Merge 56850945ecf8c8fa1db6589b5178f10a3dfb1788 into cd64fb966e7e9d764e622e42b177a1f13dc65ec0

2025-05-15 12:44:07 +00:00 · 2025-05-15 12:44:07 +00:00 · 603f91f7a2
commit 603f91f7a2
parent cd64fb966e 56850945ec
1 changed files with 38 additions and 40 deletions
--- a/container/Dockerfile
+++ b/container/Dockerfile
@ -1,12 +1,10 @@
-FROM docker.io/library/python:3.13-slim AS builder
+FROM cgr.dev/chainguard/wolfi-base:latest AS builder
-RUN apt-get update \
+RUN apk add --no-cache \
- && apt-get install -y --no-install-recommends \
+    build-base \
-    build-essential \
+    python-3.13-dev \
-    brotli \
+    py3-pip \
-    # uwsgi
+    brotli
    libpcre3-dev \
 && rm -rf /var/lib/apt/lists/*
 WORKDIR /usr/local/searxng/
@ -19,38 +17,40 @@ RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \
 COPY ./searx/ ./searx/
-ARG TIMESTAMP_SETTINGS=0
+ARG TIMESTAMP_SETTINGS="0"
-ARG TIMESTAMP_UWSGI=0
+ARG TIMESTAMP_UWSGI="0"
 RUN python -m compileall -q searx \
 && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \
 && touch -c --date=@$TIMESTAMP_UWSGI ./container/uwsgi.ini \
 && find /usr/local/searxng/searx/static \
-    \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
+    \( -name "*.html" -o -name "*.css" -o -name "*.js" -o -name "*.svg" -o -name "*.ttf" -o -name "*.eot" \) \
    -type f -exec gzip -9 -k {} + -exec brotli --best {} +
-ARG SEARXNG_UID=977
+ARG SEARXNG_UID="977"
-ARG SEARXNG_GID=977
+ARG SEARXNG_GID="977"
 RUN grep -m1 root /etc/group > /tmp/.searxng.group \
 && grep -m1 root /etc/passwd > /tmp/.searxng.passwd \
 && echo "searxng:x:$SEARXNG_GID:" >> /tmp/.searxng.group \
- && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/bash" >> /tmp/.searxng.passwd
+ && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/usr/bin/ash" >> /tmp/.searxng.passwd
-FROM docker.io/library/python:3.13-slim
+FROM scratch
-RUN apt-get update \
+# Prepare base image
- && apt-get install -y --no-install-recommends \
+COPY --from=builder /tmp/.searxng.passwd /etc/passwd
 COPY --from=builder /tmp/.searxng.group /etc/group
 COPY --chown=root:root --from=cgr.dev/chainguard/wolfi-base:latest / /
 COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd
 COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group
 RUN rm -rf /home/nonroot/
 RUN apk add --no-cache \
    python-3.13 \
    # healthcheck
    wget \
    # uwsgi
-    libpcre3 \
+    mailcap
    libxml2 \
    mailcap \
 && rm -rf /var/lib/apt/lists/*
 COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd
 COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group
 ARG LABEL_DATE="0001-01-01T00:00:00Z"
 ARG GIT_URL="unspecified"
@ -65,30 +65,28 @@ COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
 COPY --chown=searxng:searxng ./container/ ./container/
 LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \
-      org.opencontainers.image.created=$LABEL_DATE \
+      org.opencontainers.image.created="$LABEL_DATE" \
      org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \
      org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \
      org.opencontainers.image.licenses="AGPL-3.0-or-later" \
-      org.opencontainers.image.revision=$LABEL_VCS_REF \
+      org.opencontainers.image.revision="$LABEL_VCS_REF" \
-      org.opencontainers.image.source=$LABEL_VCS_URL \
+      org.opencontainers.image.source="$LABEL_VCS_URL" \
      org.opencontainers.image.title="searxng" \
-      org.opencontainers.image.url=$LABEL_VCS_URL \
+      org.opencontainers.image.url="$LABEL_VCS_URL" \
-      org.opencontainers.image.version=$SEARXNG_GIT_VERSION
+      org.opencontainers.image.version="$SEARXNG_GIT_VERSION"
-ENV CONFIG_PATH=/etc/searxng \
+ENV CONFIG_PATH="/etc/searxng" \
-    DATA_PATH=/var/cache/searxng
+    DATA_PATH="/var/cache/searxng"
-ENV SEARXNG_VERSION=$SEARXNG_GIT_VERSION \
+ENV SEARXNG_VERSION="$SEARXNG_GIT_VERSION" \
-    INSTANCE_NAME=searxng \
+    INSTANCE_NAME="searxng" \
    AUTOCOMPLETE="" \
    BASE_URL="" \
-    BIND_ADDRESS=[::]:8080 \
+    BIND_ADDRESS="[::]:8080" \
-    MORTY_KEY="" \
+    SEARXNG_SETTINGS_PATH="$CONFIG_PATH/settings.yml" \
-    MORTY_URL="" \
+    UWSGI_SETTINGS_PATH="$CONFIG_PATH/uwsgi.ini" \
-    SEARXNG_SETTINGS_PATH=$CONFIG_PATH/settings.yml \
+    UWSGI_WORKERS="%k" \
-    UWSGI_SETTINGS_PATH=$CONFIG_PATH/uwsgi.ini \
+    UWSGI_THREADS="4"
    UWSGI_WORKERS=%k \
    UWSGI_THREADS=4
 VOLUME $CONFIG_PATH
 VOLUME $DATA_PATH