Add support to multiple versions

[sampaiodiego]

Organised the repo and updated scripts to support multiple Rocket.Chat as officially supported versions.

Everything heavily inspired by https://github.com/nodejs/docker-node/

Closes https://github.com/RocketChat/Docker.Official.Image/pull/104

[snoopotic]

Ok, I've read #57 and understand the possible need of building node.js yourself. But it should not be, do you agree? As keeping this, you always have to review your node build-steps to comply with the official node image build steps to avoid possible security issues in the 'sub-baseimage'. Thus I'd encourage you to look forward switching to official node images. It seems Meteor also looks forward to comply with most actual node versions or at least the point releases, so you could stick with fixed minor versions and the supported tags.

Can I somehow support you going this way? Would writing tests via travis-ci helpful?

[sampaiodiego]

thanks for you concerns @snoopotic .. really appreciate. I agree we should use node images, but we unfortunate have to stick with Meteor's recommended node version as they have binary dependencies that may be incompatible with different Node versions.

that's why depending on a broad node version (like node:12) can lead to unknown issues on Rocket.Chat .. and using a more specific version (like node:12.14) can lead us to problems we already had by using unsupported node versions (as discussed on #57 ) 😢

so I think the only option we have to be able to ship the most recent Rocket.Chat versions depending on any Node version is installing it by ourselves.

[tianon]

I want to clarify that you're doing this because Rocket.Chat 2.x is still going to receive further updates, right?

I'm also a little confused why the diff between 2/Dockerfile and 3/Dockerfile is so large -- I get that 3 is using a newer Node.js version, but I would've expected them to be more similar (either 2 to be updated to the newer method of installing Node.js or 3 to be using something more similar to what 2 was using). I was able to massage 2/Dockerfile very slightly to get to the same result as 3/Dockerfile with a much smaller diff (which also removes build dependencies after they're used, resulting in a more similarly-sized image; ~835MB for 2.4.9 vs ~857MB for the new 3.0.3):

$ diff -u */Dockerfile
--- 2/Dockerfile    2020-03-03 14:06:17.563117848 -0800
+++ 3/Dockerfile    2020-03-03 14:44:15.596534697 -0800
@@ -3,8 +3,8 @@
 ## All of this needed because of missing 8.11.x tag.  Once we update to 8.15+ we can resume using Dockerfile.old or remove hack and use FROM node:8-slim

 ## Installing Node.js
-RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
-ENV NODE_VERSION 8.17.0
+RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
+ENV NODE_VERSION 12.14.0
 ENV NODE_ENV production
 RUN set -eux; \
    apt-get update; \
@@ -32,17 +32,23 @@
 # gpg: key 4FD08104: public key "Rocket.Chat Buildmaster <buildmaster@rocket.chat>" imported
 RUN gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys 0E163286C20D07B9787EBE9FD7F9D0414FD08104

-ENV RC_VERSION 2.4.11
+ENV RC_VERSION 3.0.3

 WORKDIR /app

 RUN curl -fSL "https://releases.rocket.chat/${RC_VERSION}/download" -o rocket.chat.tgz \
 &&  curl -fSL "https://releases.rocket.chat/${RC_VERSION}/asc" -o rocket.chat.tgz.asc \
 &&  gpg --batch --verify rocket.chat.tgz.asc rocket.chat.tgz \
-&&  tar zxvf rocket.chat.tgz \
+&&  tar zxf rocket.chat.tgz \
 &&  rm rocket.chat.tgz rocket.chat.tgz.asc \
 &&  cd bundle/programs/server \
+&&  aptMark="$(apt-mark showmanual)" \
+&&  apt-get update \
+&&  apt-get install -y --no-install-recommends g++ make python \
 &&  npm install \
+&&  apt-mark auto '.*' > /dev/null \
+&&  apt-mark manual $aptMark > /dev/null \
+&&  apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
 &&  npm cache clear --force \
 &&  chown -R rocketchat:rocketchat /app

