all: improve docker build

.dockerignore

@@ -1,39 +1,4 @@
-.DS_Store
-/.git
-/.github
-/.vscode
-.idea
-/AdGuardHome
-/AdGuardHome.exe
-/AdGuardHome.yaml
-/AdGuardHome.log
-/data
-/build
-/dist
-/client/node_modules
-/.gitattributes
-/.gitignore
-/changelog.config.js
-/coverage.txt
-/Dockerfile
-/LICENSE.txt
-/Makefile
-/querylog.json
-/querylog.json.1
-/*.md
+# Ignore everything except for explicitly allowed stuff.
+*
 
-# Test output
-dnsfilter/tests/top-1m.csv
-dnsfilter/tests/dnsfilter.TestLotsOfRules*.pprof
-
-# Snapcraft build temporary files
-*.snap
-launchpad_credentials
-snapcraft_login
-snapcraft.yaml.bak
-
-# IntelliJ IDEA project files
-*.iml
-
-# Packr
-*-packr.go
+!dist/docker/

Dockerfile

@@ -1,3 +1,8 @@
+# NOTE: This Dockerfile is no longer supported and will be removed in
+# AdGuard Home v0.106.0.  For the new way we build our Docker images,
+# see scripts/make/build-docker.sh and scripts/README.md.
+
+FROM --platform=${BUILDPLATFORM:-linux/amd64} tonistiigi/xx:golang AS xgo
 FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.14-alpine as builder
 
 ARG BUILD_DATE
@@ -7,8 +12,9 @@ ARG CHANNEL=release
 
 ENV CGO_ENABLED 0
 ENV GO111MODULE on
-ENV GOPROXY https://goproxy.cn,https://goproxy.io,direct
+ENV GOPROXY https://goproxy.io
 
+COPY --from=xgo / /
 RUN go env
 
 RUN apk --update --no-cache add \

scripts/README.md

@@ -22,7 +22,21 @@ don't print anything, and `1`, be verbose.
 
  ###  `build-docker.sh`: Build A Multi-Architecture Docker Image
 
-**TODO(a.garipov):** Document this after we're done with the Docker stuff.
+Required environment:
+
+ *  `CHANNEL`: release channel, see above.
+ *  `COMMIT`: current Git revision.
+ *  `DIST_DIR`: the directory where a release has previously been built.
+ *  `VERSION`: release version.
+
+Optional environment:
+
+ *  `DOCKER_IMAGE_NAME`: the name of the resulting Docker container.  By default
+    it's `adguardhome-dev`.
+ *  `DOCKER_OUTPUT`: the `--output` parameters.  By default they are
+    `type=image,name=${DOCKER_IMAGE_NAME},push=false`.
+ *  `SUDO`: allow users to use `sudo` or `doas` with `docker`.  By default none
+    is used.
 
