Container building changes (#3958)

* WIP: Container building changes

* Small updates

- Updated to rust 1.73.0
- Updated crates
- Updated documentation
- Added a bake.sh script to make baking easier

* Update GitHub Actions Workflow

- Updated workflow to use qemu and buildx bake

In the future i would like to extract the alpine based binaries and add
them as artifacts to the release.

* Address review remarks and small updates

- Addressed review remarks
- Added `podman-bake.sh` script to build Vaultwarden with podman
- Updated README
- Updated crates
- Added `VW_VERSION` support
- Added annotations
- Updated web-vault to v2023.9.1

1 files changed, 229 insertions, 0 deletions

diff --git a/docker/docker-bake.hcl b/docker/docker-bake.hcl
new file mode 100644
index 00000000..332b46c9
--- /dev/null
+++ b/docker/docker-bake.hcl
@@ -0,0 +1,229 @@
+// ==== Baking Variables ====
+
+// Set which cargo profile to use, dev or release for example
+// Use the value provided in the Dockerfile as default
+variable "CARGO_PROFILE" {
+  default = null
+}
+
+// Set which DB's (features) to enable
+// Use the value provided in the Dockerfile as default
+variable "DB" {
+  default = null
+}
+
+// The repository this build was triggered from
+variable "SOURCE_REPOSITORY_URL" {
+  default = null
+}
+
+// The commit hash of of the current commit this build was triggered on
+variable "SOURCE_COMMIT" {
+  default = null
+}
+
+// The version of this build
+// Typically the current exact tag of this commit,
+// else the last tag and the first 8 characters of the source commit
+variable "SOURCE_VERSION" {
+  default = null
+}
+
+// This can be used to overwrite SOURCE_VERSION
+// It will be used during the build.rs building stage
+variable "VW_VERSION" {
+  default = null
+}
+
+// The base tag(s) to use
+// This can be a comma separated value like "testing,1.29.2"
+variable "BASE_TAGS" {
+  default = "testing"
+}
+
+// Which container registries should be used for the tagging
+// This can be a comma separated value
+// Use a full URI like `ghcr.io/dani-garcia/vaultwarden,docker.io/vaultwarden/server`
+variable "CONTAINER_REGISTRIES" {
+  default = "vaultwarden/server"
+}
+
+
+// ==== Baking Groups ====
+
+group "default" {
+  targets = ["debian"]
+}
+
+
+// ==== Shared Baking ====
+function "labels" {
+  params = []
+  result = {
+    "org.opencontainers.image.description" = "Unofficial Bitwarden compatible server written in Rust - ${SOURCE_VERSION}"
+    "org.opencontainers.image.licenses" = "AGPL-3.0-only"
+    "org.opencontainers.image.documentation" = "https://github.com/dani-garcia/vaultwarden/wiki"
+    "org.opencontainers.image.url" = "https://github.com/dani-garcia/vaultwarden"
+    "org.opencontainers.image.created" =  "${formatdate("YYYY-MM-DD'T'hh:mm:ssZZZZZ", timestamp())}"
+    "org.opencontainers.image.source" = "${SOURCE_REPOSITORY_URL}"
+    "org.opencontainers.image.revision" = "${SOURCE_COMMIT}"
+    "org.opencontainers.image.version" = "${SOURCE_VERSION}"
+  }
+}
+
+target "_default_attributes" {
+  labels = labels()
+  args = {
+    DB = "${DB}"
+    CARGO_PROFILE = "${CARGO_PROFILE}"
+    VW_VERSION = "${VW_VERSION}"
+  }
+}
+
+
+// ==== Debian Baking ====
+
+// Default Debian target, will build a container using the hosts platform architecture
+target "debian" {
+  inherits = ["_default_attributes"]
+  dockerfile = "docker/Dockerfile.debian"
+  tags = generate_tags("", platform_tag())
+  output = [join(",", flatten([["type=docker"], image_index_annotations()]))]
+}
+
+// Multi Platform target, will build one tagged manifest with all supported architectures
+// This is mainly used by GitHub Actions to build and push new containers
