Update ffmpeg and change static build provider

images/chromium-headful/Dockerfile

@@ -20,7 +20,9 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     go build -ldflags="-s -w" -o /out/kernel-images-api ./cmd/api
 
 # Build chromium launcher
-RUN GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} \
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} \
     go build -ldflags="-s -w" -o /out/chromium-launcher ./cmd/chromium-launcher
 
 # webrtc client
@@ -60,6 +62,50 @@ RUN set -eux; \
     make -j$(nproc); \
     make install;
 
+FROM docker.io/ubuntu:22.04 AS ffmpeg-downloader
+RUN --mount=type=cache,target=/var/cache/apt,sharing=private,id=ubuntu2204-aptcache \
+    --mount=type=cache,target=/var/lib/apt,sharing=private,id=ubuntu2204-aptlib \
+    rm -f /etc/apt/apt.conf.d/docker-clean; \
+    echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache; \
+    set -xe; \
+    apt-get -yqq update; \
+    apt-get -yqq --no-install-recommends install ca-certificates curl xz-utils;
+
+# Download FFmpeg (latest static build) for the recording server
+RUN --mount=type=cache,target=/tmp/cache/ffmpeg,sharing=private,id=ffmpeg \
+    <<-'EOT'
+    set -eux
+    ARCHIVE_NAME="ffmpeg-master-latest-linux64-gpl.tar.xz"
+    URL="https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/$ARCHIVE_NAME"
+    echo "Downloading FFmpeg checksum"
+    if ! curl --connect-timeout 10 -fsSL "https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/checksums.sha256" -o /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256; then
+        echo "Failed to connect to ffmpeg static build provider for checksum."
+        echo "Checking for cached version to use."
+        if [ ! -f /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256 ]; then
+            echo "Unable to locate cached checksum. Exiting."
+            exit 1
+        else
+            echo "Found cached checksum."
+        fi
+    fi
+    grep -F "$ARCHIVE_NAME" /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256 > /tmp/cache/ffmpeg/tmp_sha256_only
+    mv /tmp/cache/ffmpeg/tmp_sha256_only /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256
+    sed -i -e 's/  .*$/  \/tmp\/cache\/ffmpeg\/ffmpeg.tar.xz/' /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256
+    echo "Checking cache for FFmpeg archive and validating checksum"
+    if sha256sum --check /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256; then
+        echo "Checksum validated, using cached FFmpeg archive"
+    else
+        echo "Downloading FFmpeg static build from $URL"
+        curl -fsSL "$URL" -o /tmp/cache/ffmpeg/ffmpeg.tar.xz
+        echo "Validating checksum of FFmpeg static build download"
+        sha256sum --check /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256
+    fi
+    tar -xJf /tmp/cache/ffmpeg/ffmpeg.tar.xz -C /tmp
+    install -m755 /tmp/ffmpeg-*/bin/ffmpeg  /usr/local/bin/ffmpeg
+    install -m755 /tmp/ffmpeg-*/bin/ffprobe /usr/local/bin/ffprobe
+    rm -rf /tmp/ffmpeg*
+EOT
+
 FROM ghcr.io/onkernel/neko/base:3.0.8-v1.3.0 AS neko
 # ^--- now has event.SYSTEM_PONG with legacy support to keepalive
 FROM node:22-bullseye-slim AS node-22
@@ -119,40 +165,11 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=private,id=ubuntu2204-aptca
     fonts-nanum \
     fontconfig \
     unzip && \
-    apt-get clean && fc-cache -f
+    fc-cache -f
 
 # install ffmpeg manually since the version available in apt is from the 4.x branch due to #drama.
-# as of writing these static builds will be the latest 7.0.x release.
-RUN --mount=type=cache,target=/tmp/cache/ffmpeg,id=ffmpeg \
-    <<-'EOT'
-    set -eux
-    URL="https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz"
-    echo "Downloading FFmpeg MD5 checksum"
-    if ! curl --connect-timeout 10 -fsSL "${URL}.md5" -o /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5; then
-        echo "Failed to connect to ffmpeg static build provider for MD5 checksum."
-        echo "Checking for cached version to use."
-        if [ ! -f /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5 ]; then
-            echo "Unable to locate cached MD5 checksum. Exiting."
-            exit 1
-        else
-            echo "Found cached MD5 checksum."
-        fi
-    fi
-    sed -i -e 's/ .*$/ \/tmp\/cache\/ffmpeg\/ffmpeg.tar.xz/' /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5
-    echo "Checking cache for FFmpeg archive and validating MD5 checksum"
-    if md5sum --check /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5; then
-        echo "Checksum validated, using cached FFmpeg archive"
-    else
-        echo "Downloading FFmpeg static build from $URL"
-        curl -fsSL "$URL" -o /tmp/cache/ffmpeg/ffmpeg.tar.xz
-        echo "Validating MD5 checksum of FFmpeg static build download"
-        md5sum --check /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5
-    fi
-    tar -xJf /tmp/cache/ffmpeg/ffmpeg.tar.xz -C /tmp
-    install -m755 /tmp/ffmpeg-*/ffmpeg  /usr/local/bin/ffmpeg
-    install -m755 /tmp/ffmpeg-*/ffprobe /usr/local/bin/ffprobe
-    rm -rf /tmp/ffmpeg*
-EOT
+COPY --from=ffmpeg-downloader /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg
+COPY --from=ffmpeg-downloader /usr/local/bin/ffprobe /usr/local/bin/ffprobe
 
 # runtime
 ENV USERNAME=root

images/chromium-headless/image/Dockerfile

@@ -22,9 +22,55 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
     go build -ldflags="-s -w" -o /out/kernel-images-api ./cmd/api
 
