From 8010b152ccbcd2d4b5d4a41c991d4fafec876f56 Mon Sep 17 00:00:00 2001 From: Marek Kubica Date: Fri, 28 Nov 2025 16:38:06 +0100 Subject: [PATCH 1/5] Make the project build using the committed lock dir Signed-off-by: Marek Kubica --- .dockerignore | 1 + Dockerfile | 21 ++++++++++++--------- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/.dockerignore b/.dockerignore index 3f797b2..566bd32 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,7 @@ * !dune !dune-project +!dune.lock !sandworm.opam !bin/ !lib/ diff --git a/Dockerfile b/Dockerfile index 915b67a..ff1804e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,18 @@ -FROM ocaml/opam:alpine-3.23-ocaml-5.4 AS build +FROM alpine:3.23 AS build -RUN sudo apk update && \ - sudo apk add curl git curl-dev libev-dev openssl-dev gmp-dev && \ - sudo ln -f /usr/bin/opam-2.5 /usr/bin/opam && opam init --reinit -ni && \ - opam update -y +RUN apk update && \ + apk add curl git curl-dev libev-dev openssl-dev gmp-dev musl-dev linux-headers make ocaml WORKDIR /home/opam -COPY sandworm.opam sandworm.opam -RUN opam install . --deps-only -y -COPY --chown=opam:opam . . -RUN opam exec -- dune build --release +RUN git clone --depth=1 https://github.com/ocaml/dune.git && \ + cd dune && \ + ./configure --prefix=/usr && \ + make release && \ + make install && \ + cd .. && \ + rm -r dune +COPY . . +RUN dune build --release FROM alpine:3.23 AS run RUN apk update && apk add --update libev gmp git From 1aa06af9c536903300d5c217df0562ab3854709e Mon Sep 17 00:00:00 2001 From: Marek Kubica Date: Thu, 26 Feb 2026 10:44:54 +0100 Subject: [PATCH 2/5] Use release and disable hash check Signed-off-by: Marek Kubica --- Dockerfile | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index ff1804e..575f369 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,14 +4,18 @@ RUN apk update && \ apk add curl git curl-dev libev-dev openssl-dev gmp-dev musl-dev linux-headers make ocaml WORKDIR /home/opam -RUN git clone --depth=1 https://github.com/ocaml/dune.git && \ - cd dune && \ +RUN curl -fsSL https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz -o dune.tar.bz2 && \ + tar xf dune.tar.bz2 && \ + cd dune-* && \ ./configure --prefix=/usr && \ make release && \ make install && \ cd .. && \ - rm -r dune + rm -r dune-* COPY . . + +RUN sed -i /dependency_hash/d dune.lock/lock.dune +RUN apk add $(dune show depexts 2>&1) RUN dune build --release FROM alpine:3.23 AS run From 00ed38e7ebf19209b54f24c00a4a4e0b4277d46f Mon Sep 17 00:00:00 2001 From: Marek Kubica Date: Tue, 3 Mar 2026 17:05:01 +0100 Subject: [PATCH 3/5] Add constraints on packages that use dune-lang 3.21 Signed-off-by: Marek Kubica --- Dockerfile | 23 +++++-------------- dune-workspace | 8 +++++++ ....21.1.pkg => dune-configurator.3.20.2.pkg} | 6 ++--- ....21.1.pkg => dune-private-libs.3.20.2.pkg} | 6 ++--- ...e-site.3.21.1.pkg => dune-site.3.20.2.pkg} | 6 ++--- dune.lock/{dyn.3.21.1.pkg => dyn.3.20.2.pkg} | 6 ++--- dune.lock/fs-io.3.21.1.pkg | 21 ----------------- dune.lock/lock.dune | 2 +- ...rdering.3.21.1.pkg => ordering.3.20.2.pkg} | 6 ++--- dune.lock/stdune.3.20.2.pkg | 21 +++++++++++++++++ dune.lock/stdune.3.21.1.pkg | 21 ----------------- dune.lock/top-closure.3.21.1.pkg | 21 ----------------- 12 files changed, 51 insertions(+), 96 deletions(-) create mode 100644 dune-workspace rename dune.lock/{dune-configurator.3.21.1.pkg => dune-configurator.3.20.2.pkg} (64%) rename dune.lock/{dune-private-libs.3.21.1.pkg => dune-private-libs.3.20.2.pkg} (65%) rename dune.lock/{dune-site.3.21.1.pkg => dune-site.3.20.2.pkg} (64%) rename dune.lock/{dyn.3.21.1.pkg => dyn.3.20.2.pkg} (64%) delete