[mod] container: revert to alpine (#4893)

I'm not too pleased to reverse this, but issues like https://github.com/searxng/searxng/issues/4792 have not been foreseen, and we can't just turn away. It has become apparent over the last weeks that there are still quite a few people with an incompatible CPU or having SearXNG on some random VM provider who can't (or won't) modify the configuration of their machines to expose the features needed for x86_64v2 march. As I don't want to trash the work with apko and base images, I thought about trying building Alpine again now that we have all the container related workflow refactored. There will still be the discussion of whether to use musl and its drawbacks, but right now I don't know any other alternatives. The nice part of this is that both Dockerfiles (mainline and legacy) can now be unified under the same umbrella again. Closes https://github.com/searxng/searxng/issues/4792 Closes https://github.com/searxng/searxng/issues/4753
2025-06-03 21:24:47 +02:00 · 2025-06-03 21:24:47 +02:00 · eb36de8d91
commit eb36de8d91
parent b73ac81815
5 changed files with 21 additions and 120 deletions
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@ -149,7 +149,7 @@ jobs:
        uses: actions/cache@v4
        with:
          # yamllint disable-line rule:line-length
-          key: "container-mounts-${{ matrix.arch }}-${{ hashFiles('./container/Dockerfile', './container/legacy/Dockerfile') }}"
+          key: "container-mounts-${{ matrix.arch }}-${{ hashFiles('./container/Dockerfile') }}"
          restore-keys: "container-mounts-${{ matrix.arch }}-"
          path: |
            /var/tmp/buildah-cache/
--- a/container/base-builder.yml
+++ b/container/base-builder.yml
@ -1,14 +1,19 @@
 contents:
-  keyring:
-    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
  repositories:
-    - https://packages.wolfi.dev/os
+    - https://mirrors.edge.kernel.org/alpine/edge/main
+    - https://mirrors.edge.kernel.org/alpine/edge/community
  packages:
-    - wolfi-base
+    - alpine-base
    - build-base
-    - python-3.13-dev
+    - python3-dev
    - py3-pip
    - brotli
+    # lxml (armv7)
+    - libxml2-dev
+    - libxslt-dev
+    - zlib-dev
+    # uwsgi
+    - libffi-dev

 entrypoint:
  command: /bin/sh -l
@ -23,3 +28,4 @@ environment:
 archs:
  - x86_64
  - aarch64
+  - armv7
--- a/container/base.yml
+++ b/container/base.yml
@ -1,16 +1,17 @@
 contents:
-  keyring:
-    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
  repositories:
-    - https://packages.wolfi.dev/os
+    - https://mirrors.edge.kernel.org/alpine/edge/main
  packages:
-    - wolfi-baselayout
+    - alpine-baselayout
    - ca-certificates-bundle
    - busybox
-    - python-3.13
+    - python3
    # healthcheck
    - wget
+    # lxml (armv7)
+    - libxslt
    # uwsgi
+    - libxml2
    - mailcap

 entrypoint:
@ -40,7 +41,7 @@ paths:
    type: directory
    uid: 977
    gid: 977
-    permissions: 0o755
+    permissions: 0o555

  # Config volume
  - path: /etc/searxng/
@ -59,3 +60,4 @@ paths:
 archs:
  - x86_64
  - aarch64
+  - armv7
--- a/container/legacy/Dockerfile
+++ b/container/legacy/Dockerfile
@ -1,107 +0,0 @@
-FROM docker.io/library/python:3.13-slim AS builder
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends \
-    build-essential \
-    brotli \
-    # lxml
-    libxml2-dev \
-    libxslt1-dev \
-    zlib1g-dev \
-    # uwsgi
-    libpcre3-dev \
- && rm -rf /var/lib/apt/lists/*
-
-WORKDIR /usr/local/searxng/
-
-COPY ./requirements.txt ./requirements.txt
-
-RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \
- && . ./venv/bin/activate \
- && pip install -r requirements.txt \
- && pip install "uwsgi~=2.0"
-
-COPY ./searx/ ./searx/
-
-ARG TIMESTAMP_SETTINGS=0
-
-RUN python -m compileall -q searx \
- && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \
- && find /usr/local/searxng/searx/static \
-    \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
-    -type f -exec gzip -9 -k {} + -exec brotli --best {} +
-
-ARG SEARXNG_UID=977
-ARG SEARXNG_GID=977
-
-RUN grep -m1 root /etc/group > /tmp/.searxng.group \
- && grep -m1 root /etc/passwd > /tmp/.searxng.passwd \
- && echo "searxng:x:$SEARXNG_GID:" >> /tmp/.searxng.group \
- && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/bash" >> /tmp/.searxng.passwd
-
-FROM docker.io/library/python:3.13-slim
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends \
-    # healthcheck
-    wget \
-    # lxml (ARMv7)
-    libxslt1.1 \
-    # uwsgi
-    libpcre3 \
-    libxml2 \
-    mailcap \
- && rm -rf /var/lib/apt/lists/*
-
-COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd
-COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group
-
-ARG LABEL_DATE="0001-01-01T00:00:00Z"
-ARG GIT_URL="unspecified"
-ARG SEARXNG_GIT_VERSION="unspecified"
-ARG LABEL_VCS_REF="unspecified"
-ARG LABEL_VCS_URL="unspecified"
-
-WORKDIR /usr/local/searxng/
-
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
-COPY --chown=searxng:searxng ./container/config/ ./.template/
-COPY --chown=searxng:searxng ./container/entrypoint.sh ./entrypoint.sh
-
-ARG TIMESTAMP_UWSGI="0"
-
-RUN touch -c --date=@$TIMESTAMP_UWSGI ./.template/uwsgi.ini
-
-LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \
-      org.opencontainers.image.created=$LABEL_DATE \
-      org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \
-      org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \
-      org.opencontainers.image.licenses="AGPL-3.0-or-later" \
-      org.opencontainers.image.revision=$LABEL_VCS_REF \
-      org.opencontainers.image.source=$LABEL_VCS_URL \
-      org.opencontainers.image.title="searxng" \
-      org.opencontainers.image.url=$LABEL_VCS_URL \
-      org.opencontainers.image.version=$SEARXNG_GIT_VERSION
-
-ENV CONFIG_PATH=/etc/searxng \
-    DATA_PATH=/var/cache/searxng
-
-ENV SEARXNG_VERSION=$SEARXNG_GIT_VERSION \
-    INSTANCE_NAME=searxng \
-    AUTOCOMPLETE="" \
-    BASE_URL="" \
-    BIND_ADDRESS=[::]:8080 \
-    SEARXNG_SETTINGS_PATH=$CONFIG_PATH/settings.yml \
-    UWSGI_SETTINGS_PATH=$CONFIG_PATH/uwsgi.ini \
-    UWSGI_WORKERS=%k \
-    UWSGI_THREADS=4
-
-VOLUME $CONFIG_PATH
-VOLUME $DATA_PATH
-
-EXPOSE 8080
-
-HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1
-
-ENTRYPOINT ["/usr/local/searxng/entrypoint.sh"]
--- a/utils/lib_sxng_container.sh
+++ b/utils/lib_sxng_container.sh
@ -54,7 +54,7 @@ container.build() {
        platform="linux/$arch"
        ;;
    "ARMV7" | "armhf" | "armv7l" | "armv7")
-        dockerfile="legacy/Dockerfile"
+        dockerfile="Dockerfile"
        arch="arm"
        variant="v7"
        platform="linux/$arch/$variant"