Container building changes

[BlackDex]

Rework the container building.

• Use docker buildx bake instead of custom build/push scripts
• Just two Dockerfile's one for Debian and one for Alpine
• Pinned openssl-sys version to v0.9.92, higher versions break Alpine builds ([REGRESSION] lib atomic is loaded dynamic again on armv6 with openssl-sys v0.9.93 sfackler/rust-openssl#2043)
• Updated release workflow
• Created documentation on how to use bake
• Created a helper script bake.sh to easily bake/build the images (Read the documentation)
• Created a podman helper script podman-bake.sh which uses podman instead of docker.
• Updated the web-vault to v2023.9.1

I needed to change some way's to install the packages for MariaDB/MySQL, since on armv6/armel Debian it causes issues.
By downloading them and force installing via dpkg the build process still works on all platforms.

All images are tested using QEMU and also run the Favicon DDoS on all these images to verify it doesn't segfault.
The Alpine build images are now downloaded from ghcr.io instead of docker.io, maybe it helps in speed, but probably doesn't matter.

The runtime images are no longer a version maintained by Balena, they were sometimes outdated like there Alpine version was for a long time. And it also had a static qemu binary in there which only makes the image larger. Now we use the official images from both Debian and Alpine.

Also switched to the -slim rust building container, this has all the needed packages pre-installed (except for pkg-config).

Also:

• Updated Rust to v1.73.0 (and MSRV to v1.71.1)
• Updated all the crates possible

Fixes #3839
Fixes #3912
Fixes #3957

[stefan0xC]

I have not yet really looked into docker buildx bake (except that you have to install the plugin for your docker installation, i.e. with sudo apt install docker-buildx-plugin which might be missing from this documentation).

Since I am using podman locally I wonder if we could add a script which builds vaultwarden locally with podman build, i.e. (based on the docker/bake.sh script) running

podman build --format=docker -f "${BASEDIR}/Dockerfile.debian" "${BASEDIR}/.."

will build an image (but it's missing the labels that are set by docker/docker-bake.hcl and maybe some other stuff).

Also the built vaultwarden image is missing the git version info. I'm not sure if this is a further limitation of my feeble attempt to getting it to work with podman or if it's a general issue. I'll have to setup a virtual machine to further test the docker buildx bake method (my cloud instance that is running docker was not powerful enough to compile Vaultwarden).

[stefan0xC]

Okay, I've compiled it in a virtual machine using docker/bake.sh and the version info is missing too:

$ docker run --rm -ti --name vaultwarden docker.io/vaultwarden/server:testing-amd64 /vaultwarden --version
vaultwarden (Version info from Git not present)

[BlackDex]

Hmm, good find, seems git is missing from the build image of rust.
An other strange item is that the alpine build does, but, it looks like it's using a wrong version for some reason, the branch name is correct, but not the version.

Ill have to look into this strange item.
With podman, i think installing moby buildkit should be enough with some other commands. Ill see if i can test that also, but my prio was, to have the CI build nicely with the docker tools first.

[stefan0xC]

Installing git in the build image solves the issue with the version number (the tag is from your repository since I did a fresh clone of your repository):

docker run --rm -ti --name vaultwarden docker.io/vaultwarden/server:testing-amd64 /vaultwarden --version
vaultwarden 1.22.2-5c479659 (release-build-revision)

[BlackDex]

Installing git in the build image solves the issue with the version number (the tag is from your repository since I did a fresh clone of your repository):

docker run --rm -ti --name vaultwarden docker.io/vaultwarden/server:testing-amd64 /vaultwarden --version
vaultwarden 1.22.2-5c479659 (release-build-revision)

Ah! That explains it, so, that is ok then.

[BlackDex]

@stefan0xC please check again, i updated everything and as i mentioned on Matrix, there now is a podman-bake.sh script which you can use.

[stefan0xC]

Thanks for adding a script for podman which seems to work just fine.

Wouldn't it be more consistent to call SOURCE_VERSION VW_VERSION and using the same value as label and inside vaultwarden?

[BlackDex]

Thanks again @stefan0xC, i think i have addressed all your comments and more.
It should be ready to go now :)