refactor: dockerfile based on ekidd/rust-musl-builder

Author: joseluisq

.drone.yml

@@ -1,27 +1,9 @@
 pipeline:
-    # PRODUCTION
-    image-private:
-        image: plugins/docker
-        group: production
-        registry: registry.joseluisq.net
-        repo: registry.joseluisq.net/rust-linux-darwin-builder
-        dockerfile: ./Dockerfile
-        username:
-            from_secret: registry_username
-        password:
-            from_secret: registry_password
-        auto_tag: true
-        build_args:
-            - DOCKER_IMAGE_VERSION=${DRONE_TAG}
-        when:
-            event: tag
-        branch: master
-
-    image-public:
+    publish:
         image: plugins/docker
         group: production
         repo: joseluisq/rust-linux-darwin-builder
-        dockerfile: ./Dockerfile
+        dockerfile: ./docker/Dockerfile
         username:
             from_secret: dockerhub_username
         password:
@@ -33,7 +15,7 @@ pipeline:
             event: tag
         branch: master
 
-    notification-slack:
+    notification:
         image: plugins/slack
         webhook:
             from_secret: slack_webhook

.travis.yml

@@ -0,0 +1,15 @@
+language: rust
+
+services:
+  - docker
+
+os:
+  - linux
+
+script:
+- bash ./test-image
+
+notifications:
+  email:
+    on_success: never
+    on_failure: always

Dockerfile

@@ -1,3 +1,17 @@
 build:
-	docker build -t joseluisq/rust-linux-darwin-builder:1.40.0 -f Dockerfile .
+	docker build \
+		-t joseluisq/rust-linux-darwin-builder:1 \
+		-f Dockerfile .
 .PHONY: build
+
+release:
+	# 2. Update docker files to latest tag
+	./docker/version.sh $(TAG)
+
+	# 3. Commit and push to latest tag
+	git add docker/Dockerfile
+	git commit docker/Dockerfile -m "$(TAG)"
+	git tag $(TAG)
+	git push origin master
+	git push origin $(TAG)
+.ONESHELL: release

