[mod] container: revert to alpine (#4893)

I'm not too pleased to reverse this, but issues like https://github.com/searxng/searxng/issues/4792 have not been foreseen, and we can't just turn away. It has become apparent over the last weeks that there are still quite a few people with an incompatible CPU or having SearXNG on some random VM provider who can't (or won't) modify the configuration of their machines to expose the features needed for x86_64v2 march.

As I don't want to trash the work with apko and base images, I thought about trying building Alpine again now that we have all the container related workflow refactored.

There will still be the discussion of whether to use musl and its drawbacks, but right now I don't know any other alternatives.

The nice part of this is that both Dockerfiles (mainline and legacy) can now be unified under the same umbrella again.

Closes https://github.com/searxng/searxng/issues/4792
Closes https://github.com/searxng/searxng/issues/4753

.github/workflows/container.yml

@@ -149,7 +149,7 @@ jobs:
         uses: actions/cache@v4
         with:
           # yamllint disable-line rule:line-length
-          key: "container-mounts-${{ matrix.arch }}-${{ hashFiles('./container/Dockerfile', './container/legacy/Dockerfile') }}"
+          key: "container-mounts-${{ matrix.arch }}-${{ hashFiles('./container/Dockerfile') }}"
           restore-keys: "container-mounts-${{ matrix.arch }}-"
           path: |
             /var/tmp/buildah-cache/

container/base-builder.yml

@@ -1,14 +1,19 @@
 contents:
-  keyring:
-    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
   repositories:
-    - https://packages.wolfi.dev/os
+    - https://mirrors.edge.kernel.org/alpine/edge/main
+    - https://mirrors.edge.kernel.org/alpine/edge/community
   packages:
-    - wolfi-base
+    - alpine-base
     - build-base
-    - python-3.13-dev
+    - python3-dev
     - py3-pip
     - brotli
+    # lxml (armv7)
+    - libxml2-dev
+    - libxslt-dev
+    - zlib-dev
+    # uwsgi
+    - libffi-dev
 
 entrypoint:
   command: /bin/sh -l
@@ -23,3 +28,4 @@ environment:
 archs:
   - x86_64
   - aarch64
+  - armv7

container/base.yml

@@ -1,16 +1,17 @@
 contents:
-  keyring:
-    - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub
   repositories:
-    - https://packages.wolfi.dev/os
+    - https://mirrors.edge.kernel.org/alpine/edge/main
   packages:
-    - wolfi-baselayout
+    - alpine-baselayout
     - ca-certificates-bundle
     - busybox
-    - python-3.13
+    - python3
     # healthcheck
     - wget
+    # lxml (armv7)
+    - libxslt
     # uwsgi
+    - libxml2
     - mailcap
 
 entrypoint:
@@ -40,7 +41,7 @@ paths:
     type: directory
     uid: 977
     gid: 977
-    permissions: 0o755
+    permissions: 0o555
 
