Move even more python deps to base image

2 years ago · a29f066858
parent 52dd09d452
commit a29f066858
37 changed files with 308 additions and 281 deletions
--- a/core/admin/Dockerfile
+++ b/core/admin/Dockerfile
@ -1,29 +1,26 @@
 # syntax=docker/dockerfile-upstream:1.4.3
 # admin image
 FROM base
 ARG VERSION=local
 LABEL version=$VERSION
 COPY requirements-prod.txt requirements.txt
 RUN set -euxo pipefail \
- && apk add --no-cache libressl curl postgresql-libs mariadb-connector-c \
+  ; apk add --no-cache curl libressl mariadb-connector-c postgresql-libs
 && pip install --no-cache-dir -r requirements.txt --only-binary=:all: --no-binary=Flask-bootstrap,PyYAML,SQLAlchemy \
 || ( apk add --no-cache --virtual build-dep libressl-dev libffi-dev python3-dev build-base postgresql-dev mariadb-connector-c-dev cargo \
 && pip install -r requirements.txt \
 && apk del --no-cache build-dep )
-COPY mailu ./mailu
+COPY mailu/ ./mailu/
-RUN pybabel compile -d mailu/translations
+RUN set -euxo pipefail \
  ; venv/bin/pybabel compile -d mailu/translations
-COPY migrations ./migrations
+COPY migrations/ ./migrations/
-COPY start.py /start.py
+COPY audit.py /
-COPY audit.py /audit.py
+COPY start.py /
-COPY --from=assets /work/static ./mailu/static
+COPY --from=assets /work/static/ ./mailu/static/
-RUN echo $VERSION >> /version
+RUN echo $VERSION >/version
 EXPOSE 80/tcp
 HEALTHCHECK CMD curl -skfLo /dev/null http://localhost/sso/login?next=ui.index
--- a/core/admin/assets/Dockerfile
+++ b/core/admin/assets/Dockerfile
@ -4,7 +4,7 @@ FROM node:16-alpine3.16
 WORKDIR /work
-COPY content /work
+COPY content/ ./
 RUN set -euxo pipefail \
 && npm config set update-notifier false \
@ -14,4 +14,3 @@ RUN set -euxo pipefail \
      cp node_modules/datatables.net-plugins/i18n/${l#*:}.json assets/${l%:*}.json; \
    done \
 && node_modules/.bin/webpack-cli --color
--- a/core/admin/audit.py
+++ b/core/admin/audit.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import sys
 import tabulate
--- a/core/admin/requirements-dev.txt
+++ b/core/admin/requirements-dev.txt
@ -0,0 +1,28 @@
 Flask
 Flask-Login
 Flask-SQLAlchemy
 Flask-bootstrap
 Flask-Babel
 Flask-migrate
 Flask-script
 Flask-wtf
 Flask-debugtoolbar
 limits
 redis
 WTForms-Components
 socrate
 passlib
 gunicorn
 tabulate
 PyYAML
 PyOpenSSL
 Pygments
 dnspython
 tenacity
 mysql-connector-python
 idna
 srslib
 marshmallow
 flask-marshmallow
 marshmallow-sqlalchemy
 xmltodict
--- a/core/admin/requirements-prod.txt
+++ b/core/admin/requirements-prod.txt
@ -1,78 +0,0 @@
 alembic==1.7.4
 appdirs==1.4.4
 Babel==2.9.1
 bcrypt==3.2.0
 blinker==1.4
 CacheControl==0.12.9
 certifi==2021.10.8
 # cffi==1.15.0
 chardet==4.0.0
 click==8.0.3
 colorama==0.4.4
 contextlib2==21.6.0
 cryptography==35.0.0
 decorator==5.1.0
 # distlib==0.3.1
 # distro==1.5.0
 dnspython==2.1.0
 dominate==2.6.0
 email-validator==1.1.3
 Flask==2.0.2
 Flask-Babel==2.0.0
 Flask-Bootstrap==3.3.7.1
 Flask-DebugToolbar==0.11.0
 Flask-Limiter==1.4
 Flask-Login==0.5.0
 flask-marshmallow==0.14.0
 Flask-Migrate==3.1.0
 Flask-Script==2.0.6
