From b7ecc1c240f92252f061745d287accc886f3a742 Mon Sep 17 00:00:00 2001 From: Ivan Gabaldon Date: Sat, 20 Sep 2025 11:33:23 +0200 Subject: [enh] container: reproducible layers (#5222) * [enh] container: reproducible layers We are not aiming for reproducibility compliance, but we look to make most builder layers reproducible without caching at least for a short period of time (until the builder's base image changes or the child dependencies of a requirements.txt package are updated). This feature is only available on Podman. This targets https://github.com/searxng/searxng/pull/5086 main goal. * [fix] misc: apply suggestions Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630496 Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630511 * [enh] container: prevent useless layer --- container/builder.dockerfile | 18 ++++++++++-------- container/dist.dockerfile | 2 +- 2 files changed, 11 insertions(+), 9 deletions(-) (limited to 'container') diff --git a/container/builder.dockerfile b/container/builder.dockerfile index 99b22fcc2..97251e9db 100644 --- a/container/builder.dockerfile +++ b/container/builder.dockerfile @@ -1,27 +1,29 @@ FROM ghcr.io/searxng/base:searxng-builder AS builder -COPY ./requirements*.txt ./ +ARG TIMESTAMP_VENV="0" -ARG TIMESTAMP="0" +COPY ./requirements.txt ./requirements-server.txt ./ -RUN --mount=type=cache,id=uv,target=/root/.cache/uv set -eux; \ +RUN --mount=type=cache,id=uv,target=/root/.cache/uv set -eux -o pipefail; \ + export SOURCE_DATE_EPOCH="$TIMESTAMP_VENV"; \ uv venv; \ uv pip install --no-managed-python --compile-bytecode --requirements ./requirements.txt --requirements ./requirements-server.txt; \ uv cache prune --ci; \ - find ./.venv/ -exec touch -h -t $TIMESTAMP {} + + find ./.venv/lib/python*/site-packages/*.dist-info/ -type f -name "RECORD" -exec sort -t, -k1,1 -o {} {} \;; \ + find ./.venv/ -exec touch -h --date="@$TIMESTAMP_VENV" {} +; \ + unset SOURCE_DATE_EPOCH +# use "--exclude=./searx/version_frozen.py" when actions/runner-images updates to Podman 5.0+ COPY ./searx/ ./searx/ ARG TIMESTAMP_SETTINGS="0" -RUN set -eux; \ +RUN set -eux -o pipefail; \ python -m compileall -q ./searx/; \ - touch -c -t $TIMESTAMP_SETTINGS ./searx/settings.yml; \ find ./searx/static/ -type f \ \( -name "*.html" -o -name "*.css" -o -name "*.js" -o -name "*.svg" \) \ -exec gzip -9 -k {} + \ -exec brotli -9 -k {} + \ -exec gzip --test {}.gz + \ -exec brotli --test {}.br +; \ - # Move always changing files to /usr/local/searxng/ - mv ./searx/version_frozen.py ./ + touch -c --date="@$TIMESTAMP_SETTINGS" ./searx/settings.yml diff --git a/container/dist.dockerfile b/container/dist.dockerfile index 2270bdefd..b16f432e4 100644 --- a/container/dist.dockerfile +++ b/container/dist.dockerfile @@ -6,7 +6,7 @@ ARG CONTAINER_IMAGE_NAME="searxng" COPY --chown=searxng:searxng --from=localhost/$CONTAINER_IMAGE_ORGANIZATION/$CONTAINER_IMAGE_NAME:builder /usr/local/searxng/.venv/ ./.venv/ COPY --chown=searxng:searxng --from=localhost/$CONTAINER_IMAGE_ORGANIZATION/$CONTAINER_IMAGE_NAME:builder /usr/local/searxng/searx/ ./searx/ COPY --chown=searxng:searxng ./container/ ./ -COPY --chown=searxng:searxng --from=localhost/$CONTAINER_IMAGE_ORGANIZATION/$CONTAINER_IMAGE_NAME:builder /usr/local/searxng/version_frozen.py ./searx/ +#COPY --chown=searxng:searxng ./searx/version_frozen.py ./searx/ ARG CREATED="0001-01-01T00:00:00Z" ARG VERSION="unknown" -- cgit v1.2.3