matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

Disable wasmtime cache in Docker builds

Browse Source
This commit is contained in:
Quentin Gliech
2022-11-03 13:59:33 +01:00
parent bec0dceede
commit 041eb7013c
5 changed files with 20 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

124
Cargo.lock generated
View File

@ -1114,30 +1114,6 @@ dependencies = [
"crossbeam-utils", "crossbeam-utils",
] ]
[[package]]
name = "crossbeam-deque"
version = "0.8.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "715e8152b692bba2d374b53d4875445368fdf21a94751410af607a5ac677d1fc"
dependencies = [
"cfg-if",
"crossbeam-epoch",
"crossbeam-utils",
]
[[package]]
name = "crossbeam-epoch"
version = "0.9.11"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f916dfc5d356b0ed9dae65f1db9fc9770aa2851d2662b988ccf4fe3516e86348"
dependencies = [
"autocfg",
"cfg-if",
"crossbeam-utils",
"memoffset",
"scopeguard",
]
[[package]] [[package]]
name = "crossbeam-queue" name = "crossbeam-queue"
version = "0.3.6" version = "0.3.6"
@ -2205,26 +2181,6 @@ version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4217ad341ebadf8d8e724e264f13e593e0648f5b3e94b3896a5df283be015ecc" checksum = "4217ad341ebadf8d8e724e264f13e593e0648f5b3e94b3896a5df283be015ecc"
[[package]]
name = "ittapi"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "663fe0550070071ff59e981864a9cd3ee1c869ed0a088140d9ac4dc05ea6b1a1"
dependencies = [
"anyhow",
"ittapi-sys",
"log",
]
[[package]]
name = "ittapi-sys"
version = "0.3.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e21911b7183f38c71d75ab478a527f314e28db51027037ece2e5511ed9410703"
dependencies = [
"cc",
]
[[package]] [[package]]
name = "jobserver" name = "jobserver"
version = "0.1.25" version = "0.1.25"
@ -2284,12 +2240,6 @@ dependencies = [
"spin", "spin",
] ]
[[package]]
name = "leb128"
version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "884e2677b40cc8c339eaefcb701c32ef1fd2493d71118dc0ca4b6a736c93bd67"
[[package]] [[package]]
name = "lettre" name = "lettre"
version = "0.10.1" version = "0.10.1"
@ -2876,15 +2826,6 @@ version = "2.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d" checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
[[package]]
name = "memfd"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "480b5a5de855d11ff13195950bdc8b98b5e942ef47afc447f6615cdcc4e15d80"
dependencies = [
"rustix",
]
[[package]] [[package]]
name = "memoffset" name = "memoffset"
version = "0.6.5" version = "0.6.5"
@ -3073,10 +3014,11 @@ checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860"
[[package]] [[package]]
name = "opa-wasm" name = "opa-wasm"
version = "0.1.0" version = "0.1.0"
source = "git+https://github.com/matrix-org/rust-opa-wasm.git#f838595670747b0644b6bfd9829fca5d63bbee66" source = "git+https://github.com/matrix-org/rust-opa-wasm.git#74262db0d12948f1af31ebc9e85bd56286d56b3e"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"base64", "base64",
"cc",
"digest 0.10.5", "digest 0.10.5",
"hex", "hex",
"hmac", "hmac",
@ -3084,7 +3026,6 @@ dependencies = [
"md-5", "md-5",
"parse-size", "parse-size",
"rand", "rand",
"rayon-core",