 Flask-SQLAlchemy==2.5.1
 Flask-WTF==0.15.1
 greenlet==1.1.2
 gunicorn==20.1.0
 html5lib==1.1
 idna==3.3
 infinity==1.5
 intervals==0.9.2
 itsdangerous==2.0.1
 Jinja2==3.0.2
 limits==1.5.1
 lockfile==0.12.2
 Mako==1.1.5
 MarkupSafe==2.0.1
 marshmallow==3.14.0
 marshmallow-sqlalchemy==0.26.1
 msgpack==1.0.2
 # mysqlclient==2.0.3
 mysql-connector-python==8.0.25
 ordered-set==4.0.2
 # packaging==20.9
 passlib==1.7.4
 # pep517==0.10.0
 progress==1.6
 #psycopg2==2.9.1
 psycopg2-binary==2.9.3
 pycparser==2.20
 Pygments==2.10.0
 pyOpenSSL==21.0.0
 pyparsing==3.0.4
 pytz==2021.3
 PyYAML==6.0
 redis==3.5.3
 requests==2.26.0
 retrying==1.3.3
 # six==1.15.0
 socrate==0.2.0
 SQLAlchemy==1.4.26
 srslib==0.1.4
 tabulate==0.8.9
 tenacity==8.0.1
 toml==0.10.2
 urllib3==1.26.7
 validators==0.18.2
 visitor==0.1.3
 webencodings==0.5.1
 Werkzeug==2.0.2
 WTForms==2.3.3
 WTForms-Components==0.10.5
 xmltodict==0.12.0
--- a/core/admin/requirements.txt
+++ b/core/admin/requirements.txt
@ -1,28 +1,78 @@
-Flask
+alembic==1.7.4
-Flask-Login
+appdirs==1.4.4
-Flask-SQLAlchemy
+Babel==2.9.1
-Flask-bootstrap
+bcrypt==3.2.0
-Flask-Babel
+blinker==1.4
-Flask-migrate
+CacheControl==0.12.9
-Flask-script
+certifi==2021.10.8
-Flask-wtf
+# cffi==1.15.0
-Flask-debugtoolbar
+chardet==4.0.0
-limits
+click==8.0.3
-redis
+colorama==0.4.4
-WTForms-Components
+contextlib2==21.6.0
-socrate
+cryptography==35.0.0
-passlib
+decorator==5.1.0
-gunicorn
+# distlib==0.3.1
-tabulate
+# distro==1.5.0
-PyYAML
+dnspython==2.1.0
-PyOpenSSL
+dominate==2.6.0
-Pygments
+email-validator==1.1.3
-dnspython
+Flask==2.0.2
-tenacity
+Flask-Babel==2.0.0
-mysql-connector-python
+Flask-Bootstrap==3.3.7.1
-idna
+Flask-DebugToolbar==0.11.0
-srslib
+Flask-Limiter==1.4
-marshmallow
+Flask-Login==0.5.0
-flask-marshmallow
+flask-marshmallow==0.14.0
-marshmallow-sqlalchemy
+Flask-Migrate==3.1.0
-xmltodict
+Flask-Script==2.0.6
 Flask-SQLAlchemy==2.5.1
 Flask-WTF==0.15.1
 greenlet==1.1.2
 gunicorn==20.1.0
 html5lib==1.1
 idna==3.3
 infinity==1.5
 intervals==0.9.2
 itsdangerous==2.0.1
 Jinja2==3.0.2
 limits==1.5.1
 lockfile==0.12.2
 Mako==1.1.5
 MarkupSafe==2.0.1
 marshmallow==3.14.0
 marshmallow-sqlalchemy==0.26.1
 msgpack==1.0.2
 # mysqlclient==2.0.3
 mysql-connector-python==8.0.25
 ordered-set==4.0.2
 # packaging==20.9
 passlib==1.7.4
 # pep517==0.10.0
 progress==1.6
 #psycopg2==2.9.1
 psycopg2-binary==2.9.3
 pycparser==2.20
 Pygments==2.10.0
 pyOpenSSL==21.0.0
 pyparsing==3.0.4
 pytz==2021.3
 PyYAML==6.0
 redis==3.5.3
 requests==2.26.0
 retrying==1.3.3
 # six==1.15.0
 socrate==0.2.0
 SQLAlchemy==1.4.26
 srslib==0.1.4
 tabulate==0.8.9
 tenacity==8.0.1
 toml==0.10.2
 urllib3==1.26.7
 validators==0.18.2
 visitor==0.1.3
 webencodings==0.5.1
 Werkzeug==2.0.2
 WTForms==2.3.3
 WTForms-Components==0.10.5
 xmltodict==0.12.0
--- a/core/admin/start.py
+++ b/core/admin/start.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import logging as log
--- a/core/base/Dockerfile
+++ b/core/base/Dockerfile
@ -1,30 +1,57 @@
 # syntax=docker/dockerfile-upstream:1.4.3
 # base system image (intermediate)
 ARG DISTRO=alpine:3.14.5
