github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-27 18:18:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
86460040ba2cc6dec80038a28595eeef65571ab1
firezone/rust/Dockerfile
Thomas Eizinger b2e8ccbb49 chore: delete snownet-tests (#6359) 
When `snownet` was first being developed, these tests ensured that
hole-punching as well as connectivity via a relayed works correctly. We
have since added extensive tests that ensure connectivity works in many
scenarios via `tunnel_test`. `tunnel_test` does not (yet) have a
simulated NAT so hole-punching itself is not covered by that.

UDP hole-punching is shockingly trivial though because all you need to
do is send UDP packets to the same socket that the other party is
sending from. This isn't done by our own code but rather by str0m's
implement of ICE (as long as we add the correct candidates).

The `snownet-tests` themselves are quite fragile because they need to
set up their own event loop and manually construct an IP packet. They
haven't caught a single bug to my knowledge so I am proposing to delete
them for ease of maintenance.

For example, in
https://github.com/firezone/firezone/actions/runs/10449965474/job/28948590058?pr=6335
the tests fail because we no longer directly force a handshake when the
connection is established. This is unnecessary now because the buffered
intent packet will directly force a handshake from the client to the
gateway. Yet, `snownet-tests` event loop would need adjusting to also do
that.
2024-08-20 03:40:54 +00:00

121 lines
3.4 KiB
Docker
Raw Blame History

# Keep synced with `rust-toolchain.toml`
ARG RUST_VERSION="1.80.1"
ARG ALPINE_VERSION="3.20"
ARG CARGO_CHEF_VERSION="0.1.67"
ARG PACKAGE
# This image is used to prepare Cargo Chef which is used to cache dependencies
# Keep the Rust version synced with `rust-toolchain.toml`
FROM rust:${RUST_VERSION}-alpine${ALPINE_VERSION} AS chef
ARG CARGO_CHEF_VERSION
RUN set -xe \
&& apk add --no-cache musl-dev \
&& cargo install cargo-chef --locked --version=${CARGO_CHEF_VERSION} \
&& rm -rf $CARGO_HOME/registry/
## See https://github.com/LukeMathWalker/cargo-chef/issues/231.
COPY rust-toolchain.toml rust-toolchain.toml
RUN set -xe \
&& rustup show
WORKDIR /build
# Create a cache recipe for dependencies, which allows
# to leverage Docker layer caching in a later build stage
FROM chef AS planner
COPY . .
RUN cargo chef prepare --recipe-path recipe.json
# Build dependencies and application application
FROM chef AS builder
COPY --from=planner /build/recipe.json .
RUN set -xe \
&& cargo chef cook --recipe-path recipe.json --bin ${PACKAGE}
COPY . .
ARG TARGET
RUN cargo build -p ${PACKAGE} $([ -n "${TARGET}" ] && "--target ${TARGET}")
# Base image which is used to run the application binary
FROM alpine:${ALPINE_VERSION} AS runtime_base
# Important! Update this no-op ENV variable when this Dockerfile
# is updated with the current date. It will force refresh of all
# of the base images and things like `apk add` won't be using
# old cached versions when the Dockerfile is built.
ENV REFRESHED_AT=2023-10-23 \
LANG=C.UTF-8 \
TERM=xterm \
RUST_BACKTRACE=1 \
RUST_LOG=str0m=warn,info
WORKDIR /bin
## curl is needed to run tests (`main` runs CI against `release` images) and `firezone-relay` needs `curl` in its entry script.
RUN apk add --no-cache curl
# Gateway specific runtime base image
FROM runtime_base AS runtime_firezone-gateway
## iptables are needed only by gateway for masquerading
RUN apk add --no-cache iptables ip6tables
COPY ./docker-init-gateway.sh ./docker-init.sh
# Relay specific runtime base image
FROM runtime_base AS runtime_firezone-relay
COPY ./docker-init-relay.sh ./docker-init.sh
# Headless-client specific runtime base image
FROM runtime_base AS runtime_firezone-headless-client
COPY ./docker-init.sh ./docker-init.sh
# HTTP test server specific runtime base image
FROM runtime_base AS runtime_http-test-server
COPY ./docker-init.sh ./docker-init.sh
# Funnel package specific base image back into `runtime`
FROM runtime_${PACKAGE} AS runtime
ARG PACKAGE
ENTRYPOINT ["docker-init.sh"]
ENV PACKAGE=${PACKAGE}
CMD $PACKAGE
# used as a base for dev and test
FROM runtime AS test
RUN set -xe \
&& apk add --no-cache iperf3 bind-tools iproute2 jq procps
# used for local development
FROM test AS dev
ARG TARGET
COPY --from=builder /build/target/${TARGET}/debug/${PACKAGE} .
# Build an image for GitHub Actions which includes debug asserts and more test utilities
FROM test AS debug
ARG TARGET
## Build first with `cross build --target ${TARGET} -p ${PACKAGE} && mv /target/${TARGET}/release/${PACKAGE} .`
COPY ${PACKAGE} .
RUN set -xe \
&& apk add --no-cache nodejs npm chromium
COPY --from=browser-tests . .
RUN npm install
# Build a production image from including a binary compiled on the host
FROM runtime AS release
ARG TARGET
## Build first with `cross build --target ${TARGET} -p ${PACKAGE} --release && mv /target/${TARGET}/release/${PACKAGE} .`
COPY ${PACKAGE} .
Reference in New Issue View Git Blame Copy Permalink