sharpetronics/synapse
1
0
Fork 0
mirror of https://github.com/element-hq/synapse.git synced 2025-11-07 00:02:02 -05:00
Code Issues Projects Releases Wiki Activity

Update Docker images to use Debian trixie (13) and thus Python 3.13 (#19064)

Browse Source
This commit is contained in:
Ben Banfield-Zanin 2025-10-20 16:49:17 +01:00 committed by GitHub
parent da6c0cae96
commit 67f22a200d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 39 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/19064.docker Normal file
View File

@ -0,0 +1 @@
Update docker image to use Debian trixie as the base and thus Python 3.13.

11
docker/Dockerfile
View File

@ -20,8 +20,8 @@
# `poetry export | pip install -r /dev/stdin`, but beware: we have experienced bugs in # `poetry export | pip install -r /dev/stdin`, but beware: we have experienced bugs in
# in `poetry export` in the past. # in `poetry export` in the past.
ARG DEBIAN_VERSION=bookworm ARG DEBIAN_VERSION=trixie
ARG PYTHON_VERSION=3.12 ARG PYTHON_VERSION=3.13
ARG POETRY_VERSION=2.1.1 ARG POETRY_VERSION=2.1.1
### ###
@ -142,10 +142,10 @@ RUN \
libwebp7 \ libwebp7 \
xmlsec1 \ xmlsec1 \
libjemalloc2 \ libjemalloc2 \
libicu \
| grep '^\w' > /tmp/pkg-list && \ | grep '^\w' > /tmp/pkg-list && \
for arch in arm64 amd64; do \ for arch in arm64 amd64; do \
mkdir -p /tmp/debs-${arch} && \ mkdir -p /tmp/debs-${arch} && \
chown _apt:root /tmp/debs-${arch} && \
cd /tmp/debs-${arch} && \ cd /tmp/debs-${arch} && \
apt-get -o APT::Architecture="${arch}" download $(cat /tmp/pkg-list); \ apt-get -o APT::Architecture="${arch}" download $(cat /tmp/pkg-list); \
done done
@ -176,11 +176,6 @@ LABEL org.opencontainers.image.documentation='https://element-hq.github.io/synap
LABEL org.opencontainers.image.source='https://github.com/element-hq/synapse.git' LABEL org.opencontainers.image.source='https://github.com/element-hq/synapse.git'
LABEL org.opencontainers.image.licenses='AGPL-3.0-or-later OR LicenseRef-Element-Commercial' LABEL org.opencontainers.image.licenses='AGPL-3.0-or-later OR LicenseRef-Element-Commercial'
# On the runtime image, /lib is a symlink to /usr/lib, so we need to copy the
# libraries to the right place, else the `COPY` won't work.
# On amd64, we'll also have a /lib64 folder with ld-linux-x86-64.so.2, which is
# already present in the runtime image.
COPY --from=runtime-deps /install-${TARGETARCH}/lib /usr/lib
COPY --from=runtime-deps /install-${TARGETARCH}/etc /etc COPY --from=runtime-deps /install-${TARGETARCH}/etc /etc
COPY --from=runtime-deps /install-${TARGETARCH}/usr /usr COPY --from=runtime-deps /install-${TARGETARCH}/usr /usr
COPY --from=runtime-deps /install-${TARGETARCH}/var /var COPY --from=runtime-deps /install-${TARGETARCH}/var /var

32
docker/Dockerfile-workers
View File

@ -1,9 +1,10 @@
# syntax=docker/dockerfile:1 # syntax=docker/dockerfile:1-labs
ARG SYNAPSE_VERSION=latest ARG SYNAPSE_VERSION=latest
ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION ARG FROM=matrixdotorg/synapse:$SYNAPSE_VERSION
ARG DEBIAN_VERSION=bookworm ARG DEBIAN_VERSION=trixie
ARG PYTHON_VERSION=3.12 ARG PYTHON_VERSION=3.13
ARG REDIS_VERSION=7.2
# first of all, we create a base image with dependencies which we can copy into the # first of all, we create a base image with dependencies which we can copy into the
# target image. For repeated rebuilds, this is much faster than apt installing # target image. For repeated rebuilds, this is much faster than apt installing
@ -11,15 +12,27 @@ ARG PYTHON_VERSION=3.12
FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS deps_base FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS deps_base
ARG DEBIAN_VERSION
ARG REDIS_VERSION
# Tell apt to keep downloaded package files, as we're using cache mounts. # Tell apt to keep downloaded package files, as we're using cache mounts.
RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache RUN rm -f /etc/apt/apt.conf.d/docker-clean; echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/keep-cache
# The upstream redis-server deb has fewer dynamic libraries than Debian's package which makes it easier to copy later on
RUN \
curl -fsSL https://packages.redis.io/gpg | gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg && \
chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg && \
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb ${DEBIAN_VERSION} main" | tee /etc/apt/sources.list.d/redis.list
RUN \ RUN \
--mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update -qq && \ apt-get update -qq && \
DEBIAN_FRONTEND=noninteractive apt-get install -yqq --no-install-recommends \ DEBIAN_FRONTEND=noninteractive apt-get install -yqq --no-install-recommends \
nginx-light nginx-light \
redis-server="6:${REDIS_VERSION}.*" redis-tools="6:${REDIS_VERSION}.*" \
# libicu is required by postgres, see `docker/complement/Dockerfile`
libicu76
RUN \ RUN \
# remove default page # remove default page
@ -35,19 +48,12 @@ FROM ghcr.io/astral-sh/uv:python${PYTHON_VERSION}-${DEBIAN_VERSION} AS deps_base
RUN mkdir -p /uv/etc/supervisor/conf.d RUN mkdir -p /uv/etc/supervisor/conf.d
# Similarly, a base to copy the redis server from.
#
# The redis docker image has fewer dynamic libraries than the debian package,
# which makes it much easier to copy (but we need to make sure we use an image
# based on the same debian version as the synapse image, to make sure we get
# the expected version of libc.
FROM docker.io/library/redis:7-${DEBIAN_VERSION} AS redis_base
# now build the final image, based on the the regular Synapse docker image # now build the final image, based on the the regular Synapse docker image
FROM $FROM FROM $FROM
# Copy over dependencies # Copy over dependencies
COPY --from=redis_base /usr/local/bin/redis-server /usr/local/bin COPY --from=deps_base --parents /usr/lib/*-linux-gnu/libicu* /
COPY --from=deps_base /usr/bin/redis-server /usr/local/bin
COPY --from=deps_base /uv / COPY --from=deps_base /uv /
COPY --from=deps_base /usr/sbin/nginx /usr/sbin COPY --from=deps_base /usr/sbin/nginx /usr/sbin
COPY --from=deps_base /usr/share/nginx /usr/share/nginx COPY --from=deps_base /usr/share/nginx /usr/share/nginx

