searxng/.git/container/Dockerfile, branch master Unnamed repository; edit this file 'description' to name the repository. [enh] container: tidy builds (#5086) 2025-08-07T08:46:26+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-08-07T08:46:26+00:00 3de7a6da2dba72057a75d54b4b9fd864dee230e9 Building the container currently does not work properly. When rebuilding several times with `make container`, `version_frozen.py` is recreated, which wouldn't be an issue if the file’s timestamp was constant. Now, when creating `version_frozen.py`, it will have the same timestamp as the commit when it was created. (`version_frozen.py` is moved to a dedicated layer). Reusing "builder" cache when building "dist" could be slow (CD reports 2 seconds, but locally I've seen it take up to 10 seconds), so the Dockerfile is now split and we save a couple steps by importing the "builder" image directly. The last changes made it possible to remove the layer cache in "builder", since the overhead is now greater than building the layers from scratch. Until now, all "dist" layers were squashed into a single layer, which in most cases is a good idea (except for storage/delivery pricing/overhead), but in our case, since we manage the entire pipeline, we can ignore this and share layers between builds. This means (for example) that if we change files unrelated to the container in several consecutive commits (documentation changes), we don't have to push the entire image to registry, but only the different layers (`version_frozen.py` in this example). The same applies when pulling, as only the layers that have changed compared to the local layers will be downloaded (that's the theory, we'll see if this works as expected or if we need to tweak something else). 
Building the container currently does not work properly.
When rebuilding several times with `make container`, `version_frozen.py`
is recreated, which wouldn't be an issue if the file’s timestamp was constant.
Now, when creating `version_frozen.py`, it will have the same timestamp as the
commit when it was created. (`version_frozen.py` is moved to a dedicated layer).

Reusing "builder" cache when building "dist" could be slow
(CD reports 2 seconds, but locally I've seen it take up to 10 seconds),
so the Dockerfile is now split and we save a couple steps
by importing the "builder" image directly.

The last changes made it possible to remove the layer cache in "builder",
since the overhead is now greater than building the layers from scratch.

Until now, all "dist" layers were squashed into a single layer,
which in most cases is a good idea
(except for storage/delivery pricing/overhead), but in our case,
since we manage the entire pipeline, we can ignore this
and share layers between builds.
This means (for example) that if we change files unrelated to the container
in several consecutive commits (documentation changes), we don't have to push
the entire image to registry, but only the different layers
(`version_frozen.py` in this example).
The same applies when pulling, as only the layers that have changed
compared to the local layers will be downloaded (that's the theory,
we'll see if this works as expected or if we need to tweak something else).
 [upd] pypi: Bump the minor group with 2 updates (#5077) 2025-08-01T08:55:45+00:00 dependabot[bot] 49699333+dependabot[bot]@users.noreply.github.com 2025-08-01T08:55:45+00:00 dcb1e200074cff02a1ccbb44da1c98a426c56bc7 * [upd] pypi: Bump the minor group with 2 updates Bumps the minor group with 2 updates: [granian[reload]](https://github.com/emmett-framework/granian) and [granian](https://github.com/emmett-framework/granian). Updates `granian[reload]` from 2.4.2 to 2.5.0 - [Release notes](https://github.com/emmett-framework/granian/releases) - [Commits](https://github.com/emmett-framework/granian/compare/v2.4.2...v2.5.0) Updates `granian` from 2.4.2 to 2.5.0 - [Release notes](https://github.com/emmett-framework/granian/releases) - [Commits](https://github.com/emmett-framework/granian/compare/v2.4.2...v2.5.0) --- updated-dependencies: - dependency-name: granian[reload] dependency-version: 2.5.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: granian dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor ... Signed-off-by: dependabot[bot] <support@github.com> * [enh] py: use humanized duration --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ivan Gabaldon <igabaldon@inetol.net> 
* [upd] pypi: Bump the minor group with 2 updates

Bumps the minor group with 2 updates: [granian[reload]](https://github.com/emmett-framework/granian) and [granian](https://github.com/emmett-framework/granian).