Makefile

@@ -0,0 +1,183 @@
+# NOTE: Most of Dockerfile and related files were borrowed from
+#       https://hub.docker.com/r/ekidd/rust-musl-builder
+
+# Use Ubuntu 18.04 LTS as our base image.
+FROM ubuntu:$UBUNTU_VERSION
+
+LABEL maintainer="Jose Quintana <joseluisq.net>"
+
+# The Rust toolchain to use when building our image.  Set by `hooks/build`.
+ARG TOOLCHAIN=stable
+
+# The OpenSSL version to use. We parameterize this because many Rust
+# projects will fail to build with 1.1.
+ARG OPENSSL_VERSION=1.0.2r
+
+# Make sure we have basic dev tools for building C libraries.  Our goal
+# here is to support the musl-libc builds and Cargo builds needed for a
+# large selection of the most popular crates.
+#
+# We also set up a `rust` user by default, in whose account we'll install
+# the Rust toolchain.  This user has sudo privileges if you need to install
+# any more software.
+#
+# `mdbook` is the standard Rust tool for making searchable HTML manuals.
+RUN apt-get update && \
+    apt-get install -y \
+        build-essential \
+        cmake \
+        curl \
+        file \
+        git \
+        musl-dev \
+        musl-tools \
+        libpq-dev \
+        libsqlite-dev \
+        libssl-dev \
+        linux-libc-dev \
+        pkgconf \
+        sudo \
+        xutils-dev \
+        gcc-multilib-arm-linux-gnueabihf \
+        clang \
+        zlib1g-dev \
+        libmpc-dev \
+        libmpfr-dev \
+        libgmp-dev \
+        libxml2-dev \
+        nano \
+        && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* && \
+    useradd rust --user-group --create-home --shell /bin/bash --groups sudo && \
+    MDBOOK_VERSION=0.2.1 && \
+    curl -LO https://github.com/rust-lang-nursery/mdBook/releases/download/v$MDBOOK_VERSION/mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
+    tar xf mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz && \
+    mv mdbook /usr/local/bin/ && \
+    rm -f mdbook-v$MDBOOK_VERSION-x86_64-unknown-linux-musl.tar.gz
+
+# Static linking for C++ code
+RUN sudo ln -s "/usr/bin/g++" "/usr/bin/musl-g++"
+
+# Allow sudo without a password.
+ADD sudoers /etc/sudoers.d/nopasswd
+
+# Run all further code as user `rust`, and create our working directories
+# as the appropriate user.
+USER rust
+RUN mkdir -p /home/rust/libs /home/rust/src
+
+# Set up our path with all our binary directories, including those for the
+# musl-gcc toolchain and for our Rust toolchain.
+ENV PATH=/home/rust/.cargo/bin:/usr/local/musl/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# Install our Rust toolchain and the `musl` target.  We patch the
+# command-line we pass to the installer so that it won't attempt to
+# interact with the user or fool around with TTYs.  We also set the default
+# `--target` to musl so that our users don't need to keep overriding it
+# manually.
+RUN curl https://sh.rustup.rs -sSf | \
+    sh -s -- -y --default-toolchain $TOOLCHAIN && \
+    rustup target add x86_64-unknown-linux-musl && \
+    rustup target add armv7-unknown-linux-musleabihf && \
+    rustup target add x86_64-apple-darwin
+ADD cargo-config.toml /home/rust/.cargo/config
+
+# Set up a `git credentials` helper for using GH_USER and GH_TOKEN to access
+# private repositories if desired.
+ADD git-credential-ghtoken /usr/local/bin
+RUN git config --global credential.https://github.com.helper ghtoken
+
+# Build a static library version of OpenSSL using musl-libc.  This is needed by
+# the popular Rust `hyper` crate.
+#
+# We point /usr/local/musl/include/linux at some Linux kernel headers (not
+# necessarily the right ones) in an effort to compile OpenSSL 1.1's "engine"
+# component. It's possible that this will cause bizarre and terrible things to
+# happen. There may be "sanitized" header
+RUN echo "Building OpenSSL..." && \
+    ls /usr/include/linux && \
+    sudo mkdir -p /usr/local/musl/include && \
+    sudo ln -s /usr/include/linux /usr/local/musl/include/linux && \
+    sudo ln -s /usr/include/x86_64-linux-gnu/asm /usr/local/musl/include/asm && \
+    sudo ln -s /usr/include/asm-generic /usr/local/musl/include/asm-generic && \
+    cd /tmp && \
+    curl -LO "https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz" && \
+    tar xvzf "openssl-$OPENSSL_VERSION.tar.gz" && cd "openssl-$OPENSSL_VERSION" && \
+    env CC=musl-gcc ./Configure no-shared no-zlib -fPIC --prefix=/usr/local/musl -DOPENSSL_NO_SECURE_MEMORY linux-x86_64 && \
+    env C_INCLUDE_PATH=/usr/local/musl/include/ make depend && \
+    env C_INCLUDE_PATH=/usr/local/musl/include/ make && \
+    sudo make install && \
+    sudo rm /usr/local/musl/include/linux /usr/local/musl/include/asm /usr/local/musl/include/asm-generic && \
+    rm -r /tmp/*
+
+RUN echo "Building zlib..." && \
+    cd /tmp && \
+    ZLIB_VERSION=1.2.11 && \
+    curl -LO "http://zlib.net/zlib-$ZLIB_VERSION.tar.gz" && \
+    tar xzf "zlib-$ZLIB_VERSION.tar.gz" && cd "zlib-$ZLIB_VERSION" && \
+    CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
+    make && sudo make install && \
+    rm -r /tmp/*
+
+RUN echo "Building libpq..." && \
+    cd /tmp && \
+    POSTGRESQL_VERSION=11.2 && \
+    curl -LO "https://ftp.postgresql.org/pub/source/v$POSTGRESQL_VERSION/postgresql-$POSTGRESQL_VERSION.tar.gz" && \
+    tar xzf "postgresql-$POSTGRESQL_VERSION.tar.gz" && cd "postgresql-$POSTGRESQL_VERSION" && \
+    CC=musl-gcc CPPFLAGS=-I/usr/local/musl/include LDFLAGS=-L/usr/local/musl/lib ./configure --with-openssl --without-readline --prefix=/usr/local/musl && \
+    cd src/interfaces/libpq && make all-static-lib && sudo make install-lib-static && \
+    cd ../../bin/pg_config && make && sudo make install && \
+    rm -r /tmp/*
+
+ENV OPENSSL_DIR=/usr/local/musl/ \
+    OPENSSL_INCLUDE_DIR=/usr/local/musl/include/ \
+    DEP_OPENSSL_INCLUDE=/usr/local/musl/include/ \
+    OPENSSL_LIB_DIR=/usr/local/musl/lib/ \
+    OPENSSL_STATIC=1 \
+    PQ_LIB_STATIC_X86_64_UNKNOWN_LINUX_MUSL=1 \
+    PG_CONFIG_X86_64_UNKNOWN_LINUX_GNU=/usr/bin/pg_config \
+    PKG_CONFIG_ALLOW_CROSS=true \
+    PKG_CONFIG_ALL_STATIC=true \
+    LIBZ_SYS_STATIC=1 \
+    TARGET=musl
+
+# (Please feel free to submit pull requests for musl-libc builds of other C
+# libraries needed by the most popular and common Rust crates, to avoid
+# everybody needing to build them manually.)
+
+ENV OSXCROSS_SDK_VERSION 10.11
+
+RUN echo "Building osxcross..." && \
+    cd /home/rust && \
+    git clone --depth 1 https://github.com/tpoechtrager/osxcross && \
+    cd osxcross && \
+    curl -L -o ./tarballs/MacOSX${OSXCROSS_SDK_VERSION}.sdk.tar.xz \
+    https://s3.amazonaws.com/andrew-osx-sdks/MacOSX${OSXCROSS_SDK_VERSION}.sdk.tar.xz && \
+    env UNATTENDED=yes OSX_VERSION_MIN=10.7 ./build.sh && \
+    rm -rf ./tarballs/MacOSX${OSXCROSS_SDK_VERSION}.sdk.tar.xz && \
+    rm -rf /tmp/*
+
+ENV PATH $PATH:/home/rust/osxcross/target/bin
+
+# Install some useful Rust tools from source. This will use the static linking
+# toolchain, but that should be OK.
+#
+# We include cargo-audit for compatibility with earlier versions of this image,
+# but cargo-deny provides a super-set of cargo-audit's features.
+RUN cargo install -f cargo-audit && \
+    cargo install -f cargo-deny && \
+    rm -rf /home/rust/.cargo/registry/
+
+# Expect our source code to live in /home/rust/src.  We'll run the build as
+# user `rust`, which will be uid 1000, gid 1000 outside the container.
+WORKDIR /home/rust/src
+
+CMD ["bash"]
+
+# Metadata
+LABEL org.opencontainers.image.vendor="Jose Quintana" \
+    org.opencontainers.image.url="registry.joseluisq.net/rust-oscross-builder" \
+    org.opencontainers.image.title="Rust Linux / Darwin Builder" \
+    org.opencontainers.image.description="Use same Docker image for compiling Rust programs for Linux (musl libc) & macOS (osxcross)." \
+    org.opencontainers.image.version="$VERSION" \
+    org.opencontainers.image.documentation="registry.joseluisq.net/rust-oscross-builder"

