses: docker/build-push-action@v6
-            id: dh-push
             with:
               context: .
-              platforms: ${{ env.PLATFORMS }}
-              push: true
-              tags: ${{ steps.dh-meta.outputs.tags }}
-              labels: ${{ steps.dh-meta.outputs.labels }}
+              load: true
+              tags: ${{ env.TEST_TAG }}
               cache-from: type=gha
               cache-to: type=gha,mode=max
-          - name: Generate and push artifact attestation to DockerHub
-            uses: actions/attest-build-provenance@v1
+
+          - name: Run the container in the background
+            run: docker run -d --rm --name trilium_local ${{ env.TEST_TAG }}
+
+          - name: Wait for the healthchecks to pass
+            uses: stringbean/docker-healthcheck-action@v1
             with:
-              subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
-              subject-digest: ${{ steps.dh-push.outputs.digest }}
-              push-to-registry: true
-    
+              container: trilium_local
+              wait-time: 50
+              require-status: running
+              require-healthy: true
+
+  build_docker:
+      name: Build Docker images
+      runs-on: ubuntu-latest
+      needs:
+          - test_docker
+      permissions:
+        contents: read
+        packages: write
+        attestations: write
+        id-token: write
+      strategy:
+        matrix:
+          architecture: [linux/amd64, linux/arm64, linux/arm/v7, linux/arm64/v8]
+      steps:                        
+        - uses: actions/checkout@v4
+        - name: Extract metadata (tags, labels) for GHCR image
+          id: ghcr-meta
+          uses: docker/metadata-action@v4
+          with:
+            images: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}
+            tags: |
+              type=ref,event=branch
+              type=ref,event=tag
+              type=sha
+        - name: Extract metadata (tags, labels) for DockerHub image
+          id: dh-meta
+          uses: docker/metadata-action@v4
+          with:
+            images: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME }}
+            tags: |
+              type=ref,event=branch
+              type=ref,event=tag
+              type=sha
+        - name: Set up node & dependencies
+          uses: actions/setup-node@v4
+          with:
+            node-version: 20
+            cache: "npm"
+        - run: npm ci
+        - name: Run the TypeScript build
+          run: npx tsc
+        - name: Create server-package.json
+          run: cat package.json | grep -v electron > server-package.json
+        - name: Log in to the GHCR container registry
+          uses: docker/login-action@v2
+          with:
+            registry: ${{ env.GHCR_REGISTRY }}
+            username: ${{ github.actor }}
+            password: ${{ secrets.GITHUB_TOKEN }}
+        - uses: docker/setup-buildx-action@v3
+        - name: Build and push container image to GHCR
+          uses: docker/build-push-action@v6
+          id: ghcr-push
+          with:
+            context: .
+            platforms: ${{ matrix.architecture }}
+            push: true              
+            tags: ${{ steps.ghcr-meta.outputs.tags }}
+            labels: ${{ steps.ghcr-meta.outputs.labels }}
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+        - name: Generate and push artifact attestation to GHCR
+          uses: actions/attest-build-provenance@v1
+          with:
+            subject-name: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME}}
+            subject-digest: ${{ steps.ghcr-push.outputs.digest }}
+            push-to-registry: true
+        - name: Log in to the DockerHub container registry
+          uses: docker/login-action@v2
+          with:
+            registry: ${{ env.DOCKERHUB_REGISTRY }}
+            username: ${{ secrets.DOCKERHUB_USERNAME }}
+            password: ${{ secrets.DOCKERHUB_TOKEN }}
+        - name: Build and push image to DockerHub
+          uses: docker/build-push-action@v6
+          id: dh-push
+          with:
+            context: .
+            platforms: ${{ matrix.architecture }}
+            push: true
+            tags: ${{ steps.dh-meta.outputs.tags }}
+            labels: ${{ steps.dh-meta.outputs.labels }}
+            cache-from: type=gha
+            cache-to: type=gha,mode=max
+        - name: Generate and push artifact attestation to DockerHub
+          uses: actions/attest-build-provenance@v1
+          with:
+            subject-name: ${{ env.DOCKERHUB_REGISTRY }}/${{ env.IMAGE_NAME}}
+            subject-digest: ${{ steps.dh-push.outputs.digest }}
+            push-to-registry: true

Dockerfile

@@ -1,8 +1,8 @@
 # !!! Don't try to build this Dockerfile directly, run it through bin/build-docker.sh script !!!
-FROM node:20.15.1-alpine
+FROM node:20.15.1-bullseye-slim
 
 # Configure system dependencies
-RUN apk add --no-cache --virtual .build-dependencies \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     autoconf \
     automake \
     g++ \
@@ -11,7 +11,9 @@ RUN apk add --no-cache --virtual .build-dependencies \
     make \
     nasm \
     libpng-dev \
-    python3 
+    python3 \
+    gosu \
+    && rm -rf /var/lib/apt/lists/*
 
 # Create app directory
 WORKDIR /usr/src/app
@@ -32,24 +34,33 @@ RUN rm docker_healthcheck.ts
 RUN rm -r build
 
 # Install app dependencies
-RUN set -x \
-    && npm install \
-    && apk del .build-dependencies \
-    && npm run webpack \
-    && npm prune --omit=dev \
-    && cp src/public/app/share.js src/public/app-dist/. \
-    && cp -r src/public/app/doc_notes src/public/app-dist/. \
-    && rm -rf src/public/app \
-    && rm src/services/asset_path.ts
+RUN set -x
+RUN npm install
+RUN apt-get purge -y --auto-remove \
+    autoconf \
+    automake \
+    g++ \
+    gcc \
+    libtool \
+    make \
+    nasm \
+    libpng-dev \
+    python3 \
+    && rm -rf /var/lib/apt/lists/*
+RUN npm run webpack
+RUN npm prune --omit=dev
+RUN cp src/public/app/share.js src/public/app-dist/.
+RUN cp -r src/public/app/doc_notes src/public/app-dist/.
+RUN rm -rf src/public/app
+RUN rm src/services/asset_path.ts
 
 # Some setup tools need to be kept
-RUN apk add --no-cache su-exec shadow
-
-# Add application user and setup proper volume permissions
-RUN adduser -s /bin/false node; exit 0
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gosu \
+    && rm -rf /var/lib/apt/lists/*
 
 # Start the application
 EXPOSE 8080
 CMD [ "./start-docker.sh" ]
 
-HEALTHCHECK --start-period=10s CMD exec su-exec node node docker_healthcheck.js
+HEALTHCHECK --start-period=10s CMD exec gosu node node docker_healthcheck.js

start-docker.sh

@@ -4,4 +4,4 @@
 [[ ! -z "${USER_GID}" ]] && groupmod -og ${USER_GID} node || echo "No USER_GID specified, leaving 1000"
 
 chown -R node:node /home/node
-exec su-exec node node ./src/www
+exec gosu node node ./src/www