Updates `granian[reload]` from 2.4.2 to 2.5.0
- [Release notes](https://github.com/emmett-framework/granian/releases)
- [Commits](https://github.com/emmett-framework/granian/compare/v2.4.2...v2.5.0)

Updates `granian` from 2.4.2 to 2.5.0
- [Release notes](https://github.com/emmett-framework/granian/releases)
- [Commits](https://github.com/emmett-framework/granian/compare/v2.4.2...v2.5.0)

---
updated-dependencies:
- dependency-name: granian[reload]
  dependency-version: 2.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: granian
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* [enh] py: use humanized duration

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ivan Gabaldon <igabaldon@inetol.net>
 [mod] make run: start granian server and versioning by Dependabot (#5037) 2025-07-25T15:40:33+00:00 Markus Heiser markus.heiser@darmarIT.de 2025-07-25T15:40:33+00:00 168fa9b09bc84210922ad879aae65ff9c452c4e4 The new ``requirements-server.txt`` (granian) is installed into the virtualenv of Dockerfile. When ``make run`` is called, a granian server is started with auto reload on application's files changes / requires granian[reload] extra, see ``requirements-dev.txt``. Dependabot supports updates to any ``.txt`` file [1]. [1] https://docs.github.com/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories#pip-and-pip-compile Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> 
The new ``requirements-server.txt`` (granian) is installed into the virtualenv
of Dockerfile.

When ``make run`` is called, a granian server is started with auto reload on
application's files changes / requires granian[reload] extra, see
``requirements-dev.txt``.

Dependabot supports updates to any ``.txt`` file [1].

[1] https://docs.github.com/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories#pip-and-pip-compile

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
 [fix] container: remove static path mount (#5006) 2025-07-19T08:18:50+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-07-19T08:18:50+00:00 b95a3e905d05695a04c424764b8c58020ca38b5c I've seen that by default Granian sets a `Cache-Control` header for 1 day IF `GRANIAN_STATIC_PATH_MOUNT` is set. This option is not a hard requirement, but it's set because I found to be faster when serving the static files. Another thing is that by removing `GRANIAN_STATIC_PATH_MOUNT`, the headers set by the application are present again in the static files, which was not the case before. Related https://github.com/searxng/searxng/pull/5004 
I've seen that by default Granian sets a `Cache-Control` header for 1 day IF `GRANIAN_STATIC_PATH_MOUNT` is set. This option is not a hard requirement, but it's set because I found to be faster when serving the static files.

Another thing is that by removing `GRANIAN_STATIC_PATH_MOUNT`, the headers set by the application are present again in the static files, which was not the case before.

Related https://github.com/searxng/searxng/pull/5004
 [mod] container: remove `Cache-Control` header (#5005) 2025-07-11T15:34:07+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-07-11T15:34:07+00:00 d5743398539263f2c0cac676e073a08cb3eb6eb8 Granian shouldn't actually handle the cache, we leave that to the upstream proxy. Related https://github.com/searxng/searxng/pull/5004 
Granian shouldn't actually handle the cache, we leave that to the upstream proxy.

Related https://github.com/searxng/searxng/pull/5004
 [mod] container: replace uWSGI with Granian (#4820) 2025-07-04T12:35:28+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-07-04T12:35:28+00:00 01be2612ab845771929181592931464f179357ea * [mod] container: replace uWSGI with Granian The configuration in Granian is handled with ENVs, much more convenient and practical for updating. The settings have been tested for over two months in a production instance, being usable on small to somewhat large instances without having to modify anything. It also removes the patch functions and ENVs abstraction from the entrypoint, this makes it possible to run the container with immutable configuration. In some setups, It may be desired to have the volumes/files under a specific uid/gid (other than searxng:searxng), if the entrypoint has root permissions it will chown automatically on every start, which may not be desired. Explicitly setting the new ENV `FORCE_OWNERSHIP=false` will prevent ownership from being modified. No manual migration is necessary **unless** the user has changed the default uWSGI configuration or has a very specific setup. Closes https://github.com/searxng/searxng/issues/4894 Closes https://github.com/searxng/searxng/issues/4818 Closes https://github.com/searxng/searxng/issues/4802 Supersedes https://github.com/searxng/searxng/pull/4596 Related https://github.com/searxng/searxng/discussions/4479 * [mod] docs: add container/granian All container documentation has been recreated. A new documentation page has been created for Granian. * [enh] misc: apply suggestions Minor documentation changes. Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2134539259 Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2134538610 Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2134827964 Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2134544300 Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2149387388 --------- Signed-off-by: Markus Heiser <markus.heiser@darmarit.de> Co-authored-by: Ivan Gabaldon <igabaldon@inetol.net> Co-authored-by: Markus Heiser <markus.heiser@darmarit.de> 
* [mod] container: replace uWSGI with Granian

The configuration in Granian is handled with ENVs, much more convenient and practical for updating. The settings have been tested for over two months in a production instance, being usable on small to somewhat large instances without having to modify anything.

