search

Chocobozzz / PeerTube

ActivityPub-federated video streaming platform using P2P directly in your web browser
https://joinpeertube.org/
GNU Affero General Public License v3.0
13.06k stars 1.5k forks source link

Alpine Image/Docker improvements #6148

Open Zoey2936 opened 10 months ago

Zoey2936 commented 10 months ago

Describe the problem to be solved

Hello, since I think in the topic of docker, there can be many things improved here, I want to mention them:

Debian based images get very big with only installing a few decencies, so I think a good Docker image should be based on alpine as default or at least provide an alpine variant.

Also, it would be nice if there would be just a :production or :latest image to always get the latest version instead of checking if after a new Debian version is released, the tag of this docker image is changed.

Also, I daily check for updates of Docker image and since :production-bookworm only contains the latest version, I don't understand why it gets daily pushed, even if there are no changes on the master branch.

And I wanted to ask why the Debian image contains openssl python3 ca-certificates gnupg build-essential curl git, since they are mentioned in no install docs of PeerTube and PeerTube also works without them.

Then the entrypoint uses gosu, why not simply su? It does the same and is preinstalled? And also for the entrypoint, why running find /config ! -user peertube -exec chown peertube:peertube {} \; || true and not chown -R peertube:peertube /config?

And my last suggestion would be to use npm_config_target_platform=linux npm_config_target_arch=x64 / pm_config_target_platform=linux npm_config_target_arch=arm64 to faster build the multiarch image (a few minutes instead of many hours)

Describe the solution you would like

Chaning this mentioned things (I can create a PR)

Chocobozzz commented 9 months ago

Hi,

Debian based images get very big with only installing a few decencies, so I think a good Docker image should be based on alpine as default or at least provide an alpine variant.

Unfortunately we don't have enough resources to also support an alpine image and we prefer to not change the current behaviour that seems to work well.

Also, it would be nice if there would be just a :production or :latest image to always get the latest version instead of checking if after a new Debian version is released, the tag of this docker image is changed.

Agreed, I don't remember why I added this suffix.

Also, I daily check for updates of Docker image and since :production-bookworm only contains the latest version, I don't understand why it gets daily pushed, even if there are no changes on the master branch.

To use the latest Debian dependencies (security patches etc).

And I wanted to ask why the Debian image contains openssl python3 ca-certificates gnupg build-essential curl git, since they are mentioned in no install docs of PeerTube and PeerTube also works without them.

I think we can try to remove ca-certificates gnupg gosu build-essential curl git

Then the entrypoint uses gosu, why not simply su? It does the same and is preinstalled?

gosu has some differences with su: https://github.com/tianon/gosu#why

And also for the entrypoint, why running find /config ! -user peertube -exec chown peertube:peertube {} \; || true and not chown -R peertube:peertube /config?

See https://github.com/Chocobozzz/PeerTube/pull/1551

And my last suggestion would be to use npm_config_target_platform=linux npm_config_target_arch=x64 / pm_config_target_platform=linux npm_config_target_arch=arm64 to faster build the multiarch image (a few minutes instead of many hours)

I'm sorry but I'm not sure to understand as we still need the Debian ARM64 Docker image no?

Zoey2936 commented 9 months ago

Also, I daily check for updates of Docker image and since :production-bookworm only contains the latest version, I don't understand why it gets daily pushed, even if there are no changes on the master branch.

To use the latest Debian dependencies (security patches etc).

Sorry, but I don't understand this point, your node dependencies are pinned and as you don't run apt upgrade and ffmpeg seems nearly the only tool you need to pull from debian, thoose security updates would only effect ffmpwg, I don't see a reason for daily building

And what do you think about the last suggestion I wrote?

Chocobozzz commented 9 months ago

you don't run apt upgrade and ffmpeg seems nearly the only tool you need to pull from debian, thoose security updates would only effect ffmpwg, I don't see a reason for daily building

node:18-bookworm-slim may have been updated and debian may have addressed security patches to openssl ffmpeg python3 ca-certificates gnupg gosu build-essential curl packages

And what do you think about the last suggestion I wrote?

I edited my message so I think I answered it :)

Zoey2936 commented 9 months ago

You can install arm64 node packages in amd64 environment to speed up building and for the other point you csn further pin the base image to node:18.19.0,bookworm-slim and use dependabot to update this tag

lonesomewalker commented 9 months ago

Since you are THAT familiar, why don't you just do ALL the things you suggested and then show it to the public? I am sure, everybody here welcomes another helping hand :-) One task less to care about/one optimisation more... that is the spirit of open source.

Zoey2936 commented 9 months ago

I've already did that: https://github.com/Zoey2936/PeerTube - but I first want to know what of these changes have a chance of being merged