feat: buildkit with multi stage build (ory#2025)

Co-authored-by: abador <[email protected]>

.docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.14.3
+FROM alpine:3.15
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D -u 10000 -h /home/ory -s /bin/nologin; \

.docker/Dockerfile-build

@@ -1,4 +1,5 @@
-FROM golang:1.16.10-alpine3.14 AS builder
+FROM golang:1.17-alpine3.15 AS base
+# syntax = docker/dockerfile:1-experimental
 
 RUN apk -U --no-cache add build-base git gcc bash
 
@@ -19,17 +20,17 @@ ARG VERSION
 ARG COMMIT
 ARG BUILD_DATE
 
-RUN go build -tags sqlite \
+RUN --mount=type=cache,target=/root/.cache/go-build go build -tags sqlite \
     -ldflags="-X 'github.com/ory/kratos/driver/config.Version=${VERSION}' -X 'github.com/ory/kratos/driver/config.Date=${BUILD_DATE}' -X 'github.com/ory/kratos/driver/config.Commit=${COMMIT}'" \
     -o /usr/bin/kratos
 
-FROM alpine:3.14.3
+FROM alpine:3.15.0
 
 RUN addgroup -S ory; \
     adduser -S ory -G ory -D -u 10000 -h /home/ory -s /bin/nologin; \
     chown -R ory:ory /home/ory
 
-COPY --from=builder /usr/bin/kratos /usr/bin/kratos
+COPY --from=base /usr/bin/kratos /usr/bin/kratos
 
 # By creating the sqlite folder as the ory user, the mounted volume will be owned by ory:ory, which
 # is required for read/write of SQLite.

.docker/Dockerfile-debug

@@ -1,4 +1,4 @@
-FROM golang:1.16-buster
+FROM golang:1.17.3-buster
 ENV CGO_ENABLED 1
 
 RUN apt-get update && apt-get install -y --no-install-recommends inotify-tools psmisc

.docker/Dockerfile-sqlite

@@ -1,4 +1,4 @@
-FROM alpine:3.14.3
+FROM alpine:3.15
 
 # Because this image is built for SQLite, we create /home/ory and /home/ory/sqlite which is owned by the ory user
 # and declare /home/ory/sqlite a volume.

Makefile

@@ -135,7 +135,7 @@ format: .bin/goimports docs/node_modules node_modules
 # Build local docker image
 .PHONY: docker
 docker:
-		docker build -f .docker/Dockerfile-build --build-arg=COMMIT=$(VCS_REF) --build-arg=BUILD_DATE=$(BUILD_DATE) -t oryd/kratos:latest-sqlite .
+		DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-build --build-arg=COMMIT=$(VCS_REF) --build-arg=BUILD_DATE=$(BUILD_DATE) -t oryd/kratos:latest-sqlite .
 
 # Runs the documentation tests
 .PHONY: test-docs

docs/docs/self-service/flows/code/registration/index.js

@@ -20,8 +20,7 @@ export const getFlowMethodOidcWithCompletion = {
   browser: {
     label: 'Browser UI',
     image: require('./images/browser-oidc-invalid.png').default,
-    alt:
-      'User Registration HTML Form with missing or invalid fields when performing an OpenID Connect flow'
+    alt: 'User Registration HTML Form with missing or invalid fields when performing an OpenID Connect flow'
   },
   missing: {
     label: 'Missing Website',

docs/docs/self-service/flows/code/verification/index.js

@@ -2,8 +2,7 @@ export const getFlowMethodLinkWithErrors = {
   browser: {
     label: 'Browser UI',
     image: require('./images/browser-missing.png').default,
-    alt:
-      'Email Verification and Account Activation HTML Form with validation errors'
+    alt: 'Email Verification and Account Activation HTML Form with validation errors'
   },
   missing: {
     label: 'Missing Email',
@@ -16,8 +15,7 @@ export const getFlowMethodLinkSuccess = {
   browser: {
     label: 'Browser UI',
     image: require('./images/browser-success.png').default,
-    alt:
-      'Email Verification and Account Activation HTML Form with success message'
+    alt: 'Email Verification and Account Activation HTML Form with success message'
   },
   missing: {
     label: 'Email Sent',
@@ -30,8 +28,7 @@ export const getFlowMethodLinkInvalidChallenge = {
   browser: {
     label: 'Browser UI',
     image: require('./images/browser-invalid-challenge.png').default,
-    alt:
-      'Email Verification and Account Activation HTML Form with an invalid challenge'
+    alt: 'Email Verification and Account Activation HTML Form with an invalid challenge'
   },
   missing: {
     label: 'Invalid Challenge',
@@ -44,8 +41,7 @@ export const getFlowMethodLinkChallengeDone = {
   browser: {
     label: 'Browser UI',
     image: require('./images/browser-challenge-completed.png').default,
-    alt:
-      'Email Verification and Account Activation HTML Form with an invalid challenge'
+    alt: 'Email Verification and Account Activation HTML Form with an invalid challenge'
   },
   missing: {
     label: 'Success State',