docker/tmpl.Dockerfile

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+set -e
+set -u
+
+LATEST_TAG=$1
+BASE_PATH="$(pwd)/docker"
+
+if [ $# -eq 0 ]; then
+    echo "Usage: ./version.sh <tag or branch>"
+    exit
+fi
+
+export VERSION=$LATEST_TAG
+export UBUNTU_VERSION=18.04
+
+if [ ! -d "$BASE_PATH" ]; then
+    echo "Directory no found for \"${BASE_PATH}\""
+    exit 1
+fi
+
+echo "Generating Dockerfile for Ubuntu Linux v$UBUNTU_VERSION x86_64"
+
+rm -rf "${BASE_PATH}/Dockerfile"
+
+envsubst \$UBUNTU_VERSION,\$VERSION <"${BASE_PATH}/tmpl.Dockerfile" >"${BASE_PATH}/Dockerfile"
+
+echo "Dockerfile $VERSION were created successfully!"

docker/version.sh

@@ -0,0 +1 @@
+target

examples/adding-a-library/.dockerignore

@@ -0,0 +1,17 @@
+# -*- mode: dockerfile -*-
+#
+# An example Dockerfile showing how to add new static C libraries using
+# musl-gcc.
+
+FROM ekidd/rust-musl-builder
+
+# Build a static copy of zlib.
+#
+# EXAMPLE ONLY! libz is already included.
+RUN VERS=1.2.11 && \
+    cd /home/rust/libs && \
+    curl -LO http://zlib.net/zlib-$VERS.tar.gz && \
+    tar xzf zlib-$VERS.tar.gz && cd zlib-$VERS && \
+    CC=musl-gcc ./configure --static --prefix=/usr/local/musl && \
+    make && sudo make install && \
+    cd .. && rm -rf zlib-$VERS.tar.gz zlib-$VERS

examples/adding-a-library/Dockerfile

@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# Usage: ./build-release <PROJECT> ${TRAVIS_TAG}-${TRAVIS_OS_NAME}
+#
+# The latest version of this script is available at
+# https://github.com/emk/rust-musl-builder/blob/master/examples/build-release
+#
+# Called by `.travis.yml` to build release binaries.  We use
+# ekidd/rust-musl-builder to make the Linux binaries so that we can run
+# them unchanged on any distro, including tiny distros like Alpine (which
+# is heavily used for Docker containers).  Other platforms get regular
+# binaries, which will generally be dynamically linked against libc.
+#
+# If you have a platform which supports static linking of libc, and this
+# would be generally useful, please feel free to submit patches.
+
+set -euo pipefail
+
+case `uname -s` in
+    Linux)
+        echo "Building static binaries using ekidd/rust-musl-builder"
+        docker build -t build-"$1"-image .
+        docker run -it --name build-"$1" build-"$1"-image
+        docker cp build-"$1":/home/rust/src/target/x86_64-unknown-linux-musl/release/"$1" "$1"
+        docker rm build-"$1"
+        docker rmi build-"$1"-image
+        zip "$1"-"$2".zip "$1"
+        ;;
+    *)
+        echo "Building standard release binaries"
+        cargo build --release
+        zip -j "$1"-"$2".zip target/release/"$1"
+        ;;
+esac