"semver", "semver",
"serde", "serde",
"serde_json", "serde_json",
@ -3812,30 +3753,6 @@ dependencies = [
"getrandom", "getrandom",
] ]
[[package]]
name = "rayon"
version = "1.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bd99e5772ead8baa5215278c9b15bf92087709e9c1b2d1f97cdb5a183c933a7d"
dependencies = [
"autocfg",
"crossbeam-deque",
"either",
"rayon-core",
]
[[package]]
name = "rayon-core"
version = "1.9.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "258bcdb5ac6dad48491bb2992db6b7cf74878b0384908af124823d118c99683f"
dependencies = [
"crossbeam-channel",
"crossbeam-deque",
"crossbeam-utils",
"num_cpus",
]
[[package]] [[package]]
name = "redox_syscall" name = "redox_syscall"
version = "0.2.16" version = "0.2.16"
@ -5442,15 +5359,6 @@ version = "0.2.83"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f" checksum = "1c38c045535d93ec4f0b4defec448e4291638ee608530863b1e2ba115d4fff7f"
[[package]]
name = "wasm-encoder"
version = "0.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c5816e88e8ea7335016aa62eb0485747f786136d505a9b3890f8c400211d9b5f"
dependencies = [
"leb128",
]
[[package]] [[package]]
name = "wasmparser" name = "wasmparser"
version = "0.89.1" version = "0.89.1"
@ -5477,7 +5385,6 @@ dependencies = [
"once_cell", "once_cell",
"paste", "paste",
"psm", "psm",
"rayon",
"serde", "serde",
"target-lexicon", "target-lexicon",
"wasmparser", "wasmparser",
@ -5487,7 +5394,6 @@ dependencies = [
"wasmtime-fiber", "wasmtime-fiber",
"wasmtime-jit", "wasmtime-jit",
"wasmtime-runtime", "wasmtime-runtime",
"wat",
"windows-sys 0.36.1", "windows-sys 0.36.1",
] ]
@ -5585,7 +5491,6 @@ dependencies = [
"cfg-if", "cfg-if",
"cpp_demangle", "cpp_demangle",
"gimli", "gimli",
"ittapi",
"log", "log",
"object", "object",
"rustc-demangle", "rustc-demangle",
@ -5594,7 +5499,6 @@ dependencies = [
"target-lexicon", "target-lexicon",
"thiserror", "thiserror",
"wasmtime-environ", "wasmtime-environ",
"wasmtime-jit-debug",
"wasmtime-runtime", "wasmtime-runtime",
"windows-sys 0.36.1", "windows-sys 0.36.1",
] ]
@ -5605,9 +5509,7 @@ version = "1.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "25e82d4ef93296785de7efca92f7679dc67fe68a13b625a5ecc8d7503b377a37" checksum = "25e82d4ef93296785de7efca92f7679dc67fe68a13b625a5ecc8d7503b377a37"
dependencies = [ dependencies = [
"object",
"once_cell", "once_cell",
"rustix",
] ]
[[package]] [[package]]
@ -5623,7 +5525,6 @@ dependencies = [
"libc", "libc",
"log", "log",
"mach", "mach",
"memfd",
"memoffset", "memoffset",
"paste", "paste",
"rand", "rand",
@ -5648,27 +5549,6 @@ dependencies = [
"wasmparser", "wasmparser",
] ]
[[package]]
name = "wast"
version = "48.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "84825b5ac7164df8260c9e2b2e814075334edbe7ac426f2469b93a5eeac23cce"
dependencies = [
"leb128",
"memchr",
"unicode-width",
"wasm-encoder",
]
[[package]]
name = "wat"
version = "1.0.50"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "129da4a03ec6d2a815f42c88f641824e789d5be0d86d2f90aa8a218c7068e0be"
dependencies = [
"wast",
]
[[package]] [[package]]
name = "watchman_client" name = "watchman_client"
version = "0.8.0" version = "0.8.0"

