chore(ci): use custom base for server image build (#4456)

* Use base image for server build
* Clean up build scripts
* target tags for base image
* use prod tag instead of runtime
* use runtime stage for dev

---------

Co-authored-by: mertalev <101130780+mertalev@users.noreply.github.com>
Co-authored-by: Jason Rasmussen <jrasm91@gmail.com>

.github/workflows/docker.yml

@@ -33,91 +33,10 @@ jobs:
           - context: "nginx"
             image: "immich-proxy"
             platforms: "linux/amd64,linux/arm64"
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.0.0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.0.0
-        # Workaround to fix error:
-        # failed to push: failed to copy: io: read/write on closed pipe
-        # See https://github.com/docker/build-push-action/issues/761
-        with:
-          driver-opts: |
-            image=moby/buildkit:v0.10.6
-
-      - name: Login to Docker Hub
-        # Only push to Docker Hub when making a release
-        if: ${{ github.event_name == 'release' }}
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        # Skip when PR from a fork
-        if: ${{ !github.event.pull_request.head.repo.fork }}
-        with:
-          registry: ghcr.io
-          username: ${{ github.repository_owner }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Generate docker image tags
-        id: metadata
-        uses: docker/metadata-action@v5
-        with:
-          flavor: |
-            # Disable latest tag
-            latest=false
-          images: |
-            name=ghcr.io/${{ github.repository_owner }}/${{matrix.image}}
-            name=altran1502/${{matrix.image}},enable=${{ github.event_name == 'release' }}
-          tags: |
-            # Tag with branch name
-            type=ref,event=branch
-            # Tag with pr-number
-            type=ref,event=pr
-            # Tag with git tag on release
-            type=ref,event=tag
-            type=raw,value=release,enable=${{ github.event_name == 'release' }}
-
-      - name: Determine build cache output
-        id: cache-target
-        run: |
-          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
-            # Essentially just ignore the cache output (PR can't write to registry cache)
-            echo "cache-to=type=local,dest=/tmp/discard,ignore-error=true" >> $GITHUB_OUTPUT
-          else
-            echo "cache-to=type=registry,mode=max,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{ matrix.image }}" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Build and push image
-        uses: docker/build-push-action@v5.0.0
-        with:
-          context: ${{ matrix.context }}
-          platforms: ${{ matrix.platforms }}
-          # Skip pushing when PR from a fork
-          push: ${{ !github.event.pull_request.head.repo.fork }}
-          cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/immich-build-cache:${{matrix.image}}
-          cache-to: ${{ steps.cache-target.outputs.cache-to }}
-          tags: ${{ steps.metadata.outputs.tags }}
-          labels: ${{ steps.metadata.outputs.labels }}
-
-  build_and_push_server_arm_64:
-    runs-on: self-hosted
-    strategy:
-      # Prevent a failure in one image from stopping the other builds
-      fail-fast: false
-      matrix:
-        include:
           - context: "server"
             image: "immich-server"
             platforms: "linux/arm64,linux/amd64"
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4

server/Dockerfile

@@ -1,51 +1,19 @@
-FROM node:20.8-bookworm as builder
-
-WORKDIR /usr/src/app
-
-COPY bin/install-ffmpeg.sh build-lock.json ./
-RUN sed -i -e's/ main/ main contrib non-free non-free-firmware/g' /etc/apt/sources.list.d/debian.sources
-RUN apt-get update && apt-get install -yqq build-essential ninja-build meson pkg-config jq zlib1g autoconf \
-libglib2.0-dev libexpat1-dev librsvg2-dev libexif-dev libwebp-dev liborc-0.4-dev \
-libjpeg62-turbo-dev libgsf-1-dev libspng-dev libjxl-dev libheif-dev liblcms2-2 \
-mesa-va-drivers libmimalloc2.0 $(if [ $(arch) = "x86_64" ]; then echo "intel-media-va-driver-non-free"; fi) \
-&& ./install-ffmpeg.sh && apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/*
-
-# debian build for imagemagick has broken RAW support, so build manually
-ENV LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
-ENV LD_RUN_PATH=/usr/local/lib:$LD_RUN_PATH
-COPY bin/build-libraw.sh bin/build-imagemagick.sh bin/build-libvips.sh bin/use-camera-wb.patch ./
-RUN ./build-libraw.sh
-RUN ./build-imagemagick.sh
-RUN ./build-libvips.sh
+FROM ghcr.io/immich-app/base-server-dev:20231109 as builder
 
 COPY package.json package-lock.json ./
-
 RUN npm ci
-
 COPY . .
 