-FROM $DISTRO
+FROM $DISTRO as system
 ENV TZ Etc/UTC
 ENV LANG C.UTF-8
 # TODO: use intermediate image to build virtual env
 RUN set -euxo pipefail \
- && adduser -s /bin/bash -Dh /app -k /var/empty -u 1000 -g mailu app \
+  ; adduser -s /bin/bash -Dh /app -k /var/empty -u 1000 -g mailu app \
- && apk add --no-cache bash ca-certificates tzdata python3 py3-pip py3-wheel \
+  ; apk add --no-cache bash ca-certificates python3 tzdata
 && pip3 install --no-cache-dir --upgrade pip
 WORKDIR /app
-COPY libs libs/
+CMD /bin/bash
 # build virtual env (intermediate)
 FROM system as build
 ENV VIRTUAL_ENV=/app/venv
 # TODO: work in virtual env (see above)
 # && python3 -m venv . \
 RUN set -euxo pipefail \
- && pip3 install --no-cache-dir -r libs/requirements.txt --only-binary=:all: \
+  ; apk add --no-cache py3-pip \
- || ( apk add --no-cache --virtual .build-deps gcc musl-dev python3-dev \
+  ; python3 -m venv ${VIRTUAL_ENV} \
-      && pip3 install --no-cache-dir -r libs/requirements.txt \
+  ; venv/bin/pip install --no-cache-dir --upgrade --no-warn-script-location pip wheel
      && apk del --no-cache .build-deps )
-# TODO: clean image (or use intermediate - see above)
+ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"
-# && bin/pip uninstall -y pip distribute setuptools wheel \
+
-# && rm -rf /tmp/* /root/.cache/pip
+COPY libs/ libs/
 COPY --from=core ./ core/
 COPY --from=optional ./ optional/
 RUN set -euxo pipefail \
  ; grep -hEv '(podop|socrate)==' core/*/requirements.txt optional/*/requirements.txt \
    | sort -u >libs/requirements.txt \
 \
  ; venv/bin/pip install --no-cache-dir -r libs/requirements.txt \
 || ( \
      apk add --no-cache --virtual .build-deps \
        build-base cargo gcc libffi-dev libressl-dev mariadb-connector-c-dev \
        musl-dev postgresql-dev python3-dev \
       ; venv/bin/pip install --no-cache-dir -r libs/requirements.txt \
       ; apk del .build-deps \
  ) \
 \
  ; venv/bin/pip freeze > venv/requirements.txt
 # base mailu image
 FROM system
 COPY --from=build /app/venv/ /app/venv/
 ENV VIRTUAL_ENV=/app/venv
 ENV PATH="${VIRTUAL_ENV}/bin:${PATH}"
--- a/core/base/libs/requirements.txt
+++ b/core/base/libs/requirements.txt
--- a/core/dovecot/Dockerfile
+++ b/core/dovecot/Dockerfile
@ -1,18 +1,19 @@
 # syntax=docker/dockerfile-upstream:1.4.3
 # dovecot image
 FROM base
 ARG VERSION
 LABEL version=$VERSION
 RUN set -euxo pipefail \
- && apk add --no-cache dovecot dovecot-lmtpd dovecot-pop3d dovecot-submissiond dovecot-pigeonhole-plugin rspamd-client xapian-core dovecot-fts-xapian \
+  ; apk add --no-cache dovecot dovecot-fts-xapian dovecot-lmtpd dovecot-pigeonhole-plugin dovecot-pop3d dovecot-submissiond rspamd-client xapian-core \
- && mkdir /var/lib/dovecot
+  ; mkdir /var/lib/dovecot
-COPY conf /conf
+COPY conf/ /conf/
-COPY start.py /start.py
+COPY start.py /
-RUN echo $VERSION >> /version
+RUN echo $VERSION >/version
 EXPOSE 110/tcp 143/tcp 993/tcp 4190/tcp 2525/tcp
 HEALTHCHECK --start-period=350s CMD echo QUIT|nc localhost 110|grep "Dovecot ready."