+target "debian-multi" {
+  inherits = ["debian"]
+  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+  tags = generate_tags("", "")
+  output = [join(",", flatten([["type=registry"], image_index_annotations()]))]
+}
+
+// Per platform targets, to individually test building per platform locally
+target "debian-amd64" {
+  inherits = ["debian"]
+  platforms = ["linux/amd64"]
+  tags = generate_tags("", "-amd64")
+}
+
+target "debian-arm64" {
+  inherits = ["debian"]
+  platforms = ["linux/arm64"]
+  tags = generate_tags("", "-arm64")
+}
+
+target "debian-armv7" {
+  inherits = ["debian"]
+  platforms = ["linux/arm/v7"]
+  tags = generate_tags("", "-armv7")
+}
+
+target "debian-armv6" {
+  inherits = ["debian"]
+  platforms = ["linux/arm/v6"]
+  tags = generate_tags("", "-armv6")
+}
+
+// A Group to build all platforms individually for local testing
+group "debian-all" {
+  targets = ["debian-amd64", "debian-arm64", "debian-armv7", "debian-armv6"]
+}
+
+
+// ==== Alpine Baking ====
+
+// Default Alpine target, will build a container using the hosts platform architecture
+target "alpine" {
+  inherits = ["_default_attributes"]
+  dockerfile = "docker/Dockerfile.alpine"
+  tags = generate_tags("-alpine", platform_tag())
+  output = [join(",", flatten([["type=docker"], image_index_annotations()]))]
+}
+
+// Multi Platform target, will build one tagged manifest with all supported architectures
+// This is mainly used by GitHub Actions to build and push new containers
+target "alpine-multi" {
+  inherits = ["alpine"]
+  platforms = ["linux/amd64", "linux/arm64", "linux/arm/v7", "linux/arm/v6"]
+  tags = generate_tags("-alpine", "")
+  output = [join(",", flatten([["type=registry"], image_index_annotations()]))]
+}
+
+// Per platform targets, to individually test building per platform locally
+target "alpine-amd64" {
+  inherits = ["alpine"]
+  platforms = ["linux/amd64"]
+  tags = generate_tags("-alpine", "-amd64")
+}
+
+target "alpine-arm64" {
+  inherits = ["alpine"]
+  platforms = ["linux/arm64"]
+  tags = generate_tags("-alpine", "-arm64")
+}
+
+target "alpine-armv7" {
+  inherits = ["alpine"]
+  platforms = ["linux/arm/v7"]
+  tags = generate_tags("-alpine", "-armv7")
+}
+
+target "alpine-armv6" {
+  inherits = ["alpine"]
+  platforms = ["linux/arm/v6"]
+  tags = generate_tags("-alpine", "-armv6")
+}
+
+// A Group to build all platforms individually for local testing
+group "alpine-all" {
+  targets = ["alpine-amd64", "alpine-arm64", "alpine-armv7", "alpine-armv6"]
+}
+
+
+// ==== Bake everything locally ====
+
+group "all" {
+  targets = ["debian-all", "alpine-all"]
+}
+
+
+// ==== Baking functions ====
+
+// This will return the local platform as amd64, arm64 or armv7 for example
+// It can be used for creating a local image tag
+function "platform_tag" {
+  params = []
+  result = "-${replace(replace(BAKE_LOCAL_PLATFORM, "linux/", ""), "/", "")}"
+}
+
+
+function "get_container_registries" {
+  params = []
+  result = flatten(split(",", CONTAINER_REGISTRIES))
+}
+
+function "get_base_tags" {
+  params = []
+  result = flatten(split(",", BASE_TAGS))
+}
+
+function "generate_tags" {
+  params = [
+    suffix,   // What to append to the BASE_TAG when needed, like `-alpine` for example
+    platform  // the platform we are building for if needed
+  ]
+  result = flatten([
+    for registry in get_container_registries() :
+      [for base_tag in get_base_tags() :
+        concat(["${registry}:${base_tag}${suffix}${platform}"])]
+  ])
+}
+
+function "image_index_annotations" {
+  params = []
+  result = flatten([
+    for key, value in labels() :
+      value != null ? formatlist("annotation-index.%s=%s", "${key}", "${value}") : []
+  ])
+}