It also removes the patch functions and ENVs abstraction from the entrypoint, this makes it possible to run the container with immutable configuration.

In some setups, It may be desired to have the volumes/files under a specific uid/gid (other than searxng:searxng), if the entrypoint has root permissions it will chown automatically on every start, which may not be desired. Explicitly setting the new ENV `FORCE_OWNERSHIP=false` will prevent ownership from being modified.

No manual migration is necessary **unless** the user has changed the default uWSGI configuration or has a very specific setup.

Closes https://github.com/searxng/searxng/issues/4894
Closes https://github.com/searxng/searxng/issues/4818
Closes https://github.com/searxng/searxng/issues/4802

Supersedes https://github.com/searxng/searxng/pull/4596

Related https://github.com/searxng/searxng/discussions/4479

* [mod] docs: add container/granian

All container documentation has been recreated.

A new documentation page has been created for Granian.

* [enh] misc: apply suggestions

Minor documentation changes.

Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2134539259
Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2134538610
Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2134827964
Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2134544300
Suggested https://github.com/searxng/searxng/pull/4820#discussion_r2149387388

---------

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Co-authored-by: Ivan Gabaldon <igabaldon@inetol.net>
Co-authored-by: Markus Heiser <markus.heiser@darmarit.de>
 [fix] container: remove HEALTHCHECK (#4941) 2025-06-26T12:46:59+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-06-26T12:46:59+00:00 c6e0ad930d273b3073705285d8bc6970202527a2 This is a poorly designed instruction, which is hardcoded and cannot be easily modified or maintained on a rolling release sw like ours. This *should* be set in the SearXNG Docker Compose template, not in the image itself. The OCI format is now used since we no longer have the HEALTHCHECK on the Dockerfile. Closes https://github.com/searxng/searxng/issues/4906 Closes https://github.com/searxng/searxng/issues/4722 
This is a poorly designed instruction, which is hardcoded and cannot be easily modified or maintained on a rolling release sw like ours. This *should* be set in the SearXNG Docker Compose template, not in the image itself.

The OCI format is now used since we no longer have the HEALTHCHECK on the Dockerfile.

Closes https://github.com/searxng/searxng/issues/4906
Closes https://github.com/searxng/searxng/issues/4722
 [mod] container: refactor entrypoint script 2025-05-20T09:49:30+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-05-16T09:16:41+00:00 749de829d5bad6a05ebe1a733a6bd942c1a386ec That entrypoint is prone to screw things up, especially with permission handling. The new script handles initialization better and fixes some issues like delayed settings update via ENVs and timestamp overwriting, also adjusts what should be copied into the container. Related https://github.com/searxng/searxng/pull/4721#issuecomment-2850272129 
That entrypoint is prone to screw things up, especially with permission handling. The new script handles initialization better and fixes some issues like delayed settings update via ENVs and timestamp overwriting, also adjusts what should be copied into the container.

Related https://github.com/searxng/searxng/pull/4721#issuecomment-2850272129
[mod] container: build custom base images (#4799) 2025-05-17T16:21:04+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-05-17T16:21:04+00:00 86373e7c87aeca9fb0d8889a12cfe09c0ffd1df9 Instead of using Wolfi base images from cgr.dev and making that mess on the Dockerfile, why don't we build the base images ourselves from Wolfi repos with apko? The intention of this is to simplify the main Dockerfile and avoid having to patch the base image every time, it also simplifies some steps like image ownership management and provides extremely fast builds. 
Instead of using Wolfi base images from cgr.dev and making that mess on the Dockerfile, why don't we build the base images ourselves from Wolfi repos with apko? The intention of this is to simplify the main Dockerfile and avoid having to patch the base image every time, it also simplifies some steps like image ownership management and provides extremely fast builds.
 [enh] container: use Wolfi OS as base image 2025-05-15T20:56:31+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-05-11T20:07:53+00:00 03083f07da0c6f9764b891041a7518d2e0cf4bea Wolfi OS images are specifically designed for container use. Using a specially designed base image for containers not only reduces maintenance burdens, but improves overall experience for developers (fewer packages we have to track) and end users (smaller images). Discussion here: https://github.com/searxng/searxng/issues/4753 
Wolfi OS images are specifically designed for container use. Using a specially designed base image for containers not only reduces maintenance burdens, but improves overall experience for developers (fewer packages we have to track) and end users (smaller images).

Discussion here: https://github.com/searxng/searxng/issues/4753