--- a/core/dovecot/requirements.txt
+++ b/core/dovecot/requirements.txt
@ -0,0 +1,2 @@
 podop==0.2.5
 socrate==0.2.0
--- a/core/dovecot/start.py
+++ b/core/dovecot/start.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import glob
--- a/core/nginx/Dockerfile
+++ b/core/nginx/Dockerfile
@ -1,29 +1,29 @@
 # syntax=docker/dockerfile-upstream:1.4.3
 # build static assets (intermediate)
 FROM base as static
-COPY static /static
+COPY static/ /static/
 RUN set -euxo pipefail \
- && gzip -k9 /static/*.ico /static/*.txt \
+  ; gzip -k9 /static/*.ico /static/*.txt \
- && chmod a+rX-w -R /static
+  ; chmod a+rX-w -R /static
 # nginx image
 FROM base
 ARG VERSION
 LABEL version=$VERSION
 # Image specific layers under this line
 RUN set -euxo pipefail \
- && apk add --no-cache certbot nginx nginx-mod-mail openssl curl \
+  ; apk add --no-cache certbot curl nginx nginx-mod-mail openssl
 && pip3 install --no-cache-dir watchdog
-COPY conf /conf
+COPY conf/ /conf/
-COPY --from=static /static /static
+COPY --from=static /static/ /static/
 COPY *.py /
-RUN echo $VERSION >> /version
+RUN echo $VERSION >/version
 EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 25/tcp 10025/tcp 10143/tcp
 HEALTHCHECK --start-period=60s CMD curl -skfLo /dev/null http://localhost/health
--- a/core/nginx/certwatcher.py
+++ b/core/nginx/certwatcher.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 """
 Certificate watcher which reloads nginx or reconfigures it, depending on what
 happens to externally supplied certificates. Only executed by start.py in case
--- a/core/nginx/config.py
+++ b/core/nginx/config.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import logging as log
--- a/core/nginx/letsencrypt.py
+++ b/core/nginx/letsencrypt.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import time
--- a/core/nginx/requirements.txt
+++ b/core/nginx/requirements.txt
@ -0,0 +1,2 @@
 socrate==0.2.0
 watchdog==2.1.9
--- a/core/nginx/start.py
+++ b/core/nginx/start.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import subprocess
--- a/core/none/Dockerfile
+++ b/core/none/Dockerfile
@ -1,12 +1,12 @@
 # syntax=docker/dockerfile-upstream:1.4.3
 # This is an idle image to dynamically replace any component if disabled.
 # idle image (to dynamically replace any disabled component)
 FROM base
 ARG VERSION=local
 LABEL version=$VERSION
-RUN echo $VERSION >> /version
+RUN echo $VERSION >/version
 HEALTHCHECK CMD true
--- a/core/postfix/Dockerfile
+++ b/core/postfix/Dockerfile
@ -1,21 +1,18 @@
 # syntax=docker/dockerfile-upstream:1.4.3
 # postfix image
 FROM base
 ARG VERSION=local
 LABEL version=$VERSION
 RUN set -euxo pipefail \
- && apk add --no-cache postfix postfix-pcre cyrus-sasl-login rsyslog logrotate \
+  ; apk add --no-cache cyrus-sasl-login logrotate postfix postfix-pcre rsyslog
 && pip install --no-cache-dir --only-binary=:all: postfix-mta-sts-resolver==1.0.1 \
 || ( apk add --no-cache --virtual .build-deps gcc musl-dev python3-dev py3-wheel libffi-dev \
      && pip3 install postfix-mta-sts-resolver==1.0.1 \
      && apk del .build-deps )
-COPY conf /conf
+COPY conf/ /conf/
-COPY start.py /start.py
+COPY start.py /
-RUN echo $VERSION >> /version
+RUN echo $VERSION >/version
 EXPOSE 25/tcp 10025/tcp
 HEALTHCHECK --start-period=350s CMD echo QUIT|nc localhost 25|grep "220 .* ESMTP Postfix"
--- a/core/postfix/requirements.txt
+++ b/core/postfix/requirements.txt
@ -0,0 +1,3 @@
 podop==0.2.5
