Rework Dockerfile #4699
Rework Dockerfile #4699
Conversation
hum no, we should run a non-root container by default. |
|
I have reverted the change, there is no need to specify uid/gid in uWSGI as it will already run under the user that is configured to run in the container (in this case now |
Maybe we could do a multi-stage Docker image? This way we don't have to include the whole build-essential. Or separate Dockerfiles like I proposed in #4676 (comment) And have you looked into adding more source for the wheels like https://www.piwheels.org/? I just found out that this wheels repo is configured in my raspberry pi (I don't use searxng on it but I saw that when installing cryptography on armv7) |
It's already being done, the issue is that uWSGI relies on some heavy dependencies, I hope to be able to remove that once we use Granian: https://github.com/inetol/searxng/blob/4aaa97a1d80d6267685e0291ad270875393cdb35/Dockerfile#L44 Also in #4707 I will separate the "modern" archs and "armv7", so less dependencies for amd64 and arm64 images.
I want to do this here, as this requires modifying the whole CD process: #4707
I find it interesting, unfortunately it follows the mainline Python versions of RPiOS. The container images use Python 3.13 and piwheels are built for Python 3.11 backwards, I'm not going to stick to using Python 3.11 on the container image if it only affects one architecture (although once the whole Docker process is refactored, I don't rule out that the arch armv7 will be keyed to use the same mainline Python versions of RPiOS, we'll see...). |
This is one of various PR to refactor the entire SearXNG Docker workflow. Switches to Python glibc based images, all dependencies are installed via pip and not from system repositories, and several minor changes. This PR will increase the image size from 194.9 MB to 345.47 MB (amd64), this is due to ARMv7 images (needs dependencies for wheels compilation and runtime (?)) and uWSGI webserver. Later PR will reduce the final image size.
This reverts commit 2e74d86.
What does this PR do?
This is one of various PR to refactor the entire SearXNG Docker workflow.
Switches to Python glibc based images, all dependencies are installed via pip and not from system repositories, and several minor changes.
By default, the container will now run under root, this is to prevent weird issues when using a rootless Docker/Podman setup (you can revert to how it was by specifying thesearxnguser on container instancing, just remember to update the ownership recursively in the already created volumes).This PR will increase the image size from 194.9 MB to 345.47 MB (amd64), this is due to ARMv7 images (needs dependencies for wheels compilation and runtime (?)) and uWSGI webserver. Later PR will reduce the final image size.
Why is this change important?
It's being talked about in various issues and PRs as Docker images are getting in the way and hindering development.
#4676
#4596
#4463
How to test this PR locally?
docker build .orpodman build .Related issues
Supersedes / Close #4463
Closes #4460