12
Dockerfile
View File

@ -115,6 +115,8 @@ RUN cargo chef cook \
--bin mas-cli \ --bin mas-cli \
--release \ --release \
--recipe-path recipe.json \ --recipe-path recipe.json \
--no-default-features \
--features docker \
--target $(/docker-arch-to-rust-target.sh "${TARGETPLATFORM}") \ --target $(/docker-arch-to-rust-target.sh "${TARGETPLATFORM}") \
--package mas-cli --package mas-cli
@ -128,6 +130,8 @@ RUN cargo auditable zigbuild \
--locked \ --locked \
--release \ --release \
--bin mas-cli \ --bin mas-cli \
--no-default-features \
--features docker \
--target $(/docker-arch-to-rust-target.sh "${TARGETPLATFORM}") --target $(/docker-arch-to-rust-target.sh "${TARGETPLATFORM}")
# Move the binary to avoid having to guess its name in the next stage # Move the binary to avoid having to guess its name in the next stage
@ -138,10 +142,6 @@ RUN mv target/$(/docker-arch-to-rust-target.sh "${TARGETPLATFORM}")/release/mas-
################################## ##################################
FROM --platform=${TARGETPLATFORM} gcr.io/distroless/cc-debian${DEBIAN_VERSION}:debug-nonroot AS debug FROM --platform=${TARGETPLATFORM} gcr.io/distroless/cc-debian${DEBIAN_VERSION}:debug-nonroot AS debug
# Inject a wasmtime config which disables cache to avoid issues running with a read-only root filesystem
ENV XDG_CONFIG_HOME=/etc
COPY ./misc/wasmtime-config.toml /etc/wasmtime/config.toml
COPY --from=builder /usr/local/bin/mas-cli /usr/local/bin/mas-cli COPY --from=builder /usr/local/bin/mas-cli /usr/local/bin/mas-cli
WORKDIR / WORKDIR /
ENTRYPOINT ["/usr/local/bin/mas-cli"] ENTRYPOINT ["/usr/local/bin/mas-cli"]
@ -151,10 +151,6 @@ ENTRYPOINT ["/usr/local/bin/mas-cli"]
################### ###################
FROM --platform=${TARGETPLATFORM} gcr.io/distroless/cc-debian${DEBIAN_VERSION}:nonroot FROM --platform=${TARGETPLATFORM} gcr.io/distroless/cc-debian${DEBIAN_VERSION}:nonroot
# Inject a wasmtime config which disables cache to avoid issues running with a read-only root filesystem
ENV XDG_CONFIG_HOME=/etc
COPY ./misc/wasmtime-config.toml /etc/wasmtime/config.toml
COPY --from=builder /usr/local/bin/mas-cli /usr/local/bin/mas-cli COPY --from=builder /usr/local/bin/mas-cli /usr/local/bin/mas-cli
WORKDIR / WORKDIR /
ENTRYPOINT ["/usr/local/bin/mas-cli"] ENTRYPOINT ["/usr/local/bin/mas-cli"]

8
crates/cli/Cargo.toml
View File

@ -55,7 +55,13 @@ mas-listener = { path = "../listener" }
indoc = "1.0.7" indoc = "1.0.7"
[features] [features]
default = ["otlp", "jaeger", "zipkin", "prometheus", "native-roots"] default = ["otlp", "jaeger", "zipkin", "prometheus", "webpki-roots", "policy-cache"]
# Features used in the Docker image
docker = ["otlp", "jaeger", "zipkin", "prometheus", "native-roots"]
# Enable wasmtime compilation cache
policy-cache = ["mas-policy/cache"]
# Use the native root certificates # Use the native root certificates
native-roots = ["mas-http/native-roots", "mas-handlers/native-roots"] native-roots = ["mas-http/native-roots", "mas-handlers/native-roots"]

5
crates/policy/Cargo.toml
View File

@ -13,7 +13,10 @@ serde_json = "1.0.87"
thiserror = "1.0.37" thiserror = "1.0.37"
tokio = { version = "1.21.2", features = ["io-util", "rt"] } tokio = { version = "1.21.2", features = ["io-util", "rt"] }
tracing = "0.1.37" tracing = "0.1.37"
wasmtime = "1.0.1" wasmtime = { version = "1.0.1", default-features = false, features = ["async", "cranelift"] }
mas-data-model = { path = "../data-model" } mas-data-model = { path = "../data-model" }
oauth2-types = { path = "../oauth2-types" } oauth2-types = { path = "../oauth2-types" }
[features]
cache = ["wasmtime/cache"]

3
crates/policy/src/lib.rs
View File

@ -52,6 +52,7 @@ pub enum LoadError {
#[error("failed to instantiate a test instance")] #[error("failed to instantiate a test instance")]
Instantiate(#[source] anyhow::Error), Instantiate(#[source] anyhow::Error),
#[cfg(feature = "cache")]
#[error("could not load wasmtime cache configuration")] #[error("could not load wasmtime cache configuration")]
CacheSetup(#[source] anyhow::Error), CacheSetup(#[source] anyhow::Error),
} }
@ -76,6 +77,8 @@ impl PolicyFactory {
let mut config = Config::default(); let mut config = Config::default();
config.async_support(true); config.async_support(true);
config.cranelift_opt_level(wasmtime::OptLevel::Speed); config.cranelift_opt_level(wasmtime::OptLevel::Speed);
#[cfg(feature = "cache")]
config config
.cache_config_load_default() .cache_config_load_default()
.map_err(LoadError::CacheSetup)?; .map_err(LoadError::CacheSetup)?;