docs/scripts/config.js

@@ -45,98 +45,100 @@ if (process.argv.length !== 3 || process.argv[1] === 'help') {
 
 const config = require(path.resolve(process.argv[2]))
 
-const enhance = (schema, parents = []) => (item) => {
-  const key = item.key.value
-
-  const path = [
-    ...parents.map((parent) => ['properties', parent]),
-    ['properties', key]
-  ].flat()
-
-  if (['title', 'description'].find((f) => path[path.length - 1] === f)) {
-    return
-  }
+const enhance =
+  (schema, parents = []) =>
+  (item) => {
+    const key = item.key.value
+
+    const path = [
+      ...parents.map((parent) => ['properties', parent]),
+      ['properties', key]
+    ].flat()
+
+    if (['title', 'description'].find((f) => path[path.length - 1] === f)) {
+      return
+    }
 
-  const comments = [`# ${pathOr(key, [...path, 'title'], schema)} ##`, '']
+    const comments = [`# ${pathOr(key, [...path, 'title'], schema)} ##`, '']
 
-  const description = pathOr('', [...path, 'description'], schema)
-  if (description) {
-    comments.push(' ' + description.split('\n').join('\n '), '')
-  }
+    const description = pathOr('', [...path, 'description'], schema)
+    if (description) {
+      comments.push(' ' + description.split('\n').join('\n '), '')
+    }
 
-  const defaultValue = pathOr('', [...path, 'default'], schema)
-  if (defaultValue || defaultValue === false) {
-    comments.push(' Default value: ' + defaultValue, '')
-  }
+    const defaultValue = pathOr('', [...path, 'default'], schema)
+    if (defaultValue || defaultValue === false) {
+      comments.push(' Default value: ' + defaultValue, '')
+    }
 
-  const enums = pathOr('', [...path, 'enum'], schema)
-  if (enums && Array.isArray(enums)) {
-    comments.push(
-      ' One of:',
-      ...YAML.stringify(enums)
-        .split('\n')
-        .map((i) => ` ${i}`)
-    ) // split always returns one empty object so no need for newline
-  }
+    const enums = pathOr('', [...path, 'enum'], schema)
+    if (enums && Array.isArray(enums)) {
+      comments.push(
+        ' One of:',
+        ...YAML.stringify(enums)
+          .split('\n')
+          .map((i) => ` ${i}`)
+      ) // split always returns one empty object so no need for newline
+    }
 
-  const min = pathOr('', [...path, 'minimum'], schema)
-  if (min || min === 0) {
-    comments.push(` Minimum value: ${min}`, '')
-  }
+    const min = pathOr('', [...path, 'minimum'], schema)
+    if (min || min === 0) {
+      comments.push(` Minimum value: ${min}`, '')
+    }
 
-  const max = pathOr('', [...path, 'maximum'], schema)
-  if (max || max === 0) {
-    comments.push(` Maximum value: ${max}`, '')
-  }
+    const max = pathOr('', [...path, 'maximum'], schema)
+    if (max || max === 0) {
+      comments.push(` Maximum value: ${max}`, '')
+    }
 
-  const examples = pathOr('', [...path, 'examples'], schema)
-  if (examples) {
-    comments.push(
-      ' Examples:',
-      ...YAML.stringify(examples)
-        .split('\n')
-        .map((i) => ` ${i}`)
-    ) // split always returns one empty object so no need for newline
-  }
+    const examples = pathOr('', [...path, 'examples'], schema)
+    if (examples) {
+      comments.push(
+        ' Examples:',
+        ...YAML.stringify(examples)
+          .split('\n')
+          .map((i) => ` ${i}`)
+      ) // split always returns one empty object so no need for newline
+    }
 
