searxng/.git/container/dist.dockerfile, branch master Unnamed repository; edit this file 'description' to name the repository. [mod] ci: use custom static podman (#5354) 2025-10-22T12:38:59+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-10-22T12:38:59+00:00 16293132e35621f9e32491b2b129fa0758e1932f We only need updated podman on `build`. `test` and `release` can use image provided container engine binaries. 
We only need updated podman on `build`. `test` and `release` can use image
provided container engine binaries.
 [mod] container: move `base` to own repository (#5310) 2025-10-12T14:30:57+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-10-12T14:30:57+00:00 5492de15bb7ae3e10fb6ba9393702e9b0a05c615 The base images will be now built in [another repository](https://github.com/searxng/base). 
The base images will be now built in
[another repository](https://github.com/searxng/base).
 [fix] utils: variable expansion (#5237) 2025-09-23T18:34:28+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-09-23T18:34:28+00:00 d2e2802514fdd153e2c5791c3ddc3901d08a7be7 Docker buildx outputs the following error: variable expansion is not supported for --from, define a new stage with FROM using ARG from global scope as a workaround. Also force BuildKit extension to be installed, legacy build is no longer supported. Closes https://github.com/searxng/searxng/issues/5219 
Docker buildx outputs the following error:

  variable expansion is not supported for --from, define a new stage with FROM
  using ARG from global scope as a workaround.

Also force BuildKit extension to be installed, legacy build is no longer
supported.

Closes https://github.com/searxng/searxng/issues/5219
 [enh] container: reproducible layers (#5222) 2025-09-20T09:33:23+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-09-20T09:33:23+00:00 b7ecc1c240f92252f061745d287accc886f3a742 * [enh] container: reproducible layers We are not aiming for reproducibility compliance, but we look to make most builder layers reproducible without caching at least for a short period of time (until the builder's base image changes or the child dependencies of a requirements.txt package are updated). This feature is only available on Podman. This targets https://github.com/searxng/searxng/pull/5086 main goal. * [fix] misc: apply suggestions Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630496 Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630511 * [enh] container: prevent useless layer 
* [enh] container: reproducible layers

We are not aiming for reproducibility compliance, but we look to make most
builder layers reproducible without caching at least for a short period of time
(until the builder's base image changes or the child dependencies of a
requirements.txt package are updated).

This feature is only available on Podman.

This targets https://github.com/searxng/searxng/pull/5086 main goal.

* [fix] misc: apply suggestions

Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630496
Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630511

* [enh] container: prevent useless layer
 [mod] py: remove uvloop (#5220) 2025-09-20T09:12:34+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-09-20T09:12:34+00:00 164167dea0a0823845de42188818e7f80262aa71 We get some good stuff without uvloop, 13MB~ less of dependencies, 3 minutes of build time for armv7 saved, and we are one step closer to NT compatibility. Although it's true that theoretically the raw performance have worsened on network side (we only used uvloop for that), the latest cpython versions have been improving on asyncio performance. 
We get some good stuff without uvloop, 13MB~ less of dependencies, 3
minutes of build time for armv7 saved, and we are one step closer to NT
compatibility. Although it's true that theoretically the raw performance
have worsened on network side (we only used uvloop for that), the latest
cpython versions have been improving on asyncio performance.
 [enh] container: tidy builds (#5086) 2025-08-07T08:46:26+00:00 Ivan Gabaldon igabaldon@inetol.net 2025-08-07T08:46:26+00:00 3de7a6da2dba72057a75d54b4b9fd864dee230e9 Building the container currently does not work properly. When rebuilding several times with `make container`, `version_frozen.py` is recreated, which wouldn't be an issue if the file’s timestamp was constant. Now, when creating `version_frozen.py`, it will have the same timestamp as the commit when it was created. (`version_frozen.py` is moved to a dedicated layer). Reusing "builder" cache when building "dist" could be slow (CD reports 2 seconds, but locally I've seen it take up to 10 seconds), so the Dockerfile is now split and we save a couple steps by importing the "builder" image directly. The last changes made it possible to remove the layer cache in "builder", since the overhead is now greater than building the layers from scratch. Until now, all "dist" layers were squashed into a single layer, which in most cases is a good idea (except for storage/delivery pricing/overhead), but in our case, since we manage the entire pipeline, we can ignore this and share layers between builds. This means (for example) that if we change files unrelated to the container in several consecutive commits (documentation changes), we don't have to push the entire image to registry, but only the different layers (`version_frozen.py` in this example). The same applies when pulling, as only the layers that have changed compared to the local layers will be downloaded (that's the theory, we'll see if this works as expected or if we need to tweak something else). 
Building the container currently does not work properly.
When rebuilding several times with `make container`, `version_frozen.py`
is recreated, which wouldn't be an issue if the file’s timestamp was constant.
Now, when creating `version_frozen.py`, it will have the same timestamp as the
commit when it was created. (`version_frozen.py` is moved to a dedicated layer).

Reusing "builder" cache when building "dist" could be slow
(CD reports 2 seconds, but locally I've seen it take up to 10 seconds),
so the Dockerfile is now split and we save a couple steps
by importing the "builder" image directly.

The last changes made it possible to remove the layer cache in "builder",
since the overhead is now greater than building the layers from scratch.

Until now, all "dist" layers were squashed into a single layer,
which in most cases is a good idea
(except for storage/delivery pricing/overhead), but in our case,
since we manage the entire pipeline, we can ignore this
and share layers between builds.
This means (for example) that if we change files unrelated to the container
in several consecutive commits (documentation changes), we don't have to push
the entire image to registry, but only the different layers
(`version_frozen.py` in this example).
The same applies when pulling, as only the layers that have changed
compared to the local layers will be downloaded (that's the theory,
we'll see if this works as expected or if we need to tweak something else).