+
 FROM builder as prod
 
 RUN npm run build
 RUN npm prune --omit=dev --omit=optional
 
-FROM node:20.8-bookworm
-
-ENV NODE_ENV=production
 
-WORKDIR /usr/src/app
+FROM ghcr.io/immich-app/base-server-prod:20231109
 
-COPY bin/install-ffmpeg.sh build-lock.json ./
-RUN sed -i -e's/ main/ main contrib non-free non-free-firmware/g' /etc/apt/sources.list.d/debian.sources
-RUN apt-get update && apt-get install -yqq tini libheif1 libwebp7 libwebpdemux2 libwebpmux3 mesa-va-drivers \
-libjpeg62-turbo libexpat1 librsvg2-2 libjxl0.7 libspng0 libexif12 libgcc-s1 libglib2.0-0 \
-libgsf-1-114 libopenjp2-7 liblcms2-2 liborc-0.4-0 libopenexr-3-1-30 liblqr-1-0 libltdl7 zlib1g libgomp1 \
-mesa-va-drivers libmimalloc2.0 $(if [ $(arch) = "x86_64" ]; then echo "intel-media-va-driver-non-free"; fi) jq wget \
-&& ./install-ffmpeg.sh && apt-get remove -yqq jq wget && apt-get autoremove -yqq && apt-get clean && rm -rf /var/lib/apt/lists/* \
-&& rm install-ffmpeg.sh && rm build-lock.json
-
-COPY --from=prod /usr/local/lib/ /usr/local/lib/
-RUN ldconfig /usr/local/lib
+ENV NODE_ENV=production
 
 COPY --from=prod /usr/src/app/node_modules ./node_modules
 COPY --from=prod /usr/src/app/dist ./dist

server/bin/build-imagemagick.sh

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-LOCK=$(jq -c '.packages[] | select(.name == "imagemagick")' build-lock.json)
-IMAGEMAGICK_VERSION=${IMAGEMAGICK_VERSION:=$(echo $LOCK | jq -r '.version')}
-IMAGEMAGICK_SHA256=${IMAGEMAGICK_SHA256:=$(echo $LOCK | jq -r '.sha256')}
-
-echo "$IMAGEMAGICK_SHA256  $IMAGEMAGICK_VERSION.tar.gz" > imagemagick.sha256
-mkdir -p ImageMagick
-wget -nv https://github.com/ImageMagick/ImageMagick/archive/${IMAGEMAGICK_VERSION}.tar.gz
-sha256sum -c imagemagick.sha256
-tar -xvf ${IMAGEMAGICK_VERSION}.tar.gz -C ImageMagick --strip-components=1
-rm ${IMAGEMAGICK_VERSION}.tar.gz
-rm imagemagick.sha256
-patch -u ImageMagick/coders/dng.c -i use-camera-wb.patch
-cd ImageMagick
-./configure --with-modules
-make -j$(nproc)
-make install
-cd .. && rm -rf ImageMagick
-ldconfig /usr/local/lib

server/bin/build-libraw.sh

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-LOCK=$(jq -c '.packages[] | select(.name == "libraw")' build-lock.json)
-LIBRAW_VERSION=${LIBRAW_VERSION:=$(echo $LOCK | jq -r '.version')}
-LIBRAW_SHA256=${LIBRAW_SHA256:=$(echo $LOCK | jq -r '.sha256')}
-
-echo "$LIBRAW_SHA256  $LIBRAW_VERSION.tar.gz" > libraw.sha256
-mkdir -p libraw
-wget -nv https://github.com/libraw/libraw/archive/${LIBRAW_VERSION}.tar.gz
-sha256sum -c libraw.sha256
-tar -xvf ${LIBRAW_VERSION}.tar.gz -C libraw --strip-components=1
-rm ${LIBRAW_VERSION}.tar.gz
-rm libraw.sha256
-cd libraw
-autoreconf --install
-./configure
-make -j$(nproc)
-make install
-cd .. && rm -rf libraw
-ldconfig /usr/local/lib