 # Build chromium launcher
-RUN GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} \
+RUN --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} \
     go build -ldflags="-s -w" -o /out/chromium-launcher ./cmd/chromium-launcher
 
+FROM docker.io/ubuntu:22.04 AS ffmpeg-downloader
+RUN --mount=type=cache,target=/var/cache/apt,sharing=private,id=ubuntu2204-aptcache \
+    --mount=type=cache,target=/var/lib/apt,sharing=private,id=ubuntu2204-aptlib \
+    rm -f /etc/apt/apt.conf.d/docker-clean; \
+    echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache; \
+    set -xe; \
+    apt-get -yqq update; \
+    apt-get -yqq --no-install-recommends install ca-certificates curl xz-utils;
+
+# Download FFmpeg (latest static build) for the recording server
+RUN --mount=type=cache,target=/tmp/cache/ffmpeg,sharing=private,id=ffmpeg \
+    <<-'EOT'
+    set -eux
+    ARCHIVE_NAME="ffmpeg-master-latest-linux64-gpl.tar.xz"
+    URL="https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/$ARCHIVE_NAME"
+    echo "Downloading FFmpeg checksum"
+    if ! curl --connect-timeout 10 -fsSL "https://github.com/BtbN/FFmpeg-Builds/releases/download/latest/checksums.sha256" -o /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256; then
+        echo "Failed to connect to ffmpeg static build provider for checksum."
+        echo "Checking for cached version to use."
+        if [ ! -f /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256 ]; then
+            echo "Unable to locate cached checksum. Exiting."
+            exit 1
+        else
+            echo "Found cached checksum."
+        fi
+    fi
+    grep -F "$ARCHIVE_NAME" /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256 > /tmp/cache/ffmpeg/tmp_sha256_only
+    mv /tmp/cache/ffmpeg/tmp_sha256_only /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256
+    sed -i -e 's/  .*$/  \/tmp\/cache\/ffmpeg\/ffmpeg.tar.xz/' /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256
+    echo "Checking cache for FFmpeg archive and validating checksum"
+    if sha256sum --check /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256; then
+        echo "Checksum validated, using cached FFmpeg archive"
+    else
+        echo "Downloading FFmpeg static build from $URL"
+        curl -fsSL "$URL" -o /tmp/cache/ffmpeg/ffmpeg.tar.xz
+        echo "Validating checksum of FFmpeg static build download"
+        sha256sum --check /tmp/cache/ffmpeg/ffmpeg.tar.xz.sha256
+    fi
+    tar -xJf /tmp/cache/ffmpeg/ffmpeg.tar.xz -C /tmp
+    install -m755 /tmp/ffmpeg-*/bin/ffmpeg  /usr/local/bin/ffmpeg
+    install -m755 /tmp/ffmpeg-*/bin/ffprobe /usr/local/bin/ffprobe
+    rm -rf /tmp/ffmpeg*
+EOT
+
 FROM node:22-bullseye-slim AS node-22
 FROM docker.io/ubuntu:22.04
 RUN --mount=type=cache,target=/var/cache/apt,sharing=private,id=ubuntu2204-aptcache \
@@ -85,36 +131,8 @@ RUN mkdir -p /etc/chromium/policies/managed
 COPY shared/chromium-policies/managed/policy.json /etc/chromium/policies/managed/policy.json
 
 # Install FFmpeg (latest static build) for the recording server
-RUN --mount=type=cache,target=/tmp/cache/ffmpeg,id=ffmpeg \
-    <<-'EOT'
-    set -eux
-    URL="https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz"
-    echo "Downloading FFmpeg MD5 checksum"
-    if ! curl --connect-timeout 10 -fsSL "${URL}.md5" -o /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5; then
-        echo "Failed to connect to ffmpeg static build provider for MD5 checksum."
-        echo "Checking for cached version to use."
-        if [ ! -f /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5 ]; then
-            echo "Unable to locate cached MD5 checksum. Exiting."
-            exit 1
-        else
-            echo "Found cached MD5 checksum."
-        fi
-    fi
-    sed -i -e 's/ .*$/ \/tmp\/cache\/ffmpeg\/ffmpeg.tar.xz/' /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5
-    echo "Checking cache for FFmpeg archive and validating MD5 checksum"
-    if md5sum --check /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5; then
-        echo "Checksum validated, using cached FFmpeg archive"
-    else
-        echo "Downloading FFmpeg static build from $URL"
-        curl -fsSL "$URL" -o /tmp/cache/ffmpeg/ffmpeg.tar.xz
-        echo "Validating MD5 checksum of FFmpeg static build download"
-        md5sum --check /tmp/cache/ffmpeg/ffmpeg.tar.xz.md5
-    fi
-    tar -xJf /tmp/cache/ffmpeg/ffmpeg.tar.xz -C /tmp
-    install -m755 /tmp/ffmpeg-*/ffmpeg  /usr/local/bin/ffmpeg
-    install -m755 /tmp/ffmpeg-*/ffprobe /usr/local/bin/ffprobe
-    rm -rf /tmp/ffmpeg*
-EOT
+COPY --from=ffmpeg-downloader /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg
+COPY --from=ffmpeg-downloader /usr/local/bin/ffprobe /usr/local/bin/ffprobe
 
 # Remove upower to prevent spurious D-Bus activations and logs
 RUN --mount=type=cache,target=/var/cache/apt,sharing=private,id=ubuntu2204-aptcache \
@@ -133,7 +151,7 @@ RUN set -eux; \
     fi
 
 # Install TypeScript and Playwright globally
-RUN npm install -g typescript playwright-core tsx
+RUN --mount=type=cache,target=/root/.npm npm install -g typescript playwright-core tsx
 
 ENV WITHDOCKER=true