docker: optimize dockerfiles for multi platform builds

.github/workflows/publish.yml

@@ -37,11 +37,28 @@ jobs:
       - name: Check out the repo
         uses: actions/checkout@v4
 
+      # Setup Buildx
+      - name: Docker Setup Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8
+
       - name: Log in to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
+          ecr: auto
+          logout: true
+
+      # Pull previous image from docker hub to use it as cache to improve the image build time.
+      - name: docker pull cache image
+        continue-on-error: true
+        run: docker pull ${{ matrix.repos.image }}:latest
+
+      # Setup QEMU
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
@@ -58,6 +75,7 @@ jobs:
           push: true
           platforms: linux/amd64,linux/arm64,linux/arm/v7,linux/arm/v8
           tags: ${{ steps.meta.outputs.tags }}
+          cache-from: ${{ matrix.repos.image }}:latest
 
       - name: Generate artifact attestation
         uses: actions/attest-build-provenance@v1

Notesnook.API/Dockerfile

@@ -1,26 +1,50 @@
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
-
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine AS base
 WORKDIR /app
+EXPOSE 80
+EXPOSE 443
+
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build
+ARG TARGETARCH
+ARG BUILDPLATFORM
+ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true"
+
+WORKDIR /src
 
-# copy projects
 COPY Streetwriters.Data/*.csproj ./Streetwriters.Data/
 COPY Streetwriters.Common/*.csproj ./Streetwriters.Common/
 COPY Notesnook.API/*.csproj ./Notesnook.API/
 
 # restore dependencies
-RUN dotnet restore -v d /app/Notesnook.API/Notesnook.API.csproj --use-current-runtime
+RUN dotnet restore -v d /src/Notesnook.API/Notesnook.API.csproj --use-current-runtime
 
-# copy everything else
 COPY Streetwriters.Data/ ./Streetwriters.Data/
 COPY Streetwriters.Common/ ./Streetwriters.Common/
 COPY Notesnook.API/ ./Notesnook.API/
 
-WORKDIR /app/Notesnook.API/
-ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true"
-RUN dotnet publish -c Release -o /app/out --use-current-runtime --self-contained false --no-restore
+WORKDIR /src/Notesnook.API/
 
-# final stage/image
-FROM mcr.microsoft.com/dotnet/aspnet:8.0
+RUN dotnet build -c Release -o /app/build -a $TARGETARCH
+
+FROM build AS publish
+RUN dotnet publish -c Release -o /app/publish \
+    #--runtime alpine-x64 \
+    --self-contained true \
+    /p:PublishTrimmed=true \
+    /p:PublishSingleFile=true \
+    -a $TARGETARCH
+
+FROM --platform=$BUILDPLATFORM base AS final
+ARG TARGETARCH
+ARG BUILDPLATFORM
+
+# create a new user and change directory ownership
+RUN adduser --disabled-password \
+  --home /app \
+  --gecos '' dotnetuser && chown -R dotnetuser /app
+
+# impersonate into the new user
+USER dotnetuser
 WORKDIR /app
-COPY --from=build /app/out .
-ENTRYPOINT ["dotnet", "Notesnook.API.dll"]
+
+COPY --from=publish /app/publish .
+ENTRYPOINT ["./Notesnook.API"]

Streetwriters.Identity/Dockerfile

@@ -1,26 +1,50 @@
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
-
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine AS base
 WORKDIR /app
+EXPOSE 80
+EXPOSE 443
+
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build
+ARG TARGETARCH
+ARG BUILDPLATFORM
+ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true"
+
+WORKDIR /src
 
-# copy projects
 COPY Streetwriters.Data/*.csproj ./Streetwriters.Data/
 COPY Streetwriters.Common/*.csproj ./Streetwriters.Common/
 COPY Streetwriters.Identity/*.csproj ./Streetwriters.Identity/
 
 # restore dependencies
-RUN dotnet restore -v d /app/Streetwriters.Identity/Streetwriters.Identity.csproj --use-current-runtime
+RUN dotnet restore -v d /src/Streetwriters.Identity/Streetwriters.Identity.csproj --use-current-runtime
 