 postfix-mta-sts-resolver==1.1.4
 socrate==0.2.0
--- a/core/postfix/start.py
+++ b/core/postfix/start.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import glob
--- a/core/rspamd/Dockerfile
+++ b/core/rspamd/Dockerfile
@ -1,18 +1,19 @@
 # syntax=docker/dockerfile-upstream:1.4.3
 # rspamd image
 FROM base
 ARG VERSION=local
 LABEL version=$VERSION
 RUN set -euxo pipefail \
- && apk add --no-cache rspamd rspamd-controller rspamd-proxy rspamd-fuzzy ca-certificates curl \
+  ; apk add --no-cache curl rspamd rspamd-controller rspamd-fuzzy rspamd-proxy \
- && mkdir /run/rspamd
+  ; mkdir /run/rspamd
-COPY conf/ /conf
+COPY conf/ /conf/
-COPY start.py /start.py
+COPY start.py /
-RUN echo $VERSION >> /version
+RUN echo $VERSION >/version
 EXPOSE 11332/tcp 11334/tcp 11335/tcp
 HEALTHCHECK --start-period=350s CMD curl -skfLo /dev/null http://localhost:11334/
--- a/core/rspamd/requirements.txt
+++ b/core/rspamd/requirements.txt
@ -0,0 +1 @@
 socrate==0.2.0
--- a/core/rspamd/start.py
+++ b/core/rspamd/start.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import glob
--- a/optional/clamav/Dockerfile
+++ b/optional/clamav/Dockerfile
@ -1,26 +1,22 @@
-ARG DISTRO=alpine:3.14.5
+# syntax=docker/dockerfile-upstream:1.4.3
 FROM $DISTRO
 ARG VERSION
-ENV TZ Etc/UTC
+# clamav image
 FROM base
 ARG VERSION=local
 LABEL version=$VERSION
-# python3 shared with most images
+RUN set -euxo pipefail \
-RUN apk add --no-cache \
+  ; apk add --no-cache clamav clamav-libunrar rsyslog wget
    python3 py3-pip bash tzdata \
  && pip3 install --upgrade pip
 # Image specific layers under this line
 RUN apk add --no-cache clamav rsyslog wget clamav-libunrar
-COPY conf /etc/clamav
+COPY conf/ /etc/clamav/
-COPY start.py /start.py
+COPY start.py /
-COPY health.sh /health.sh
+
 RUN echo $VERSION >/version
 EXPOSE 3310/tcp
 HEALTHCHECK --start-period=350s CMD echo PING|nc localhost 3310|grep "PONG"
 VOLUME ["/data"]
 CMD /start.py
 HEALTHCHECK --start-period=350s CMD /health.sh
 RUN echo $VERSION >> /version
--- a/optional/clamav/health.sh
+++ b/optional/clamav/health.sh
@ -1,8 +0,0 @@
 #!/bin/sh
 if [ "$(echo PING | nc localhost 3310)" = "PONG" ]; then
 	echo "ping successful"
 else
 	echo "ping failed"
 	exit 1
 fi
--- a/optional/clamav/start.py
+++ b/optional/clamav/start.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import logging as log
--- a/optional/fetchmail/Dockerfile
+++ b/optional/fetchmail/Dockerfile
@ -1,23 +1,21 @@
-ARG DISTRO=alpine:3.14.5
+# syntax=docker/dockerfile-upstream:1.4.3
 FROM $DISTRO
 ARG VERSION
-ENV TZ Etc/UTC
+# fetchmail image
 FROM base
 ARG VERSION=local
 LABEL version=$VERSION
-# python3 shared with most images
+RUN set -euxo pipefail \
-RUN apk add --no-cache \
+  ; apk add --no-cache fetchmail openssl \
-    python3 py3-pip bash tzdata \
+  ; mkdir -p /data
  && pip3 install --upgrade pip
-# Image specific layers under this line
+COPY fetchmail.py /
 RUN apk add --no-cache fetchmail ca-certificates openssl \
 && pip3 install requests
-RUN mkdir -p /data
+RUN echo $VERSION >/version
-COPY fetchmail.py /fetchmail.py
+HEALTHCHECK --start-period=350s CMD ["/bin/sh", "-c", "ps ax | grep [/]fetchmail.py"]
 VOLUME ["/var/lib/rspamd"]
 CMD ["/fetchmail.py"]
 RUN echo $VERSION >> /version
--- a/optional/fetchmail/fetchmail.py
+++ b/optional/fetchmail/fetchmail.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import time
 import os
--- a/optional/fetchmail/requirements.txt
