feat: add Docker image (#101)

This PR adds an Alpine-based bare-bones Docker image with all required binaries. Closes #100
M0dEx · Nov 18, 2024 · c638c90 · c638c90
2 parents d533806 + e641fe4
commit c638c90
Show file tree

Hide file tree

Showing 3 changed files with 103 additions and 0 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -114,3 +114,37 @@ jobs:
         with:
           files: |
             quincy-windows-x86_64.zip
+
+  build-docker-image:
+    name: Build Docker image
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        platform:
+          - linux/amd64
+          - linux/arm64
+        crypto:
+          - standard
+          - quantum
+    steps:
+      - uses: docker/setup-qemu-action@v3
+        name: Set up QEMU
+      - uses: docker/setup-buildx-action@v3
+        name: Set up Docker Buildx
+      - uses: docker/login-action@v3
+        name: Login to Docker Hub
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - uses: docker/build-push-action@v6
+        name: Build and push
+        with:
+          push: true
+          platforms: ${{ matrix.platform }}
+          build-args: |
+            FEATURES=crypto-${{ matrix.crypto }},jemalloc
+          tags: |
+            ${{ env.DOCKERHUB_USERNAME }}/quincy:${{ startsWith(matrix.crypto, 'standard') && github.ref_name || format('{0}-{1}', github.ref_name, matrix.crypto) }}
+            ${{ env.DOCKERHUB_USERNAME }}/quincy:${{ startsWith(matrix.crypto, 'standard') && 'latest' || format('latest-{0}', matrix.crypto) }}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,38 @@
+FROM rust:alpine3.20 AS builder
+
+# Install pre-requisites
+RUN apk add build-base gcompat jemalloc-dev
+
+# Create a new directory for our application
+WORKDIR /tmp/quincy-build
+
+# Copy the source code into the container
+COPY src ./src
+COPY Cargo.toml Cargo.lock ./
+
+# Build the application
+ARG FEATURES="crypto-standard,jemalloc"
+RUN cargo build --release --no-default-features --features "${FEATURES}"
+
+FROM alpine:3.20
+
+# Create needed directories
+RUN mkdir -p /etc/quincy
+
+# Install glibc
+RUN apk add gcompat jemalloc libcap-setcap
+
+# Copy the binary from the builder stage
+COPY --from=builder /tmp/quincy-build/target/release/quincy-client /tmp/quincy-build/target/release/quincy-server /tmp/quincy-build/target/release/quincy-users /usr/local/bin/
+
+# Add required capability to executable
+RUN setcap \
+    'cap_net_admin=+ep cap_net_bind_service=+ep' /usr/local/bin/quincy-client \
+    'cap_net_admin=+ep cap_net_bind_service=+ep' /usr/local/bin/quincy-server
+
+# Run under a non-root account
+RUN addgroup -S quincy && adduser -S quincy -G quincy
+USER quincy
+
+# Set the working directory
+WORKDIR /usr/srv/quincy
diff --git a/README.md b/README.md
@@ -30,11 +30,42 @@ The [`tokio`](https://github.com/tokio-rs/tokio) runtime is used to provide an e
 ## Installation
 Binaries are currently available for Windows, Linux (x86_64) and macOS (aarch64) for every official release.
 
+### Cargo
 Using cargo, installation of any published version can be done with a simple command:
 ```bash
 cargo install quincy
 ```
 
+### Docker
+Docker images are available on [Docker Hub](https://hub.docker.com/r/m0dex/quincy) in different flavours:
+- `quincy:latest`: The latest version of Quincy with pre-quantum cryptography
+- `quincy:latest-quantum`: The latest version of Quincy with post-quantum cryptography
+- `quincy:<version>-standard`: A specific version of Quincy with pre-quantum cryptography
+- `quincy:<version>-quantum`: A specific version of Quincy with post-quantum cryptography
+
+To run the client/server, you need to add a volume with the configuration files and add needed capabilities:
+```bash
+docker run
+  --rm # remove the container after it stops
+  --cap-add=NET_ADMIN # needed for creating the TUN interface
+  --device=/dev/net/tun # needed for creating the TUN interface
+  -p "55555:55555" # server port-forwarding
+  -v <configuration directory>:/etc/quincy # directory with the configuration files 
+  m0dex/quincy:latest # or any of the other tags
+  quincy-server --config-path /etc/quincy/server.toml
+```
+
+To add or remove a user to the `users` file, you can run the following command:
+```bash
+docker run
+  --rm # remove the container after it stops
+  -it # interactive mode
+  -v <configuration directory>:/etc/quincy # directory with the configuration files 
+  m0dex/quincy:latest # or any of the other tags
+  quincy-users --add /etc/quincy/users
+  # quincy-users --delete /etc/quincy/users
+```
+
 ## Building from sources
 As Quincy does not rely upon any non-Rust libraries, the build process is incredibly simple:
 ```bash