-  let hasChildren
-  if (item.value.items) {
-    item.value.items.forEach((item) => {
-      if (item.key) {
-        enhance(schema, [...parents, key])(item)
-        hasChildren = true
-      }
-    })
-  }
+    let hasChildren
+    if (item.value.items) {
+      item.value.items.forEach((item) => {
+        if (item.key) {
+          enhance(schema, [...parents, key])(item)
+          hasChildren = true
+        }
+      })
+    }
 
-  const showEnvVarBlockForObject = pathOr(
-    '',
-    [...path, 'showEnvVarBlockForObject'],
-    schema
-  )
-  if (!hasChildren || showEnvVarBlockForObject) {
-    const env = [...parents, key].map((i) => i.toUpperCase()).join('_')
-    comments.push(
-      ' Set this value using environment variables on',
-      ' - Linux/macOS:',
-      `    $ export ${env}=<value>`,
-      ' - Windows Command Line (CMD):',
-      `    > set ${env}=<value>`,
-      ''
+    const showEnvVarBlockForObject = pathOr(
+      '',
+      [...path, 'showEnvVarBlockForObject'],
+      schema
     )
-
-    // Show this if the config property is an object, to call out how to specify the env var
-    if (hasChildren) {
+    if (!hasChildren || showEnvVarBlockForObject) {
+      const env = [...parents, key].map((i) => i.toUpperCase()).join('_')
       comments.push(
-        ' This can be set as an environment variable by supplying it as a JSON object.',
+        ' Set this value using environment variables on',
+        ' - Linux/macOS:',
+        `    $ export ${env}=<value>`,
+        ' - Windows Command Line (CMD):',
+        `    > set ${env}=<value>`,
         ''
       )
+
+      // Show this if the config property is an object, to call out how to specify the env var
+      if (hasChildren) {
+        comments.push(
+          ' This can be set as an environment variable by supplying it as a JSON object.',
+          ''
+        )
+      }
     }
-  }
 
-  item.commentBefore = comments.join('\n')
-  item.spaceBefore = true
-}
+    item.commentBefore = comments.join('\n')
+    item.spaceBefore = true
+  }
 
 new Promise((resolve, reject) => {
   parser.dereference(

docs/src/theme/CodeFromRemote.js

@@ -53,21 +53,23 @@ const findLine = (needle, haystack) => {
   return index
 }
 
-const transform = ({ startAt, endAt }) => (content) => {
-  let lines = content.split('\n')
+const transform =
+  ({ startAt, endAt }) =>
+  (content) => {
+    let lines = content.split('\n')
 
-  const startIndex = findLine(startAt, lines)
-  if (startIndex > 0) {
-    lines = ['// ...', ...lines.slice(startIndex, -1)]
-  }
+    const startIndex = findLine(startAt, lines)
+    if (startIndex > 0) {
+      lines = ['// ...', ...lines.slice(startIndex, -1)]
+    }
 
-  const endIndex = findLine(endAt, lines)
-  if (endIndex > 0) {
-    lines = [...lines.slice(0, endIndex + 1), '// ...']
-  }
+    const endIndex = findLine(endAt, lines)
+    if (endIndex > 0) {
+      lines = [...lines.slice(0, endIndex + 1), '// ...']
+    }
 
-  return lines.join('\n')
-}
+    return lines.join('\n')
+  }
 
 const CodeFromRemote = (props) => {
   const { src, title } = props

docs/src/theme/ketoRelationTuplesPrism.js

@@ -44,7 +44,8 @@ export default (prism) =>
   (prism.languages['keto-relation-tuples'] = {
     comment: /\/\/.*(\n|$)/,
     'relation-tuple': {
-      pattern: /([^:#@()\n]+:)?([^:#@()\n]+)#([^:#@()\n]+)@?((\(([^:#@()\n]+:)?([^:#@()\n]+)#([^:#@()\n]*)\))|([^:#@()\n]+))/,
+      pattern:
+        /([^:#@()\n]+:)?([^:#@()\n]+)#([^:#@()\n]+)@?((\(([^:#@()\n]+:)?([^:#@()\n]+)#([^:#@()\n]*)\))|([^:#@()\n]+))/,
       inside: {
         namespace,
         object,