server/bin/build-libvips.sh

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-LOCK=$(jq -c '.packages[] | select(.name == "libvips")' build-lock.json)
-LIBVIPS_VERSION=${LIBVIPS_VERSION:=$(echo $LOCK | jq -r '.version')}
-LIBVIPS_SHA256=${LIBVIPS_SHA256:=$(echo $LOCK | jq -r '.sha256')}
-
-echo "$LIBVIPS_SHA256  vips-$LIBVIPS_VERSION.tar.xz" > libvips.sha256
-mkdir -p libvips
-wget -nv https://github.com/libvips/libvips/releases/download/v${LIBVIPS_VERSION}/vips-${LIBVIPS_VERSION}.tar.xz
-sha256sum -c libvips.sha256
-tar -xvf vips-${LIBVIPS_VERSION}.tar.xz -C libvips --strip-components=1
-rm vips-${LIBVIPS_VERSION}.tar.xz
-rm libvips.sha256
-cd libvips
-meson setup build --buildtype=release --libdir=lib -Dintrospection=false -Dtiff=disabled
-cd build
-# ninja test  # tests set concurrency too high for arm/v7
-ninja install
-cd .. && rm -rf libvips
-ldconfig /usr/local/lib

server/bin/install-ffmpeg.sh

@@ -1,20 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-LOCK=$(jq -c '.packages[] | select(.name == "ffmpeg")' build-lock.json)
-export TARGETARCH=${TARGETARCH:=$(dpkg --print-architecture)}
-FFMPEG_VERSION=${FFMPEG_VERSION:=$(echo $LOCK | jq -r '.version')}
-FFMPEG_SHA256=${FFMPEG_SHA256:=$(echo $LOCK | jq -r '.sha256[$ENV.TARGETARCH]')}
-
-echo "$FFMPEG_SHA256  jellyfin-ffmpeg6_${FFMPEG_VERSION}-bookworm_${TARGETARCH}.deb" > ffmpeg.sha256
-
-wget -nv https://github.com/jellyfin/jellyfin-ffmpeg/releases/download/v${FFMPEG_VERSION}/jellyfin-ffmpeg6_${FFMPEG_VERSION}-bookworm_${TARGETARCH}.deb
-sha256sum -c ffmpeg.sha256
-apt-get -yqq -f install ./jellyfin-ffmpeg6_${FFMPEG_VERSION}-bookworm_${TARGETARCH}.deb
-rm jellyfin-ffmpeg6_${FFMPEG_VERSION}-bookworm_${TARGETARCH}.deb
-rm ffmpeg.sha256
-ldconfig /usr/lib/jellyfin-ffmpeg/lib
-
-ln -s /usr/lib/jellyfin-ffmpeg/ffmpeg /usr/bin
-ln -s /usr/lib/jellyfin-ffmpeg/ffprobe /usr/bin

server/bin/use-camera-wb.patch

@@ -1,9 +0,0 @@
-@@ -339,6 +339,8 @@
-     option=GetImageOption(image_info,"dng:use_camera_wb");
-   if (option != (const char *) NULL)
-     raw_info->params.use_camera_wb=IsStringTrue(option);
-+  else
-+    raw_info->params.use_camera_wb=MagickTrue;
-   option=GetImageOption(image_info,"dng:use-auto-wb");
-   if (option == (const char *) NULL)
-     option=GetImageOption(image_info,"dng:use_auto_wb");

server/build-lock.json

@@ -1,28 +0,0 @@
-{
-  "packages": [
-    {
-      "name": "imagemagick",
-      "version": "7.1.1-13",
-      "sha256": "8e3ce1aaad19da9f2ca444072bcc631d193a219e3ee11c13ad6d3c895044142c"
-    },
-    {
-      "name": "libraw",
-      "version": "0.21.1",
-      "sha256": "b63d7ffa43463f74afcc02f9083048c231349b41cc9255dec0840cf8a67b52e0"
-    },
-    {
-      "name": "libvips",
-      "version": "8.14.5",
-      "sha256": "90374e9f6fbd5657b5faf306cacda20658d6144d385316b59b865bc1a487b68d"
-    },
-    {
-      "name": "ffmpeg",
-      "version": "6.0-4",
-      "sha256": {
-        "amd64": "18d98b292b891cde86c2a08e5e989c3430e51a136cdc232bc4162fef3b4f0f44",
-        "arm64": "67eb1e5a38ac695dd253d9ac290ad0e9fb709e8260449a7445e8460b7db3c516",
-        "armhf": "a29605ab0eced3511c8a6623504fab5b8bb174a486d87f94bf5522ed9a5970e6"
-      }
-    }
-  ]
-}