+++ b/optional/fetchmail/requirements.txt
@ -0,0 +1 @@
 requests==2.26.0
--- a/optional/radicale/Dockerfile
+++ b/optional/radicale/Dockerfile
@ -1,27 +1,21 @@
-ARG DISTRO=alpine:3.14.5
+# syntax=docker/dockerfile-upstream:1.4.3
 FROM $DISTRO
 ARG VERSION
-ENV TZ Etc/UTC
+# webdav image
 FROM base
 ARG VERSION=local
 LABEL version=$VERSION
-# python3 shared with most images
+RUN set -euxo pipefail \
-RUN apk add --no-cache \
+  ; apk add --no-cache curl
    python3 py3-pip bash tzdata \
  && pip3 install --upgrade pip
-# Image specific layers under this line
+COPY radicale.conf /
 RUN apk add --no-cache curl \
 && pip3 install pytz radicale~=3.0
-
+RUN echo $VERSION >/version
 COPY radicale.conf /radicale.conf
 EXPOSE 5232/tcp
 HEALTHCHECK CMD curl -f -L http://localhost:5232/ || exit 1
 VOLUME ["/data"]
 CMD radicale -S -C /radicale.conf
 HEALTHCHECK CMD curl -f -L http://localhost:5232/ || exit 1
 RUN echo $VERSION >> /version
--- a/optional/radicale/requirements.txt
+++ b/optional/radicale/requirements.txt
@ -0,0 +1,2 @@
 pytz==2021.3
 radicale~=3.0
--- a/optional/traefik-certdumper/Dockerfile
+++ b/optional/traefik-certdumper/Dockerfile
@ -1,16 +1,22 @@
 # syntax=docker/dockerfile-upstream:1.4.3
 # cert dumper image
 FROM ldez/traefik-certs-dumper
 ARG VERSION
 ENV TZ Etc/UTC
 ENV LANG C.UTF-8
 ARG VERSION
 LABEL version=$VERSION
-RUN apk --no-cache add inotify-tools util-linux bash tzdata
+RUN set -euxo pipefail \
  ; apk add --no-cache bash inotify-tools tzdata util-linux
 COPY run.sh /
 RUN echo $VERSION >/version
 VOLUME ["/traefik"]
 VOLUME ["/output"]
 ENTRYPOINT ["/run.sh"]
 RUN echo $VERSION >> /version
--- a/optional/unbound/Dockerfile
+++ b/optional/unbound/Dockerfile
@ -1,33 +1,25 @@
-ARG DISTRO=alpine:3.14.5
+# syntax=docker/dockerfile-upstream:1.4.3
 FROM $DISTRO
 ARG VERSION
-ENV TZ Etc/UTC
+# resolver image
 FROM base
 ARG VERSION=local
 LABEL version=$VERSION
-# python3 shared with most images
+RUN set -euxo pipefail \
-RUN apk add --no-cache \
+  ; apk add --no-cache bind-tools curl unbound \
-    python3 py3-pip git bash py3-multidict tzdata \
+  ; curl -so /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
-  && pip3 install --upgrade pip
+  ; chown root:unbound /etc/unbound \
  ; chmod 775 /etc/unbound \
  ; apk del --no-cache curl \
  ; /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key || true
-# Shared layer between nginx, dovecot, postfix, postgresql, rspamd, unbound, snappymail, roundcube
+COPY unbound.conf /
-RUN pip3 install socrate==0.2.0
+COPY start.py /
-# Image specific layers under this line
+RUN echo $VERSION >/version
 RUN apk add --no-cache unbound curl bind-tools \
  && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \
  && chown root:unbound /etc/unbound \
  && chmod 775 /etc/unbound \
  && apk del --no-cache curl \
  && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true
 COPY start.py /start.py
 COPY unbound.conf /unbound.conf
 EXPOSE 53/udp 53/tcp
 HEALTHCHECK CMD dig @127.0.0.1 || exit 1
 CMD /start.py
 HEALTHCHECK CMD dig @127.0.0.1 || exit 1
 RUN echo $VERSION >> /version
--- a/optional/unbound/start.py
+++ b/optional/unbound/start.py
@ -1,4 +1,4 @@
-#!/usr/bin/python3
+#!/usr/bin/env python3
 import os
 import logging as log
--- a/tests/build.hcl
+++ b/tests/build.hcl
@ -83,12 +83,16 @@ function "tag" {
 # -----------------------------------------------------------------------------------------
 target "base" {