   # Config volume
   - path: /etc/searxng/
@@ -59,3 +60,4 @@ paths:
 archs:
   - x86_64
   - aarch64
+  - armv7

container/legacy/Dockerfile

@@ -1,107 +0,0 @@
-FROM docker.io/library/python:3.13-slim AS builder
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends \
-    build-essential \
-    brotli \
-    # lxml
-    libxml2-dev \
-    libxslt1-dev \
-    zlib1g-dev \
-    # uwsgi
-    libpcre3-dev \
- && rm -rf /var/lib/apt/lists/*
-
-WORKDIR /usr/local/searxng/
-
-COPY ./requirements.txt ./requirements.txt
-
-RUN --mount=type=cache,id=pip,target=/root/.cache/pip python -m venv ./venv \
- && . ./venv/bin/activate \
- && pip install -r requirements.txt \
- && pip install "uwsgi~=2.0"
-
-COPY ./searx/ ./searx/
-
-ARG TIMESTAMP_SETTINGS=0
-
-RUN python -m compileall -q searx \
- && touch -c --date=@$TIMESTAMP_SETTINGS ./searx/settings.yml \
- && find /usr/local/searxng/searx/static \
-    \( -name '*.html' -o -name '*.css' -o -name '*.js' -o -name '*.svg' -o -name '*.ttf' -o -name '*.eot' \) \
-    -type f -exec gzip -9 -k {} + -exec brotli --best {} +
-
-ARG SEARXNG_UID=977
-ARG SEARXNG_GID=977
-
-RUN grep -m1 root /etc/group > /tmp/.searxng.group \
- && grep -m1 root /etc/passwd > /tmp/.searxng.passwd \
- && echo "searxng:x:$SEARXNG_GID:" >> /tmp/.searxng.group \
- && echo "searxng:x:$SEARXNG_UID:$SEARXNG_GID:searxng:/usr/local/searxng:/bin/bash" >> /tmp/.searxng.passwd
-
-FROM docker.io/library/python:3.13-slim
-
-RUN apt-get update \
- && apt-get install -y --no-install-recommends \
-    # healthcheck
-    wget \
-    # lxml (ARMv7)
-    libxslt1.1 \
-    # uwsgi
-    libpcre3 \
-    libxml2 \
-    mailcap \
- && rm -rf /var/lib/apt/lists/*
-
-COPY --chown=root:root --from=builder /tmp/.searxng.passwd /etc/passwd
-COPY --chown=root:root --from=builder /tmp/.searxng.group /etc/group
-
-ARG LABEL_DATE="0001-01-01T00:00:00Z"
-ARG GIT_URL="unspecified"
-ARG SEARXNG_GIT_VERSION="unspecified"
-ARG LABEL_VCS_REF="unspecified"
-ARG LABEL_VCS_URL="unspecified"
-
-WORKDIR /usr/local/searxng/
-
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/venv/ ./venv/
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
-COPY --chown=searxng:searxng ./container/config/ ./.template/
-COPY --chown=searxng:searxng ./container/entrypoint.sh ./entrypoint.sh
-
-ARG TIMESTAMP_UWSGI="0"
-
-RUN touch -c --date=@$TIMESTAMP_UWSGI ./.template/uwsgi.ini
-
-LABEL org.opencontainers.image.authors="searxng <$GIT_URL>" \
-      org.opencontainers.image.created=$LABEL_DATE \
-      org.opencontainers.image.description="A privacy-respecting, hackable metasearch engine" \
-      org.opencontainers.image.documentation="https://github.com/searxng/searxng-docker" \
-      org.opencontainers.image.licenses="AGPL-3.0-or-later" \
-      org.opencontainers.image.revision=$LABEL_VCS_REF \
-      org.opencontainers.image.source=$LABEL_VCS_URL \
-      org.opencontainers.image.title="searxng" \
-      org.opencontainers.image.url=$LABEL_VCS_URL \
-      org.opencontainers.image.version=$SEARXNG_GIT_VERSION
-
-ENV CONFIG_PATH=/etc/searxng \
-    DATA_PATH=/var/cache/searxng
-
-ENV SEARXNG_VERSION=$SEARXNG_GIT_VERSION \
-    INSTANCE_NAME=searxng \
-    AUTOCOMPLETE="" \
-    BASE_URL="" \
-    BIND_ADDRESS=[::]:8080 \
-    SEARXNG_SETTINGS_PATH=$CONFIG_PATH/settings.yml \
-    UWSGI_SETTINGS_PATH=$CONFIG_PATH/uwsgi.ini \
-    UWSGI_WORKERS=%k \
-    UWSGI_THREADS=4
-
-VOLUME $CONFIG_PATH
-VOLUME $DATA_PATH
-
-EXPOSE 8080
-
-HEALTHCHECK CMD wget --quiet --tries=1 --spider http://localhost:8080/healthz || exit 1
-
-ENTRYPOINT ["/usr/local/searxng/entrypoint.sh"]

utils/lib_sxng_container.sh

@@ -54,7 +54,7 @@ container.build() {
         platform="linux/$arch"
         ;;
     "ARMV7" | "armhf" | "armv7l" | "armv7")
-        dockerfile="legacy/Dockerfile"
+        dockerfile="Dockerfile"
         arch="arm"
         variant="v7"
         platform="linux/$arch/$variant"