10
docker/complement/Dockerfile
View File

@ -9,7 +9,7 @@
ARG SYNAPSE_VERSION=latest ARG SYNAPSE_VERSION=latest
# This is an intermediate image, to be built locally (not pulled from a registry). # This is an intermediate image, to be built locally (not pulled from a registry).
ARG FROM=matrixdotorg/synapse-workers:$SYNAPSE_VERSION ARG FROM=matrixdotorg/synapse-workers:$SYNAPSE_VERSION
ARG DEBIAN_VERSION=bookworm ARG DEBIAN_VERSION=trixie
FROM docker.io/library/postgres:13-${DEBIAN_VERSION} AS postgres_base FROM docker.io/library/postgres:13-${DEBIAN_VERSION} AS postgres_base
@ -18,10 +18,10 @@ FROM $FROM
# since for repeated rebuilds, this is much faster than apt installing # since for repeated rebuilds, this is much faster than apt installing
# postgres each time. # postgres each time.
# This trick only works because (a) the Synapse image happens to have all the # This trick only works because we use a postgres image based on the same
# shared libraries that postgres wants, (b) we use a postgres image based on # debian version as Synapse's docker image (so the versions of the shared
# the same debian version as Synapse's docker image (so the versions of the # libraries match). Any missing libraries need to be added to either the
# shared libraries match). # Synapse image or docker/Dockerfile-workers.
RUN adduser --system --uid 999 postgres --home /var/lib/postgresql RUN adduser --system --uid 999 postgres --home /var/lib/postgresql
COPY --from=postgres_base /usr/lib/postgresql /usr/lib/postgresql COPY --from=postgres_base /usr/lib/postgresql /usr/lib/postgresql
COPY --from=postgres_base /usr/share/postgresql /usr/share/postgresql COPY --from=postgres_base /usr/share/postgresql /usr/share/postgresql

6
docker/editable.Dockerfile
View File

@ -8,9 +8,9 @@ ARG PYTHON_VERSION=3.9
### ###
### Stage 0: generate requirements.txt ### Stage 0: generate requirements.txt
### ###
# We hardcode the use of Debian bookworm here because this could change upstream # We hardcode the use of Debian trixie here because this could change upstream
# and other Dockerfiles used for testing are expecting bookworm. # and other Dockerfiles used for testing are expecting trixie.
FROM docker.io/library/python:${PYTHON_VERSION}-slim-bookworm FROM docker.io/library/python:${PYTHON_VERSION}-slim-trixie
# Install Rust and other dependencies (stolen from normal Dockerfile) # Install Rust and other dependencies (stolen from normal Dockerfile)
# install the OS build deps # install the OS build deps

8
docs/upgrade.md
View File

@ -117,6 +117,14 @@ each upgrade are complete before moving on to the next upgrade, to avoid
stacking them up. You can monitor the currently running background updates with stacking them up. You can monitor the currently running background updates with
[the Admin API](usage/administration/admin_api/background_updates.html#status). [the Admin API](usage/administration/admin_api/background_updates.html#status).
# Upgrading to v1.141.0
## Docker images now based on Debian `trixie` with Python 3.13
The Docker images are now based on Debian `trixie` and use Python 3.13. If you
are using the Docker images as a base image you may need to e.g. adjust the
paths you mount any additional Python packages at.
# Upgrading to v1.140.0 # Upgrading to v1.140.0
## Users of `synapse-s3-storage-provider` must update the module to `v1.6.0` ## Users of `synapse-s3-storage-provider` must update the module to `v1.6.0`