  inherits = ["defaults"]
-  context="core/base"
+  context = "core/base/"
  contexts = {
    core = "core/"
    optional = "optional/"
  }
 }
 target "assets" {
  inherits = ["defaults"]
-  context="core/admin/assets"
+  context = "core/admin/assets/"
 }
 # -----------------------------------------------------------------------------------------
@ -96,7 +100,7 @@ target "assets" {
 # -----------------------------------------------------------------------------------------
 target "docs" {
  inherits = ["defaults"]
-  context = "docs"
+  context = "docs/"
  tags = tag("docs")
  args = {
    version = "${MAILU_VERSION}"
@ -106,7 +110,7 @@ target "docs" {
 target "setup" {
  inherits = ["defaults"]
-  context="setup"
+  context = "setup/"
  tags = tag("setup")
 }
@ -115,7 +119,7 @@ target "setup" {
 # -----------------------------------------------------------------------------------------
 target "none" {
  inherits = ["defaults"]
-  context="core/none"
+  context = "core/none/"
  contexts = {
    base = "target:base"
  }
@ -124,7 +128,7 @@ target "none" {
 target "admin" {
  inherits = ["defaults"]
-  context="core/admin"
+  context = "core/admin/"
  contexts = {
    base = "target:base"
    assets = "target:assets"
@ -134,7 +138,7 @@ target "admin" {
 target "antispam" {
  inherits = ["defaults"]
-  context="core/rspamd"
+  context = "core/rspamd/"
  contexts = {
    base = "target:base"
  }
@ -143,7 +147,7 @@ target "antispam" {
 target "front" {
  inherits = ["defaults"]
-  context="core/nginx"
+  context = "core/nginx/"
  contexts = {
    base = "target:base"
  }
@ -152,7 +156,7 @@ target "front" {
 target "imap" {
  inherits = ["defaults"]
-  context="core/dovecot"
+  context = "core/dovecot/"
  contexts = {
    base = "target:base"
  }
@ -161,7 +165,7 @@ target "imap" {
 target "smtp" {
  inherits = ["defaults"]
-  context="core/postfix"
+  context = "core/postfix/"
  contexts = {
    base = "target:base"
  }
@ -173,13 +177,13 @@ target "smtp" {
 # -----------------------------------------------------------------------------------------
 target "snappymail" {
  inherits = ["defaults"]
-  context="webmails/snappymail"
+  context = "webmails/snappymail/"
  tags = tag("snappymail")
 }
 target "roundcube" {
  inherits = ["defaults"]
-  context="webmails/roundcube"
+  context = "webmails/roundcube/"
  tags = tag("roundcube")
 }
@ -188,30 +192,42 @@ target "roundcube" {
 # -----------------------------------------------------------------------------------------
 target "antivirus" {
  inherits = ["defaults"]
-  context="optional/clamav"
+  context = "optional/clamav/"
  contexts = {
    base = "target:base"
  }
  tags = tag("clamav")
 }
 target "fetchmail" {
  inherits = ["defaults"]
-  context="optional/fetchmail"
+  context = "optional/fetchmail/"
  contexts = {
    base = "target:base"
  }
  tags = tag("fetchmail")
 }
 target "resolver" {
  inherits = ["defaults"]
-  context="optional/unbound"
+  context = "optional/unbound/"
  contexts = {
    base = "target:base"
  }
  tags = tag("unbound")
 }
 target "traefik-certdumper" {
  inherits = ["defaults"]
-  context="optional/traefik-certdumper"
+  context = "optional/traefik-certdumper/"
  tags = tag("traefik-certdumper")
 }
 target "webdav" {
  inherits = ["defaults"]
-  context="optional/radicale"
+  context = "optional/radicale/"
  contexts = {
    base = "target:base"
  }
  tags = tag("radicale")
 }