There was a PR (#4370) to add i686/i386 support for Vaultwarden.
That specific PR was not a viable way of adding this.
This PR adds extra architectures for Debian based containers which we
will not support by default. Those images will not be build and pushed
to our container registries.
Added the following architectures:
- linux/386
- linux/ppc64le
- linux/s390x
Again, there will be no major support for these architectures, but it
will allow people who use these architectures to build a Debian based
binary more easily
For some reason still not known, the `.git` directory was not copied
into the container. I think buildkit (buildx) did this by default before, and
stopped this with newer versions.
This PR fixes this by also touching `build.rs` besides `src/main.rs`.
This PR also updates Rust to v1.74.1 and some crates, including the
latest version of Alpine 3.19.
Fixes #4150
* WIP: Container building changes
* Small updates
- Updated to rust 1.73.0
- Updated crates
- Updated documentation
- Added a bake.sh script to make baking easier
* Update GitHub Actions Workflow
- Updated workflow to use qemu and buildx bake
In the future i would like to extract the alpine based binaries and add
them as artifacts to the release.
* Address review remarks and small updates
- Addressed review remarks
- Added `podman-bake.sh` script to build Vaultwarden with podman
- Updated README
- Updated crates
- Added `VW_VERSION` support
- Added annotations
- Updated web-vault to v2023.9.1
This PR updates the base images to use Debian Bookworm as base image. Also the MUSL/Alpine builds now use OpenSSLv3 and PostgreSQL v15.
The GHA Workflows are updated to use Ubuntu 22.04 to better match the versions of Debian Bookworm.
Also:
- Enabled spares crate registry
- Updated workflow actions
- Updated Rust to v1.71.0
- The rust-musl images now use musl v1.2.3 for the 32bit arch's if the Rust version is v1.71.0 or higher.
The 64bit arch's already used musl v1.2.3.
- Updated crates.
Improves / Closes #3434
- Revert #3170 as discussed in #3387
In hindsight it's better to not have this feature
- Update Dockerfile.j2 for easy version changes.
Just change it in one place instead of multiple
- Updated to Rust to latest patched version
- Updated crates to latest available
- Pinned mimalloc to an older version, as it breaks on musl builds
- Added support for Quay.io
- Added support for GHCR.io
To enable support for these container image registries the following needs to be added.
As `Actions secrets and variables` - `Secrets`
- `DOCKERHUB_TOKEN` and `DOCKERHUB_USERNAME`
- `QUAY_TOKEN` and `QUAY_USERNAME`
As `Actions secrets and variables` - `Variables` - `Repository Variables`
- `DOCKERHUB_REPO`
- `GHCR_REPO`
- `QUAY_REPO`
The `DOCKERHUB_REPO` currently configured in `Secrets` can be removed if wanted, probably best after this PR has been merged.
If one of the vars/secrets are not configured it will skip that specific registry!
- Changed MSRV to v1.65.
Discussed this with @dani-garcia, and we will support **N-2**.
This is/will be the same as for the `time` crate we use.
Also updated the wiki regarding this https://github.com/dani-garcia/vaultwarden/wiki/Building-binary
- Removed backtrace crate in favor of `std::backtrace` stable since v1.65
- Updated Rust to v1.67.1
- Updated all the crates
- Updated the GHA action versions
- Adjusted the GHA MSRV build to extract the MSRV from `Cargo.toml`
This is done by running `setcap cap_net_bind_service=+ep` on the executable
in the build stage (doing it in the runtime stage creates an extra copy of
the executable that bloats the image). This only works when using the
BuildKit-based builder, since the `COPY` instruction doesn't copy
capabilities on the legacy builder.
- Put groups support behind a feature flag, and disabled by default.
The reason is that it has some known issues, but we want to keep
optimizing this feature. Putting it behind a feature flag could help
some users, and the developers into optimizing this feature without to
much trouble.
Further:
- Updates Rust to v1.66.0
- Updated GHA workflows
- Updated Alpine to 3.17
- Updated jquery to v3.6.2
- Moved jdenticon.js to load at the bottom, fixes an issue on chromium
- Added autocomplete attribute to admin login password field
- Added some extra CSP options (Tested this on Safari, Firefox, Chrome, Bitwarden Desktop)
- Moved uppercase convertion from runtime to compile-time using `paste`
for building the environment variables, lowers heap allocations.
- Updated to Rust v1.64.0
- Updated all libararies
- Updated multer-rs to be based upon the latest version
- Updated Dockerfiles to match the Rust version
The previous persistent folder check worked by checking if a file
exists. If you used a bind-mount, then this file is not there. But when
using a docker/podman volume those files are copied, and caused the
container to not start.
This change checks the `/proc/self/mountinfo` for a specific patern to
see if the data folder is persistent or not.
Fixes #2622
This will add a persistent volume check to make sure when running
containers someone is using a volume for persistent storage.
This check can be bypassed if someone configures
`I_REALLY_WANT_VOLATILE_STORAGE=true` as an environment variable.
This should prevent issues like #2493 .
