From 5492de15bb7ae3e10fb6ba9393702e9b0a05c615 Mon Sep 17 00:00:00 2001
From: Ivan Gabaldon <igabaldon@inetol.net>
Date: Sun, 12 Oct 2025 16:30:57 +0200
Subject: [PATCH] [mod] container: move `base` to own repository (#5310)

The base images will be now built in
[another repository](https://github.com/searxng/base).
---
 .github/workflows/container.yml | 76 ---------------------------------
 container/base-builder.yml      | 26 -----------
 container/base.yml              | 62 ---------------------------
 container/dist.dockerfile       |  8 ++--
 4 files changed, 4 insertions(+), 168 deletions(-)
 delete mode 100644 container/base-builder.yml
 delete mode 100644 container/base.yml

diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 184e95b36..e49c1cada 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -18,90 +18,16 @@ concurrency:
 
 permissions:
   contents: read
-  # Organization GHCR
   packages: read
 
 env:
   PYTHON_VERSION: "3.14"
 
 jobs:
-  build-base:
-    if: |
-      (github.repository_owner == 'searxng' && github.event.workflow_run.conclusion == 'success')
-      || github.event_name == 'workflow_dispatch'
-    name: Build base
-    runs-on: ubuntu-24.04
-    permissions:
-      # Organization GHCR
-      packages: write
-
-    steps:
-      - if: github.repository_owner == 'searxng'
-        name: Checkout
-        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8  # v5.0.0
-        with:
-          persist-credentials: "false"
-
-      - if: github.repository_owner == 'searxng'
-        name: Get date
-        id: date
-        run: echo "date=$(date +'%Y%m%d')" >>$GITHUB_OUTPUT
-
-      - if: github.repository_owner == 'searxng'
-        name: Check cache apko
-        id: cache-apko
-        uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830  # v4.3.0
-        with:
-          # yamllint disable-line rule:line-length
-          key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}"
-          path: "/tmp/.apko/"
-          lookup-only: true
-
-      - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
-        name: Setup cache apko
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830  # v4.3.0
-        with:
-          # yamllint disable-line rule:line-length
-          key: "apko-${{ steps.date.outputs.date }}-${{ hashFiles('./container/base.yml', './container/base-builder.yml') }}"
-          restore-keys: "apko-${{ steps.date.outputs.date }}-"
-          path: "/tmp/.apko/"
-
-      - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
-        name: Setup apko
-        run: |
-          eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
-          brew install apko
-
-      - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
-        name: Login to GHCR
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef  # v3.6.0
-        with:
-          registry: "ghcr.io"
-          username: "${{ github.repository_owner }}"
-          password: "${{ secrets.GITHUB_TOKEN }}"
-
-      - if: github.repository_owner == 'searxng' && steps.cache-apko.outputs.cache-hit != 'true'
-        name: Build
-        run: |
-          eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
-
-          apko publish ./container/base.yml ghcr.io/${{ github.repository_owner }}/base:searxng \
-            --cache-dir=/tmp/.apko/ \
-            --sbom=false \
-            --vcs=false \
-            --log-level=debug
-
-          apko publish ./container/base-builder.yml ghcr.io/${{ github.repository_owner }}/base:searxng-builder \
-            --cache-dir=/tmp/.apko/ \
-            --sbom=false \
-            --vcs=false \
-            --log-level=debug
-
   build:
     if: github.repository_owner == 'searxng' || github.event_name == 'workflow_dispatch'
     name: Build (${{ matrix.arch }})
     runs-on: ${{ matrix.os }}
-    needs: build-base
     strategy:
       fail-fast: false
       matrix:
@@ -117,7 +43,6 @@ jobs:
             emulation: true
 
     permissions:
-      # Organization GHCR
       packages: write
 
     outputs:
@@ -217,7 +142,6 @@ jobs:
       - test
 
     permissions:
-      # Organization GHCR
       packages: write
 
     steps:
diff --git a/container/base-builder.yml b/container/base-builder.yml
deleted file mode 100644
index 84f7e95aa..000000000
--- a/container/base-builder.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-contents:
-  repositories:
-    - https://dl-cdn.alpinelinux.org/alpine/edge/main
-    - https://dl-cdn.alpinelinux.org/alpine/edge/community
-  packages:
-    - alpine-base
-    - build-base
-    - python3-dev
-    - uv
-    - brotli
-
-entrypoint:
-  command: /bin/sh -l
-
-work-dir: /usr/local/searxng/
-
-environment:
-  PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-  SSL_CERT_DIR: /etc/ssl/certs
-  SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
-  HISTFILE: /dev/null
-
-archs:
-  - x86_64
-  - aarch64
-  - armv7
diff --git a/container/base.yml b/container/base.yml
deleted file mode 100644
index f78abab85..000000000
--- a/container/base.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-contents:
-  repositories:
-    - https://dl-cdn.alpinelinux.org/alpine/edge/main
-  packages:
-    - alpine-baselayout
-    - ca-certificates
-    - ca-certificates-bundle
-    - musl-locales
-    - musl-locales-lang
-    - tzdata
-    - busybox
-    - python3
-    - wget
-
-entrypoint:
-  command: /bin/sh -l
-
-work-dir: /usr/local/searxng/
-
-accounts:
-  groups:
-    - groupname: searxng
-      gid: 977
-  users:
-    - username: searxng
-      uid: 977
-      shell: /bin/ash
-
-environment:
-  PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-  SSL_CERT_DIR: /etc/ssl/certs
-  SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
-  HISTFILE: /dev/null
-  CONFIG_PATH: /etc/searxng
-  DATA_PATH: /var/cache/searxng
-
-paths:
-  # Workdir
-  - path: /usr/local/searxng/
-    type: directory
-    uid: 977
-    gid: 977
-    permissions: 0o555
-
-  # Config volume
-  - path: /etc/searxng/
-    type: directory
-    uid: 977
-    gid: 977
-    permissions: 0o755
-
-  # Data volume
-  - path: /var/cache/searxng/
-    type: directory
-    uid: 977
-    gid: 977
-    permissions: 0o755
-
-archs:
-  - x86_64
-  - aarch64
-  - armv7
diff --git a/container/dist.dockerfile b/container/dist.dockerfile
index 66ece521f..10ad0d88f 100644
--- a/container/dist.dockerfile
+++ b/container/dist.dockerfile
@@ -4,10 +4,10 @@ ARG CONTAINER_IMAGE_NAME="searxng"
 FROM localhost/$CONTAINER_IMAGE_ORGANIZATION/$CONTAINER_IMAGE_NAME:builder AS builder
 FROM ghcr.io/searxng/base:searxng AS dist
 
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/.venv/ ./.venv/
-COPY --chown=searxng:searxng --from=builder /usr/local/searxng/searx/ ./searx/
-COPY --chown=searxng:searxng ./container/ ./
-#COPY --chown=searxng:searxng ./searx/version_frozen.py ./searx/
+COPY --chown=977:977 --from=builder /usr/local/searxng/.venv/ ./.venv/
+COPY --chown=977:977 --from=builder /usr/local/searxng/searx/ ./searx/
+COPY --chown=977:977 ./container/ ./
+#COPY --chown=977:977 ./searx/version_frozen.py ./searx/
 
 ARG CREATED="0001-01-01T00:00:00Z"
 ARG VERSION="unknown"