-# copy everything else
 COPY Streetwriters.Data/ ./Streetwriters.Data/
 COPY Streetwriters.Common/ ./Streetwriters.Common/
 COPY Streetwriters.Identity/ ./Streetwriters.Identity/
 
-WORKDIR /app/Streetwriters.Identity/
-ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true"
-RUN dotnet publish -c Release -o /app/out --use-current-runtime --self-contained false --no-restore
+WORKDIR /src/Streetwriters.Identity/
 
-# final stage/image
-FROM mcr.microsoft.com/dotnet/aspnet:8.0
+RUN dotnet build -c Release -o /app/build -a $TARGETARCH
+
+FROM build AS publish
+RUN dotnet publish -c Release -o /app/publish \
+    #--runtime alpine-x64 \
+    --self-contained true \
+    /p:PublishTrimmed=true \
+    /p:PublishSingleFile=true \
+    -a $TARGETARCH
+
+FROM --platform=$BUILDPLATFORM base AS final
+ARG TARGETARCH
+ARG BUILDPLATFORM
+
+# create a new user and change directory ownership
+RUN adduser --disabled-password \
+  --home /app \
+  --gecos '' dotnetuser && chown -R dotnetuser /app
+
+# impersonate into the new user
+USER dotnetuser
 WORKDIR /app
-COPY --from=build /app/out .
-ENTRYPOINT ["dotnet", "Streetwriters.Identity.dll"]
+
+COPY --from=publish /app/publish .
+ENTRYPOINT ["./Streetwriters.Identity"]

Streetwriters.Messenger/Dockerfile

@@ -1,26 +1,50 @@
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
-
+FROM mcr.microsoft.com/dotnet/runtime-deps:8.0-alpine AS base
 WORKDIR /app
+EXPOSE 80
+EXPOSE 443
+
+FROM --platform=$BUILDPLATFORM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build
+ARG TARGETARCH
+ARG BUILDPLATFORM
+ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true"
+
+WORKDIR /src
 
-# copy projects
 COPY Streetwriters.Data/*.csproj ./Streetwriters.Data/
 COPY Streetwriters.Common/*.csproj ./Streetwriters.Common/
 COPY Streetwriters.Messenger/*.csproj ./Streetwriters.Messenger/
 
 # restore dependencies
-RUN dotnet restore -v d /app/Streetwriters.Messenger/Streetwriters.Messenger.csproj --use-current-runtime
+RUN dotnet restore -v d /src/Streetwriters.Messenger/Streetwriters.Messenger.csproj --use-current-runtime
 
-# copy everything else
 COPY Streetwriters.Data/ ./Streetwriters.Data/
 COPY Streetwriters.Common/ ./Streetwriters.Common/
 COPY Streetwriters.Messenger/ ./Streetwriters.Messenger/
 
-WORKDIR /app/Streetwriters.Messenger/
-ENV DOTNET_TC_QuickJitForLoops="1" DOTNET_ReadyToRun="0" DOTNET_TieredPGO="1" DOTNET_SYSTEM_GLOBALIZATION_INVARIANT="true"
-RUN dotnet publish -c Release -o /app/out --use-current-runtime --self-contained false --no-restore
+WORKDIR /src/Streetwriters.Messenger/
 
-# final stage/image
-FROM mcr.microsoft.com/dotnet/aspnet:8.0
+RUN dotnet build -c Release -o /app/build -a $TARGETARCH
+
+FROM build AS publish
+RUN dotnet publish -c Release -o /app/publish \
+    #--runtime alpine-x64 \
+    --self-contained true \
+    /p:PublishTrimmed=true \
+    /p:PublishSingleFile=true \
+    -a $TARGETARCH
+
+FROM --platform=$BUILDPLATFORM base AS final
+ARG TARGETARCH
+ARG BUILDPLATFORM
+
+# create a new user and change directory ownership
+RUN adduser --disabled-password \
+  --home /app \
+  --gecos '' dotnetuser && chown -R dotnetuser /app
+
+# impersonate into the new user
+USER dotnetuser
 WORKDIR /app
-COPY --from=build /app/out .
-ENTRYPOINT ["dotnet", "Streetwriters.Messenger.dll"]
+
+COPY --from=publish /app/publish .
+ENTRYPOINT ["./Streetwriters.Messenger"]