[mod] container: build custom base images (#4799)

Instead of using Wolfi base images from cgr.dev and making that mess on the Dockerfile, why don't we build the base images ourselves from Wolfi repos with apko? The intention of this is to simplify the main Dockerfile and avoid having to patch the base image every time, it also simplifies some steps like image ownership management and provides extremely fast builds.
2025-12-22 19:50:00 +00:00 · 2025-05-17 18:21:04 +02:00
parent 1b08324f26
commit 86373e7c87
5 changed files with 167 additions and 54 deletions
--- a/container/Dockerfile
+++ b/container/Dockerfile
@@ -1,12 +1,4 @@
-FROM cgr.dev/chainguard/wolfi-base:latest AS builder
-
-RUN apk add --no-cache \
-    build-base \
-    python-3.13-dev \
-    py3-pip \
-    brotli
-
-WORKDIR /usr/local/searxng/
+FROM ghcr.io/searxng/base:searxng-builder AS builder

 COPY ./requirements.txt ./requirements.txt

@@ -23,34 +15,11 @@ ARG TIMESTAMP_UWSGI="0"
 RUN python -m compileall -q searx \
 && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \
 && touch -c --date=@$TIMESTAMP_UWSGI ./container/uwsgi.ini \
- && find /usr/local/searxng/searx/static \
+ && find ./searx/static \
    \( -name "*.html" -o -name "*.css" -o -name "*.js" -o -name "*.svg" -o -name "*.ttf" -o -name "*.eot" \) \
    -type f -exec gzip -9 -k {} + -exec brotli --best {} +

-ARG SEARXNG_UID="977"
-ARG SEARXNG_GID="977"
-
-RUN echo "root:x:0:root" >/tmp/.group \
- && echo "root:x:0:0:root:/usr/local/searxng:/bin/ash" >/tmp/.passwd \
- && echo "searxng:x:$SEARXNG_GID:searxng" >>/tmp/.group \
- && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/ash" >>/tmp/.passwd
-
-FROM scratch AS dist
-
-# Prepare base image
-COPY --from=builder /tmp/.passwd /etc/passwd
-COPY --from=builder /tmp/.group /etc/group
-COPY --chown=root:root --from=cgr.dev/chainguard/wolfi-base:latest / /
-COPY --chown=root:root --from=builder /tmp/.passwd /etc/passwd
-COPY --chown=root:root --from=builder /tmp/.group /etc/group
-RUN rm -rf /root/ /home/
-
-RUN apk add --no-cache \
-    python-3.13 \
-    # healthcheck
-    wget \
-    # uwsgi
-    mailcap
+FROM ghcr.io/searxng/base:searxng AS dist

 ARG LABEL_DATE="0001-01-01T00:00:00Z"
 ARG GIT_URL="unspecified"
@@ -58,8 +27,6 @@ ARG SEARXNG_GIT_VERSION="unspecified"
 ARG LABEL_VCS_REF="unspecified"
 ARG LABEL_VCS_URL="unspecified"

-WORKDIR /usr/local/searxng/
-
 COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/
 COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
 COPY --chown=searxng:searxng ./container/ ./container/
@@ -75,16 +42,8 @@ LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \
      org.opencontainers.image.url="$LABEL_VCS_URL" \
      org.opencontainers.image.version="$SEARXNG_GIT_VERSION"

-# Image specific environment variables
-ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
-    SSL_CERT_FILE="/etc/ssl/certs/ca-certificates.crt" \
-    HISTFILE="/dev/null" \
-    CONFIG_PATH="/etc/searxng" \
-    DATA_PATH="/var/cache/searxng"
-
-# SearXNG specific environment variables
 ENV SEARXNG_VERSION="$SEARXNG_GIT_VERSION" \
-    INSTANCE_NAME="searxng" \
+    INSTANCE_NAME="SearXNG" \
    AUTOCOMPLETE="" \
    BASE_URL="" \
    BIND_ADDRESS="[::]:8080" \
@@ -93,10 +52,6 @@ ENV SEARXNG_VERSION="$SEARXNG_GIT_VERSION" \
    UWSGI_WORKERS="%k" \
    UWSGI_THREADS="4"

-# Volume ownership
-RUN mkdir -p $CONFIG_PATH $DATA_PATH \
- && chown -R searxng:searxng $CONFIG_PATH $DATA_PATH
-
 VOLUME $CONFIG_PATH
 VOLUME $DATA_PATH