  ###  `build-release.sh`: Build A Release For All Platforms
 

scripts/make/Dockerfile

@@ -0,0 +1,49 @@
+# A docker file for scripts/make/build-docker.sh.
+
+FROM alpine:3.12
+
+ARG BUILD_DATE
+ARG VERSION
+ARG VCS_REF
+LABEL maintainer="AdGuard Team <devteam@adguard.com>" \
+  org.opencontainers.image.created=$BUILD_DATE \
+  org.opencontainers.image.url="https://adguard.com/adguard-home.html" \
+  org.opencontainers.image.source="https://github.com/AdguardTeam/AdGuardHome" \
+  org.opencontainers.image.version=$VERSION \
+  org.opencontainers.image.revision=$VCS_REF \
+  org.opencontainers.image.vendor="AdGuard" \
+  org.opencontainers.image.title="AdGuard Home" \
+  org.opencontainers.image.description="Network-wide ads & trackers blocking DNS server" \
+  org.opencontainers.image.licenses="GPL-3.0"
+
+# Update certificates.
+RUN apk --no-cache --update add ca-certificates libcap && \
+    rm -rf /var/cache/apk/* && \
+    mkdir -p /opt/adguardhome/conf /opt/adguardhome/work && \
+    chown -R nobody: /opt/adguardhome
+
+ARG DIST_DIR
+ARG TARGETARCH
+ARG TARGETOS
+ARG TARGETVARIANT
+
+COPY --chown=nobody:nogroup\
+	./${DIST_DIR}/docker/AdGuardHome_${TARGETOS}_${TARGETARCH}_${TARGETVARIANT}\
+	/opt/adguardhome/AdGuardHome
+
+RUN setcap 'cap_net_bind_service=+eip' /opt/adguardhome/AdGuardHome
+
+EXPOSE 53/tcp 53/udp 67/udp 68/udp 80/tcp 443/tcp 853/tcp 3000/tcp
+
+VOLUME ["/opt/adguardhome/conf", "/opt/adguardhome/work"]
+
+WORKDIR /opt/adguardhome/work
+
+ENTRYPOINT ["/opt/adguardhome/AdGuardHome"]
+
+CMD [ \
+	"--no-check-update", \
+	"-c", "/opt/adguardhome/conf/AdGuardHome.yaml", \
+	"-h", "0.0.0.0", \
+	"-w", "/opt/adguardhome/work", \
+]

scripts/make/build-docker.sh

@@ -16,6 +16,7 @@ set -e -f -u
 # Require these to be set.  The channel value is validated later.
 readonly channel="$CHANNEL"
 readonly commit="$COMMIT"
+readonly dist_dir="$DIST_DIR"
 readonly version="$VERSION"
 
 # Allow users to use sudo.
@@ -65,18 +66,36 @@ in
 	;;
 esac
 
+# Copy the binaries into a new directory under new names, so that it's
+# eaiser to COPY them later.  DO NOT remove the trailing underscores.
+# See scripts/make/Dockerfile.
+readonly dist_docker="${dist_dir}/docker"
+mkdir -p "$dist_docker"
+cp "${dist_dir}/AdGuardHome_linux_386/AdGuardHome/AdGuardHome"\
+	"${dist_docker}/AdGuardHome_linux_386_"
+cp "${dist_dir}/AdGuardHome_linux_amd64/AdGuardHome/AdGuardHome"\
+	"${dist_docker}/AdGuardHome_linux_amd64_"
+cp "${dist_dir}/AdGuardHome_linux_arm64/AdGuardHome/AdGuardHome"\
+	"${dist_docker}/AdGuardHome_linux_arm64_"
+cp "${dist_dir}/AdGuardHome_linux_arm_6/AdGuardHome/AdGuardHome"\
+	"${dist_docker}/AdGuardHome_linux_arm_v6"
+cp "${dist_dir}/AdGuardHome_linux_arm_7/AdGuardHome/AdGuardHome"\
+	"${dist_docker}/AdGuardHome_linux_arm_v7"
+cp "${dist_dir}/AdGuardHome_linux_ppc64le/AdGuardHome/AdGuardHome"\
+	"${dist_docker}/AdGuardHome_linux_ppc64le_"
+
 # Don't use quotes with $docker_tags and $debug_flags because we want
 # word splitting and or an empty space if tags are empty.
 $sudo_cmd docker\
 	$debug_flags\
 	buildx build\
 	--build-arg BUILD_DATE="$build_date"\
-	--build-arg CHANNEL="$channel"\
+	--build-arg DIST_DIR="$dist_dir"\
 	--build-arg VCS_REF="$commit"\
 	--build-arg VERSION="$version"\
 	--output "$docker_output"\
 	--platform "$docker_platforms"\
 	$docker_tags\
 	-t "$docker_image_full_name"\
-	-f ./Dockerfile\
+	-f ./scripts/make/Dockerfile\
 	.

scripts/make/build-release.sh

@@ -111,6 +111,7 @@ linux    mips      0   softfloat  0
 linux    mips64    0   softfloat  0
 linux    mips64le  0   softfloat  0
 linux    mipsle    0   softfloat  0
+linux    ppc64le   0   0          0
 windows  386       0   0          0
 windows  amd64     0   0          0"