rhel9 binaries (#4086)

* feat: rhl9 img test

* fix: action

* fix: action

* fix: build

* don't use rustup

* fix: rustfmt

* fix: second apt-get

* fix

* fix: try xmlsec1 no-dev

* fix: remove scache

* fix: 1.75 rust support

* fix: rust 1.75

* fix: xmlsec1

* fix: nit

* fix: missing async recursion

* fix: missing dep + unregister from RH

* fix: add xmlsec1 openssl

* fix: check binary is running

* add link

* feat: clean rhel files

* fix: lock

.github/workflows/build-staging-image.yml

@@ -42,7 +42,7 @@ jobs:
             latest=false
           tags: |
             type=sha
-            type=branch,event=workflow_dispatch
+            type=ref,event=branch
 
       - name: Login to registry
         uses: docker/login-action@v2

Dockerfile

@@ -172,4 +172,4 @@ RUN windmill cache
 
 EXPOSE 8000
 
-CMD ["windmill"]
+CMD ["windmill"]

backend/Cargo.toml

@@ -224,7 +224,7 @@ mysql_async = { version = "*", default-features = false, features = ["minimal",
 postgres-native-tls = "^0"
 native-tls = "^0"
 # samael will break compilation on MacOS. Use this fork instead to make it work
-# samael = { git="https://github.com/njaremko/samael", rev="464d015e3ae393e4b5dd00b4d6baa1b617de0dd6", features = ["xmlsec"] }
+# samael = { git="https://github.com/njaremko/samael", rev="464d015e3ae393e4b5dd00b4d6baa1b617de0dd6", features = ["xmlsec"] }
 samael = { version="0.0.14", features = ["xmlsec"] }
 gcp_auth = "0.9.0"
 rust_decimal = { version = "^1", features = ["db-postgres"]}

docker/RHEL9/Dockerfile

@@ -0,0 +1,77 @@
+ARG DEBIAN_IMAGE=debian:bookworm-slim
+ARG RUST_IMAGE=registry.access.redhat.com/ubi9/ubi:latest
+ARG PYTHON_IMAGE=python:3.11.8-slim-bookworm
+
+FROM ${RUST_IMAGE} AS rust_base
+
+RUN yum install -y rust-toolset
+
+RUN yum update -y && \
+    yum install -y git openssl-devel npm nodejs rustfmt
+
+RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo install cargo-chef --version ^0.1
+
+WORKDIR /windmill
+
+ENV SQLX_OFFLINE=true
+# ENV CARGO_INCREMENTAL=1
+
+FROM node:20-alpine as frontend
+
+# install dependencies
+WORKDIR /frontend
+COPY ./frontend/package.json ./frontend/package-lock.json ./
+RUN npm ci
+
+# Copy all local files into the image.
+COPY frontend .
+RUN mkdir /backend
+COPY /backend/windmill-api/openapi.yaml /backend/windmill-api/openapi.yaml
+COPY /openflow.openapi.yaml /openflow.openapi.yaml
+COPY /backend/windmill-api/build_openapi.sh /backend/windmill-api/build_openapi.sh
+
+RUN cd /backend/windmill-api && . ./build_openapi.sh
+COPY /backend/parsers/windmill-parser-wasm/pkg/ /backend/parsers/windmill-parser-wasm/pkg/
+COPY /typescript-client/docs/ /frontend/static/tsdocs/
+
+RUN npm run generate-backend-client
+ENV NODE_OPTIONS "--max-old-space-size=8192"
+RUN npm run build
+
+
+FROM rust_base AS planner
+
+COPY ./openflow.openapi.yaml /openflow.openapi.yaml
+COPY ./backend ./
+
+RUN --mount=type=cache,target=/usr/local/cargo/registry \
+    CARGO_NET_GIT_FETCH_WITH_CLI=true cargo chef prepare --recipe-path recipe.json
+
+FROM rust_base AS builder
+ARG features=""
+
+COPY --from=planner /windmill/recipe.json recipe.json
+
+RUN --mount=type=secret,id=rh_username \
+    --mount=type=secret,id=rh_password \
+    subscription-manager register --username $(cat /run/secrets/rh_username) --password $(cat /run/secrets/rh_password)
+
+RUN subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
+
+RUN yum update -y && \
+    yum install -y libxml2-devel xmlsec1-devel xmlsec1-openssl-devel clang llvm-devel cmake libtool-ltdl-devel
+
+RUN --mount=type=cache,target=/usr/local/cargo/registry \
+    CARGO_NET_GIT_FETCH_WITH_CLI=true RUST_BACKTRACE=1 cargo chef cook --release --features "$features" --recipe-path recipe.json
+
+COPY ./openflow.openapi.yaml /openflow.openapi.yaml
+COPY ./backend ./
+
+COPY --from=frontend /frontend /frontend
+COPY --from=frontend /backend/windmill-api/openapi-deref.yaml ./windmill-api/openapi-deref.yaml
+COPY .git/ .git/
+
+RUN --mount=type=cache,target=/usr/local/cargo/registry \
+    CARGO_NET_GIT_FETCH_WITH_CLI=true cargo build --release --features "$features"
+
+RUN subscription-manager unregister

docker/RHEL9/README.md

@@ -0,0 +1,19 @@
+# Red Hat Linux Binaries
+
+This directory contains the Dockerfiles for building Windmill binaries for Red Hat Linux 9.
+
+We build Windmill on the Red Hat Universal Base Image 9. Windmill requires the xmlsec1-devel package which is not available in the default UBI9 repositories. It is however included in the CodeReady Builder for RHEL9 repository which requires a RedHat subscription.
+Moreover, only rust v1.75 is supported on Red Hat Linux 9. To make Windmill compatible with Rust v1.75, you need to pin the following libraries:
+```
+aws-config = "=1.4.0"
+aws-sdk-sts = "=1.25.0"
+aws-sdk-ssooidc = "=1.25.0"
+aws-sdk-sso = "=1.25.0"
+```
+
+Make sure to include `aws-sdk-ssooidc` and `aws-sdk-sso` in the Cargo.toml of windmill-common as well to enforce the correct versions of the nested dependencies. Make them optional and include them in the `parquet` feature.
+It's also possible that you need to add `#[async_recursion]` to the `lock_modules` function in the `backend/windmill-worker/src/worker_lockfiles.rs` file for it to compile.
+
+Once the image is built, you can simply copy the binary on any Red Hat Linux 9 machine and run it. You will just need to install the xmlsec1 package which can be installed directly using `yum/dnf install xmlsec1`.
+
+