diff options
| author | Ivan Gabaldon <igabaldon@inetol.net> | 2025-09-20 11:33:23 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-09-20 11:33:23 +0200 |
| commit | b7ecc1c240f92252f061745d287accc886f3a742 (patch) | |
| tree | e1f531fe23f55f2ec078462c90cddb04ad3e49dd /container/builder.dockerfile | |
| parent | 164167dea0a0823845de42188818e7f80262aa71 (diff) | |
[enh] container: reproducible layers (#5222)
* [enh] container: reproducible layers
We are not aiming for reproducibility compliance, but we look to make most
builder layers reproducible without caching at least for a short period of time
(until the builder's base image changes or the child dependencies of a
requirements.txt package are updated).
This feature is only available on Podman.
This targets https://github.com/searxng/searxng/pull/5086 main goal.
* [fix] misc: apply suggestions
Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630496
Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630511
* [enh] container: prevent useless layer
Diffstat (limited to 'container/builder.dockerfile')
| -rw-r--r-- | container/builder.dockerfile | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/container/builder.dockerfile b/container/builder.dockerfile index 99b22fcc2..97251e9db 100644 --- a/container/builder.dockerfile +++ b/container/builder.dockerfile @@ -1,27 +1,29 @@ FROM ghcr.io/searxng/base:searxng-builder AS builder -COPY ./requirements*.txt ./ +ARG TIMESTAMP_VENV="0" -ARG TIMESTAMP="0" +COPY ./requirements.txt ./requirements-server.txt ./ -RUN --mount=type=cache,id=uv,target=/root/.cache/uv set -eux; \ +RUN --mount=type=cache,id=uv,target=/root/.cache/uv set -eux -o pipefail; \ + export SOURCE_DATE_EPOCH="$TIMESTAMP_VENV"; \ uv venv; \ uv pip install --no-managed-python --compile-bytecode --requirements ./requirements.txt --requirements ./requirements-server.txt; \ uv cache prune --ci; \ - find ./.venv/ -exec touch -h -t $TIMESTAMP {} + + find ./.venv/lib/python*/site-packages/*.dist-info/ -type f -name "RECORD" -exec sort -t, -k1,1 -o {} {} \;; \ + find ./.venv/ -exec touch -h --date="@$TIMESTAMP_VENV" {} +; \ + unset SOURCE_DATE_EPOCH +# use "--exclude=./searx/version_frozen.py" when actions/runner-images updates to Podman 5.0+ COPY ./searx/ ./searx/ ARG TIMESTAMP_SETTINGS="0" -RUN set -eux; \ +RUN set -eux -o pipefail; \ python -m compileall -q ./searx/; \ - touch -c -t $TIMESTAMP_SETTINGS ./searx/settings.yml; \ find ./searx/static/ -type f \ \( -name "*.html" -o -name "*.css" -o -name "*.js" -o -name "*.svg" \) \ -exec gzip -9 -k {} + \ -exec brotli -9 -k {} + \ -exec gzip --test {}.gz + \ -exec brotli --test {}.br +; \ - # Move always changing files to /usr/local/searxng/ - mv ./searx/version_frozen.py ./ + touch -c --date="@$TIMESTAMP_SETTINGS" ./searx/settings.yml |