From 5f45d6e4493512ef930cc7eb49c4c9566a4731bb Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Thu, 11 Feb 2021 19:15:24 +0200
Subject: [PATCH] Switch to upstream docker image + jemalloc

---
 Dockerfile | 103 ++++++++++++++++++++++++++++-------------------------
 1 file changed, 55 insertions(+), 48 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 80cb88f1f..0b2924da6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,58 +1,65 @@
-FROM debian:buster-slim
+ARG PYTHON_VERSION=3.8
 
-MAINTAINER Tulir Asokan <tulir@maunium.net>
+FROM docker.io/python:${PYTHON_VERSION}-slim as builder
 
-RUN set -ex && export DEBIAN_FRONTEND=noninteractive \
-    && apt-get clean \
-    && apt-get update -y -q --fix-missing \
-    && apt-get upgrade -y \
-    && apt-get install -y --no-install-recommends \
-        libffi6 \
-        libjpeg62-turbo \
-        libssl1.1 \
-        libtool \
-        libxml2 \
-        libpq5 \
-        libxslt1.1 \
-        python3 \
-        python3-setuptools \
-        libjemalloc2 \
-        zlib1g
+# install the OS build deps
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    libffi-dev \
+    libjpeg-dev \
+    libpq-dev \
+    libssl-dev \
+    libwebp-dev \
+    libxml++2.6-dev \
+    libxslt1-dev \
+    zlib1g-dev \
+    git \
+ && rm -rf /var/lib/apt/lists/*
 
-COPY . /synapse
-WORKDIR /synapse
+# Build dependencies that are not available as wheels, to speed up rebuilds
+RUN pip install --prefix="/install" --no-warn-script-location \
+        frozendict \
+        jaeger-client \
+        opentracing \
+        # Match the version constraints of Synapse
+        "prometheus_client>=0.4.0" \
+        psycopg2 \
+        pycparser \
+        pyrsistent \
+        pyyaml \
+        simplejson \
+        threadloop \
+        thrift
 
-RUN set -ex && export DEBIAN_FRONTEND=noninteractive \
-    && buildDeps=' \
-        file \
-        gcc \
-        git \
-        libevent-dev \
-        libffi-dev \
-        libgnutls28-dev \
-        libjpeg62-turbo-dev \
-        libldap2-dev \
-        libsasl2-dev \
-        libssl-dev \
-        libtool \
-        libxml2-dev \
-        libxslt1-dev \
-        linux-headers-amd64 \
-        zlib1g-dev \
-        python3-dev \
-        python3-pip \
-        libpq-dev' \
-    && apt-get install -y --no-install-recommends $buildDeps \
-    && pip3 install --upgrade wheel \
-    && pip3 install --upgrade .[all] \
-            'git+https://github.com/maunium/synapse-simple-antispam#egg=synapse-simple-antispam' \
-            'git+https://github.com/devture/matrix-synapse-shared-secret-auth#egg=shared_secret_authenticator' \
-    && apt-get purge --auto-remove -y $buildDeps \
-    && apt-get clean \
-    && rm -rf /synapse
+# now install synapse and all of the python deps to /install.
+COPY synapse /synapse/synapse/
+COPY scripts /synapse/scripts/
+COPY MANIFEST.in README.rst setup.py synctl /synapse/
+
+RUN pip install --prefix="/install" --no-warn-script-location \
+        /synapse[all] \
+	'git+https://github.com/maunium/synapse-simple-antispam#egg=synapse-simple-antispam' \
+	'git+https://github.com/devture/matrix-synapse-shared-secret-auth#egg=shared_secret_authenticator'
+
+FROM docker.io/python:${PYTHON_VERSION}-slim
+
+RUN apt-get update && apt-get install -y \
+    curl \
+    gosu \
+    libjpeg62-turbo \
+    libpq5 \
+    libwebp6 \
+    xmlsec1 \
+    libjemalloc2 \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY --from=builder /install /usr/local
 
 VOLUME ["/data"]
 ENV LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libjemalloc.so.2"
 
 ENTRYPOINT ["python3", "-m", "synapse.app.homeserver"]
 CMD ["--keys-directory", "/data", "-c", "/data/homeserver.yaml"]
+
+HEALTHCHECK --interval=1m --timeout=5s \
+  CMD curl -fSs http://localhost:8008/health || exit 1