[mod] container: revert to alpine (#4893)

I'm not too pleased to reverse this, but issues like https://github.com/searxng/searxng/issues/4792 have not been foreseen, and we can't just turn away. It has become apparent over the last weeks that there are still quite a few people with an incompatible CPU or having SearXNG on some random VM provider who can't (or won't) modify the configuration of their machines to expose the features needed for x86_64v2 march. As I don't want to trash the work with apko and base images, I thought about trying building Alpine again now that we have all the container related workflow refactored. There will still be the discussion of whether to use musl and its drawbacks, but right now I don't know any other alternatives. The nice part of this is that both Dockerfiles (mainline and legacy) can now be unified under the same umbrella again. Closes https://github.com/searxng/searxng/issues/4792 Closes https://github.com/searxng/searxng/issues/4753
author: Ivan Gabaldon <igabaldon@inetol.net> 2025-06-03 21:24:47 +0200
committer: GitHub <noreply@github.com> 2025-06-03 21:24:47 +0200
commit: eb36de8d914aee7d3e9087b9046b83de705233dd (patch)
tree: e251cb225ed7f4237aee8630cd1a2e62a3f0d078 /container
parent: b73ac818150f9095461eca42310cbe6ba976e196 (diff)
3 files changed, 19 insertions, 118 deletions
diff --git a/container/base-builder.yml b/container/base-builder.yml
index db84ae2f5..17086116b 100644
--- a/container/base-builder.yml
+++ b/container/base-builder.yml
@@ -1,14 +1,19 @@
 contents:
-  keyring:
-    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
   repositories:
-    - https://packages.wolfi.dev/os
+    - https://mirrors.edge.kernel.org/alpine/edge/main
+    - https://mirrors.edge.kernel.org/alpine/edge/community
   packages:
-    - wolfi-base
+    - alpine-base
     - build-base
-    - python-3.13-dev
+    - python3-dev
     - py3-pip
     - brotli
+    # lxml (armv7)
+    - libxml2-dev
+    - libxslt-dev
+    - zlib-dev
+    # uwsgi
+    - libffi-dev
 
 entrypoint:
   command: /bin/sh -l
@@ -23,3 +28,4 @@ environment:
 archs:
   - x86_64
   - aarch64
+  - armv7
diff --git a/container/base.yml b/container/base.yml
index 55fff617a..49341d18e 100644
--- a/container/base.yml
+++ b/container/base.yml
@@ -1,16 +1,17 @@
 contents:
-  keyring:
-    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
   repositories:
-    - https://packages.wolfi.dev/os
+    - https://mirrors.edge.kernel.org/alpine/edge/main
   packages:
-    - wolfi-baselayout
+    - alpine-baselayout
     - ca-certificates-bundle
     - busybox
-    - python-3.13
+    - python3
     # healthcheck
     - wget
+    # lxml (armv7)
+    - libxslt
     # uwsgi
+    - libxml2
     - mailcap
 
 entrypoint:
@@ -40,7 +41,7 @@ paths:
     type: directory
     uid: 977
     gid: 977
-    permissions: 0o755
+    permissions: 0o555
 
   # Config volume
   - path: /etc/searxng/
@@ -59,3 +60,4 @@ paths:
 archs:
   - x86_64
   - aarch64
+  - armv7
diff --git a/container/legacy/Dockerfile b/container/legacy/Dockerfile
deleted file mode 100644
index 3afaa3b4c..000000000
--- a/container/legacy/Dockerfile
+++ /dev/null
@@ -1,107 +0,0 @@
-FROM docker.io/library/python:3.13-slim AS builder
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends \
-    build-essential \
-    brotli \
-    # lxml
-    libxml2-dev \
-    libxslt1-dev \
-    zlib1g-dev \
-    # uwsgi
-    libpcre3-dev \
- && rm -rf /var/lib/apt/lists/*
-
-WORKDIR /usr/local/searxng/
-
-COPY ./requirements.txt ./requirements.txt
-
-RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \
- && . ./venv/bin/activate \
- && pip install -r requirements.txt \
- && pip install "uwsgi~=2.0"
-
-COPY ./searx/ ./searx/
-
-ARG TIMESTAMP_SETTINGS=0
-
-RUN python -m compileall -q searx \
- && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \
- && find /usr/local/searxng/searx/static \
-    \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
-    -type f -exec gzip -9 -k {} + -exec brotli --best {} +
-
-ARG SEARXNG_UID=977
-ARG SEARXNG_GID=977
-
-RUN grep -m1 root /etc/group > /tmp/.searxng.group \
- && grep -m1 root /etc/passwd > /tmp/.searxng.passwd \
- && echo "searxng:x:$SEARXNG_GID:" >> /tmp/.searxng.group \
- && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/bash" >> /tmp/.searxng.passwd
-
-FROM docker.io/library/python:3.13-slim
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends \
-    # healthcheck
-    wget \
-    # lxml (ARMv7)
-    libxslt1.1 \
-    # uwsgi
-    libpcre3 \
-    libxml2 \
-    mailcap \
- && rm -rf /var/lib/apt/lists/*
-
-COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd
-COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group
-
-ARG LABEL_DATE="0001-01-01T00:00:00Z"
-ARG GIT_URL="unspecified"
-ARG SEARXNG_GIT_VERSION="unspecified"
-ARG LABEL_VCS_REF="unspecified"
-ARG LABEL_VCS_URL="unspecified"
-
-WORKDIR /usr/local/searxng/
-
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
-COPY --chown=searxng:searxng ./container/config/ ./.template/
-COPY --chown=searxng:searxng ./container/entrypoint.sh ./entrypoint.sh
-
-ARG TIMESTAMP_UWSGI="0"
-
-RUN touch -c --date=@$TIMESTAMP_UWSGI ./.template/uwsgi.ini
-
-LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \
-      org.opencontainers.image.created=$LABEL_DATE \
-      org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \
-      org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \
-      org.opencontainers.image.licenses="AGPL-3.0-or-later" \
-      org.opencontainers.image.revision=$LABEL_VCS_REF \
-      org.opencontainers.image.source=$LABEL_VCS_URL \
-      org.opencontainers.image.title="searxng" \
-      org.opencontainers.image.url=$LABEL_VCS_URL \
-      org.opencontainers.image.version=$SEARXNG_GIT_VERSION
-
-ENV CONFIG_PATH=/etc/searxng \
-    DATA_PATH=/var/cache/searxng
-
-ENV SEARXNG_VERSION=$SEARXNG_GIT_VERSION \
-    INSTANCE_NAME=searxng \
-    AUTOCOMPLETE="" \
-    BASE_URL="" \
-    BIND_ADDRESS=[::]:8080 \
-    SEARXNG_SETTINGS_PATH=$CONFIG_PATH/settings.yml \
-    UWSGI_SETTINGS_PATH=$CONFIG_PATH/uwsgi.ini \
-    UWSGI_WORKERS=%k \
-    UWSGI_THREADS=4
-
-VOLUME $CONFIG_PATH
-VOLUME $DATA_PATH
-
-EXPOSE 8080
-
-HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1
-
-ENTRYPOINT ["/usr/local/searxng/entrypoint.sh"]
author	Ivan Gabaldon <igabaldon@inetol.net>	2025-06-03 21:24:47 +0200
committer	GitHub <noreply@github.com>	2025-06-03 21:24:47 +0200
commit	eb36de8d914aee7d3e9087b9046b83de705233dd (patch)
tree	e251cb225ed7f4237aee8630cd1a2e62a3f0d078 /container
parent	b73ac818150f9095461eca42310cbe6ba976e196 (diff)