Additionally, I wasn't able to build 2 -- adjusting the Node.js GPG key to C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 (which is the key which signed Node.js 8.17.0) helped, but then it fails on verifying the Rocket.Chat artifact (it seems it was signed with a different key; I tried to find that other key, but wasn't successful):

$ docker build 2
...
Step 12/17 : RUN curl -fSL "https://releases.rocket.chat/${RC_VERSION}/download" -o rocket.chat.tgz &&  curl -fSL "https://releases.rocket.chat/${RC_VERSION}/asc" -o rocket.chat.tgz.asc &&  gpg --batch --verify rocket.chat.tgz.asc rocket.chat.tgz &&  tar zxvf rocket.chat.tgz &&  rm rocket.chat.tgz rocket.chat.tgz.asc &&  cd bundle/programs/server &&  npm install &&  npm cache clear --force &&  chown -R rocketchat:rocketchat /app
 ---> Running in 62ed463b309d
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   225  100   225    0     0    513      0 --:--:-- --:--:-- --:--:--   512
100  154M  100  154M    0     0  9605k      0  0:00:16  0:00:16 --:--:--  9.9M
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   233  100   233    0     0    544      0 --:--:-- --:--:-- --:--:--   544
100   833  100   833    0     0   1313      0 --:--:-- --:--:-- --:--:--  1313
gpg: Signature made Thu Feb 27 13:48:48 2020 UTC using RSA key ID 30502562
gpg: Can't check signature: public key not found
The command '/bin/sh -c curl -fSL "https://releases.rocket.chat/${RC_VERSION}/download" -o rocket.chat.tgz &&  curl -fSL "https://releases.rocket.chat/${RC_VERSION}/asc" -o rocket.chat.tgz.asc &&  gpg --batch --verify rocket.chat.tgz.asc rocket.chat.tgz &&  tar zxvf rocket.chat.tgz &&  rm rocket.chat.tgz rocket.chat.tgz.asc &&  cd bundle/programs/server &&  npm install &&  npm cache clear --force &&  chown -R rocketchat:rocketchat /app' returned a non-zero code: 2

[sampaiodiego]

thanks @tianon for your very detailed response..

I want to clarify that you're doing this because Rocket.Chat 2.x is still going to receive further updates, right?

yes, the idea is to keep updating supported rocket.chat versions as detailed at https://rocket.chat/docs/getting-support/#supported-versions-of-rocketchat

I'm also a little confused why the diff between 2/Dockerfile and 3/Dockerfile is so large

yeah, I needed to install additional dependencies for Meteor to work on Node 12 so I decided to do additional changes.. but I got your point.. do you think using the 2 as base is better than using the 3? I could add your changes regarding apt cleanup but add the changes I made on 3 to 2 as well..

in anyways, I'll take a look why 2 isn't building at all.

[sampaiodiego]

so, I have used the Dockerfile 3 as a base for Dockerfile 2 , using some apt cleanup from @tianon .. now they're very similar:

5c5
< ENV NODE_VERSION 8.17.0
---
> ENV NODE_VERSION 12.14.0
55c55
< ENV RC_VERSION 2.4.11
---
> ENV RC_VERSION 3.0.3
62c62
< &&  apt-get install -y --no-install-recommends ca-certificates curl \
---
> &&  apt-get install -y --no-install-recommends g++ make python ca-certificates curl \

And their sizes are close as well 2: 843MB and 3: 848MB..

2 is building again and both were tested 👍

[tianon]

Nice, looking much better now. :+1:

Did you also want to delete Dockerfile.old, or leave it as a reference?

It's probably also worth considering whether to bump off Debian Jessie very soon, given that it's currently under the Debian LTS program (which is not officially supported by the Debian Security Team) and is even EOL there on June 30, 2020 (https://wiki.debian.org/LTS).

Debian Stretch has a slightly longer life ahead, but it is going to be entering LTS this year too, so I'd highly recommend considering going straight to Debian Buster if possible.

[sampaiodiego]

good catch @tianon .. Dockerfile.old is too old now and doesn't even work as a reference.

I'll take a look on moving to Debian Stretch as well.. should be a safe move, but I think it might be better to do it later. 👍