diff --git a/.github/workflows/build-staging-image.yml b/.github/workflows/build-staging-image.yml index f10695fd19036..2940114f197b3 100644 --- a/.github/workflows/build-staging-image.yml +++ b/.github/workflows/build-staging-image.yml @@ -42,7 +42,7 @@ jobs: latest=false tags: | type=sha - type=branch,event=workflow_dispatch + type=ref,event=branch - name: Login to registry uses: docker/login-action@v2 diff --git a/Dockerfile b/Dockerfile index eb5d680115fa0..7edb71648702d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -172,4 +172,4 @@ RUN windmill cache EXPOSE 8000 -CMD ["windmill"] +CMD ["windmill"] \ No newline at end of file diff --git a/backend/Cargo.lock b/backend/Cargo.lock index 6acb2c67fa354..68d26a1536ac6 100644 --- a/backend/Cargo.lock +++ b/backend/Cargo.lock @@ -11213,4 +11213,4 @@ checksum = "75652c55c0b6f3e6f12eb786fe1bc960396bf05a1eb3bf1f3691c3610ac2e6d4" dependencies = [ "cc", "pkg-config", -] +] \ No newline at end of file diff --git a/backend/Cargo.toml b/backend/Cargo.toml index d016aa6397586..a5e639bbfa35e 100644 --- a/backend/Cargo.toml +++ b/backend/Cargo.toml @@ -224,7 +224,7 @@ mysql_async = { version = "*", default-features = false, features = ["minimal", postgres-native-tls = "^0" native-tls = "^0" # samael will break compilation on MacOS. Use this fork instead to make it work -# samael = { git="https://github.com/njaremko/samael", rev="464d015e3ae393e4b5dd00b4d6baa1b617de0dd6", features = ["xmlsec"] } +# samael = { git="https://github.com/njaremko/samael", rev="464d015e3ae393e4b5dd00b4d6baa1b617de0dd6", features = ["xmlsec"] } samael = { version="0.0.14", features = ["xmlsec"] } gcp_auth = "0.9.0" rust_decimal = { version = "^1", features = ["db-postgres"]} diff --git a/docker/RHEL9/Dockerfile b/docker/RHEL9/Dockerfile new file mode 100644 index 0000000000000..d06ca7eed6638 --- /dev/null +++ b/docker/RHEL9/Dockerfile @@ -0,0 +1,77 @@ +ARG DEBIAN_IMAGE=debian:bookworm-slim +ARG RUST_IMAGE=registry.access.redhat.com/ubi9/ubi:latest +ARG PYTHON_IMAGE=python:3.11.8-slim-bookworm + +FROM ${RUST_IMAGE} AS rust_base + +RUN yum install -y rust-toolset + +RUN yum update -y && \ + yum install -y git openssl-devel npm nodejs rustfmt + +RUN CARGO_NET_GIT_FETCH_WITH_CLI=true cargo install cargo-chef --version ^0.1 + +WORKDIR /windmill + +ENV SQLX_OFFLINE=true +# ENV CARGO_INCREMENTAL=1 + +FROM node:20-alpine as frontend + +# install dependencies +WORKDIR /frontend +COPY ./frontend/package.json ./frontend/package-lock.json ./ +RUN npm ci + +# Copy all local files into the image. +COPY frontend . +RUN mkdir /backend +COPY /backend/windmill-api/openapi.yaml /backend/windmill-api/openapi.yaml +COPY /openflow.openapi.yaml /openflow.openapi.yaml +COPY /backend/windmill-api/build_openapi.sh /backend/windmill-api/build_openapi.sh + +RUN cd /backend/windmill-api && . ./build_openapi.sh +COPY /backend/parsers/windmill-parser-wasm/pkg/ /backend/parsers/windmill-parser-wasm/pkg/ +COPY /typescript-client/docs/ /frontend/static/tsdocs/ + +RUN npm run generate-backend-client +ENV NODE_OPTIONS "--max-old-space-size=8192" +RUN npm run build + + +FROM rust_base AS planner + +COPY ./openflow.openapi.yaml /openflow.openapi.yaml +COPY ./backend ./ + +RUN --mount=type=cache,target=/usr/local/cargo/registry \ + CARGO_NET_GIT_FETCH_WITH_CLI=true cargo chef prepare --recipe-path recipe.json + +FROM rust_base AS builder +ARG features="" + +COPY --from=planner /windmill/recipe.json recipe.json + +RUN --mount=type=secret,id=rh_username \ + --mount=type=secret,id=rh_password \ + subscription-manager register --username $(cat /run/secrets/rh_username) --password $(cat /run/secrets/rh_password) + +RUN subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms + +RUN yum update -y && \ + yum install -y libxml2-devel xmlsec1-devel xmlsec1-openssl-devel clang llvm-devel cmake libtool-ltdl-devel + +RUN --mount=type=cache,target=/usr/local/cargo/registry \ + CARGO_NET_GIT_FETCH_WITH_CLI=true RUST_BACKTRACE=1 cargo chef cook --release --features "$features" --recipe-path recipe.json + +COPY ./openflow.openapi.yaml /openflow.openapi.yaml +COPY ./backend ./ + +COPY --from=frontend /frontend /frontend +COPY --from=frontend /backend/windmill-api/openapi-deref.yaml ./windmill-api/openapi-deref.yaml +COPY .git/ .git/ + +RUN --mount=type=cache,target=/usr/local/cargo/registry \ + CARGO_NET_GIT_FETCH_WITH_CLI=true cargo build --release --features "$features" + +RUN subscription-manager unregister diff --git a/docker/RHEL9/README.md b/docker/RHEL9/README.md new file mode 100644 index 0000000000000..af858d8be5847 --- /dev/null +++ b/docker/RHEL9/README.md @@ -0,0 +1,19 @@ +# Red Hat Linux Binaries + +This directory contains the Dockerfiles for building Windmill binaries for Red Hat Linux 9. + +We build Windmill on the Red Hat Universal Base Image 9. Windmill requires the xmlsec1-devel package which is not available in the default UBI9 repositories. It is however included in the CodeReady Builder for RHEL9 repository which requires a RedHat subscription. +Moreover, only rust v1.75 is supported on Red Hat Linux 9. To make Windmill compatible with Rust v1.75, you need to pin the following libraries: +``` +aws-config = "=1.4.0" +aws-sdk-sts = "=1.25.0" +aws-sdk-ssooidc = "=1.25.0" +aws-sdk-sso = "=1.25.0" +``` + +Make sure to include `aws-sdk-ssooidc` and `aws-sdk-sso` in the Cargo.toml of windmill-common as well to enforce the correct versions of the nested dependencies. Make them optional and include them in the `parquet` feature. +It's also possible that you need to add `#[async_recursion]` to the `lock_modules` function in the `backend/windmill-worker/src/worker_lockfiles.rs` file for it to compile. + +Once the image is built, you can simply copy the binary on any Red Hat Linux 9 machine and run it. You will just need to install the xmlsec1 package which can be installed directly using `yum/dnf install xmlsec1`. + +