docker: build from release dir to speed up context sending (#4498)

release/cibuild.py

@@ -272,18 +272,20 @@ def build_wheel(be: BuildEnviron) -> None:  # pragma: no cover
 
 
 def build_docker_image(be: BuildEnviron) -> None:  # pragma: no cover
-    whl, = be.dist_dir.glob('mitmproxy-*-py3-none-any.whl')
-    whl = whl.relative_to(Path(".").absolute())
     click.echo("Building Docker images...")
+
+    whl, = be.dist_dir.glob('mitmproxy-*-py3-none-any.whl')
+    docker_build_dir = be.release_dir / "docker"
+    shutil.copy(whl, docker_build_dir / whl.name)
     subprocess.check_call([
         "docker",
         "build",
         "--tag", be.docker_tag,
-        "--build-arg", f"WHEEL_MITMPROXY={whl}",
-        "--build-arg", f"WHEEL_BASENAME_MITMPROXY={whl.name}",
-        "--file", "release/docker/Dockerfile",
+        "--build-arg", f"MITMPROXY_WHEEL={whl.name}",
         "."
-    ])
+    ],
+        cwd=docker_build_dir
+    )
     # smoke-test the newly built docker image
     r = subprocess.run([
         "docker",

release/docker/DockerHub-README.md

@@ -0,0 +1,50 @@
+# mitmproxy
+
+Containerized version of [mitmproxy](https://mitmproxy.org/): an interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.
+
+# Usage
+
+```sh
+$ docker run --rm -it [-v ~/.mitmproxy:/home/mitmproxy/.mitmproxy] -p 8080:8080 mitmproxy/mitmproxy
+```
+The *volume mount* is optional: It's to store the generated CA certificates.
+
+Once started, mitmproxy listens as a HTTP proxy on `localhost:8080`:
+```sh
+$ http_proxy=http://localhost:8080/ curl http://example.com/
+$ https_proxy=http://localhost:8080/ curl -k https://example.com/
+```
+
+You can also start `mitmdump` by just adding that to the end of the command-line:
+```sh
+$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump
+```
+
+For `mitmweb`, you also need to expose port 8081:
+```sh
+# this makes :8081 accessible to the local machine only
+$ docker run --rm -it -p 8080:8080 -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0
+```
+
+You can also pass options directly via the CLI:
+```sh
+$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump --set ssl_insecure=true
+```
+
+For further details, please consult the mitmproxy [documentation](http://docs.mitmproxy.org/en/stable/).
+
+# Tags
+
+The available release tags can be seen
+[here](https://hub.docker.com/r/mitmproxy/mitmproxy/tags/).
+
+* `master` always tracks the git-master branch and represents the unstable development tree.
+* `latest` always points to the same image as the most recent stable release, including bugfix releases (e.g., `4.0.0` and `4.0.1`).
+* `X.Y.Z` tags contain the mitmproxy release with this version number.
+
+# Security Notice
+
+Dependencies in the Docker images are frozen on release, and can’t be updated in
+situ. This means that we necessarily capture any bugs or security issues that
+may be present. We don’t generally release new Docker images simply to update
+dependencies (though we may do so if we become aware of a really serious issue).

release/docker/Dockerfile

@@ -1,20 +1,19 @@
 FROM python:3.9-slim-buster
 
-ARG WHEEL_MITMPROXY
-ARG WHEEL_BASENAME_MITMPROXY
+ARG MITMPROXY_WHEEL
 
 RUN useradd -mU mitmproxy
 RUN apt-get update \
     && apt-get install -y gosu \
     && rm -rf /var/lib/apt/lists/*
     
-COPY $WHEEL_MITMPROXY /home/mitmproxy/
-RUN pip3 install --no-cache-dir -U /home/mitmproxy/${WHEEL_BASENAME_MITMPROXY} \
-    && rm -rf /home/mitmproxy/${WHEEL_BASENAME_MITMPROXY}
+COPY $MITMPROXY_WHEEL /home/mitmproxy/
+RUN pip3 install --no-cache-dir -U /home/mitmproxy/${MITMPROXY_WHEEL} \
+    && rm -rf /home/mitmproxy/${MITMPROXY_WHEEL}
 
 VOLUME /home/mitmproxy/.mitmproxy
 
-COPY release/docker/docker-entrypoint.sh /usr/local/bin/
+COPY docker-entrypoint.sh /usr/local/bin/
 ENTRYPOINT ["docker-entrypoint.sh"]
 
 EXPOSE 8080 8081

release/docker/README.md

@@ -1,55 +1,6 @@
-# mitmproxy
+# Build Instructions
 
-Containerized version of [mitmproxy](https://mitmproxy.org/): an interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.
-
-# Usage
-
-```sh
-$ docker run --rm -it [-v ~/.mitmproxy:/home/mitmproxy/.mitmproxy] -p 8080:8080 mitmproxy/mitmproxy
-```
-
-The *volume mount* is optional: It's to store the generated CA certificates.
-
-Once started, mitmproxy listens as a HTTP proxy on `localhost:8080`:
-
-```sh
-$ http_proxy=http://localhost:8080/ curl http://example.com/
-$ https_proxy=http://localhost:8080/ curl -k https://example.com/
-```
-
-You can also start `mitmdump` by just adding that to the end of the command-line:
-
-```sh
-$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump
-```
-
-For `mitmweb`, you also need to expose port 8081:
-
-```sh
-# this makes :8081 accessible to the local machine only
-$ docker run --rm -it -p 8080:8080 -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-host 0.0.0.0
-```
-
-You can also pass options directly via the CLI:
-
-```sh
-$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump --set ssl_insecure=true
-```
-
-For further details, please consult the mitmproxy [documentation](http://docs.mitmproxy.org/en/stable/).
-
-# Tags
-
-The available release tags can be seen
-[here](https://hub.docker.com/r/mitmproxy/mitmproxy/tags/).
-
-* `master` always tracks the git-master branch and represents the unstable development tree.
-* `latest` always points to the same image as the most recent stable release, including bugfix releases (e.g., `4.0.0` and `4.0.1`).
-* `X.Y.Z` tags contain the mitmproxy release with this version number.
-
-# Security Notice
-
-Dependencies in the Docker images are frozen on release, and can’t be updated in
-situ. This means that we necessarily capture any bugs or security issues that
-may be present. We don’t generally release new Docker images simply to update
-dependencies (though we may do so if we become aware of a really serious issue).
+ 1. Copy `mitmproxy-$VERSION-py3-none-any.whl` into this directory.  
+    You can get the latest public release at https://mitmproxy.org/downloads/.
+ 2. Replace $VERSION with your mitmproxy version and 
+    run `docker build --build-arg MITMPROXY_WHEEL=mitmproxy-$VERSION-py3-none-any.whl .`.

release/docker/docker-entrypoint.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
-# WARNING: do not change the shebang - the Docker base image might not have what you want!
 
 set -o errexit
 set -o pipefail