From 517ba4b78f618961be336ed7a586f277cd2bf303 Mon Sep 17 00:00:00 2001
From: Trenton H <797416+stumpylog@users.noreply.github.com>
Date: Fri, 27 Dec 2024 14:57:27 -0800
Subject: [PATCH] Drop building cryptography from source (#219)

---
 .github/workflows/build.yml | 45 +++++++++++++++++++++++++------------
 Dockerfile                  | 33 ++-------------------------
 2 files changed, 33 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 735d260..12ea3ec 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,17 +8,40 @@ on:
 
 jobs:
   buildx:
+    name: Build Docker Image
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
+      - name: Check pushing to Docker Hub
+        id: push-other-places
+        # Only push to Dockerhub from the main repo
+        # Otherwise forks would require a Docker Hub account and secrets setup
+        run: |
+          if [[ ${{ github.repository_owner }} == "caronc" ]] ; then
+            echo "Enabling DockerHub image push"
+            echo "enable=true" >> $GITHUB_OUTPUT
+          else
+            echo "Not pushing to DockerHub"
+            echo "enable=false" >> $GITHUB_OUTPUT
+          fi
+
+      # Mostly for forks, set an output package name for ghcr.io using the repo name
+      - name: Set ghcr repository name
+        id: set-ghcr-repository
+        run: |
+          ghcr_name=$(echo "${{ github.repository_owner }}/apprise" | awk '{ print tolower($0) }')
+          echo "Name is ${ghcr_name}"
+          echo "ghcr-repository=${ghcr_name}" >> $GITHUB_OUTPUT
+
       - name: Docker meta
         id: docker_meta
         uses: docker/metadata-action@v5
         with:
           images: |
-            docker.io/caronc/apprise
+            ghcr.io/${{ steps.set-ghcr-repository.outputs.ghcr-repository }}
+            name=docker.io/caronc/apprise,enable=${{ steps.push-other-places.outputs.enable }}
           tags: |
             type=semver,event=tag,pattern={{version}}
             type=semver,event=tag,pattern={{major}}.{{minor}}
@@ -30,19 +53,6 @@ jobs:
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
-      - name: Check pushing to Docker Hub
-        id: push-other-places
-        # Only push to Dockerhub from the main repo
-        # Otherwise forks would require a Docker Hub account and secrets setup
-        run: |
-          if [[ ${{ github.repository_owner }} == "caronc" ]] ; then
-            echo "Enabling DockerHub image push"
-            echo "enable=true" >> $GITHUB_OUTPUT
-          else
-            echo "Not pushing to DockerHub"
-            echo "enable=false" >> $GITHUB_OUTPUT
-          fi
-
       - name: Login to DockerHub
         uses: docker/login-action@v3
         # Don't attempt to login is not pushing to Docker Hub
@@ -51,6 +61,13 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Build and push
         uses: docker/build-push-action@v6
         with:
diff --git a/Dockerfile b/Dockerfile
index 89f3100..46530fa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,51 +13,22 @@ ENV APPRISE_CONFIG_DIR=/config
 ENV APPRISE_ATTACH_DIR=/attach
 ENV APPRISE_PLUGIN_PATHS=/plugin
 
-FROM base AS builder
-
-WORKDIR /build/
-
-# Install nginx, supervisord, and cryptography dependencies
-RUN set -eux && \
-    echo "Installing build dependencies" && \
-        apt-get update -qq && \
-        apt-get install -y -qq \
-            curl \
-            build-essential \
-            libffi-dev \
-            libssl-dev \
-            pkg-config && \
-    echo "Updating pip and getting requirements to build" && \
-        # Cryptography documents that the latest version of pip3 must always be used
-        python3 -m pip install --upgrade \
-            pip \
-            wheel && \
-    echo "Installing latest rustc" && \
-        # Pull in bleeding edge of rust to keep up with cryptography build requirements
-        curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal && \
-        . "$HOME/.cargo/env" && \
-    echo "Buildingcryptography" && \
-        python3 -m pip wheel \
-            --no-binary cryptography \
-            cryptography
-
 FROM base AS runtime
 
 # Install requirements and gunicorn
 COPY ./requirements.txt /etc/requirements.txt
-COPY --from=builder /build/*.whl ./
+
 RUN set -eux && \
     echo "Installing nginx" && \
         apt-get update -qq && \
         apt-get install -y -qq \
             nginx && \
-    echo "Installing cryptography" && \
-        pip3 install *.whl && \
     echo "Installing tools" && \
         apt-get install -y -qq \
             curl sed git && \
     echo "Installing python requirements" && \
         pip3 install --no-cache-dir -q -r /etc/requirements.txt gunicorn supervisor && \
+        pip freeze && \
     echo "Cleaning up" && \
         apt-get --yes autoremove --purge && \
         apt-get clean --yes && \