mode 100644 dune.lock/fs-io.3.21.1.pkg rename dune.lock/{ordering.3.21.1.pkg => ordering.3.20.2.pkg} (63%) create mode 100644 dune.lock/stdune.3.20.2.pkg delete mode 100644 dune.lock/stdune.3.21.1.pkg delete mode 100644 dune.lock/top-closure.3.21.1.pkg diff --git a/Dockerfile b/Dockerfile index 575f369..53e0865 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,8 @@ FROM alpine:3.23 AS build - RUN apk update && \ - apk add curl git curl-dev libev-dev openssl-dev gmp-dev musl-dev linux-headers make ocaml - -WORKDIR /home/opam -RUN curl -fsSL https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz -o dune.tar.bz2 && \ - tar xf dune.tar.bz2 && \ - cd dune-* && \ - ./configure --prefix=/usr && \ - make release && \ - make install && \ - cd .. && \ - rm -r dune-* + apk add curl git musl-dev linux-headers make dune gcc +WORKDIR /home/sandworm COPY . . - RUN sed -i /dependency_hash/d dune.lock/lock.dune RUN apk add $(dune show depexts 2>&1) RUN dune build --release @@ -21,8 +10,8 @@ RUN dune build --release FROM alpine:3.23 AS run RUN apk update && apk add --update libev gmp git WORKDIR /app -COPY --from=build /home/opam/static static -COPY --from=build /home/opam/metadata.json ./metadata.json -COPY --from=build /home/opam/_build/install/default/bin/sandworm /bin/sandworm +COPY --from=build /home/sandworm/static static +COPY --from=build /home/sandworm/metadata.json ./metadata.json +COPY --from=build /home/sandworm/_build/install/default/bin/sandworm /bin/sandworm EXPOSE 80 -CMD [ "sandworm", "serve", "--port", "80"] +CMD ["sandworm", "serve", "--port", "80"] diff --git a/dune-workspace b/dune-workspace new file mode 100644 index 0000000..1b00fe2 --- /dev/null +++ b/dune-workspace @@ -0,0 +1,8 @@ +(lang dune 3.20) +(pkg enabled) + +(lock_dir + (path dune.lock) + (constraints + (dune-configurator (<= 3.21)) + (dune-private-libs (<= 3.21)))) diff --git a/dune.lock/dune-configurator.3.21.1.pkg b/dune.lock/dune-configurator.3.20.2.pkg similarity index 64% rename from dune.lock/dune-configurator.3.21.1.pkg rename to dune.lock/dune-configurator.3.20.2.pkg index 835aaef..eb4df70 100644 --- a/dune.lock/dune-configurator.3.21.1.pkg +++ b/dune.lock/dune-configurator.3.20.2.pkg @@ -1,4 +1,4 @@ -(version 3.21.1) +(version 3.20.2) (build (all_platforms @@ -16,6 +16,6 @@ (source (fetch (url - https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz) + https://github.com/ocaml/dune/releases/download/3.20.2/dune-3.20.2.tbz) (checksum - sha256=84f7a82c6d80a7124f3847e9a489e80cfbeafb7bed3573ac01286ef56fd08d94))) + sha256=b1a86b2d60bdb4a8b9bb6861bdf2f9f28a6e7cb5d833ce81afecceb9ef9ca549))) diff --git a/dune.lock/dune-private-libs.3.21.1.pkg b/dune.lock/dune-private-libs.3.20.2.pkg similarity index 65% rename from dune.lock/dune-private-libs.3.21.1.pkg rename to dune.lock/dune-private-libs.3.20.2.pkg index 9bb0068..c00a16b 100644 --- a/dune.lock/dune-private-libs.3.21.1.pkg +++ b/dune.lock/dune-private-libs.3.20.2.pkg @@ -1,4 +1,4 @@ -(version 3.21.1) +(version 3.20.2) (build (all_platforms @@ -16,6 +16,6 @@ (source (fetch (url - https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz) + https://github.com/ocaml/dune/releases/download/3.20.2/dune-3.20.2.tbz) (checksum - sha256=84f7a82c6d80a7124f3847e9a489e80cfbeafb7bed3573ac01286ef56fd08d94))) + sha256=b1a86b2d60bdb4a8b9bb6861bdf2f9f28a6e7cb5d833ce81afecceb9ef9ca549))) diff --git a/dune.lock/dune-site.3.21.1.pkg b/dune.lock/dune-site.3.20.2.pkg similarity index 64% rename from dune.lock/dune-site.3.21.1.pkg rename to dune.lock/dune-site.3.20.2.pkg index f050ce9..d3a807f 100644 --- a/dune.lock/dune-site.3.21.1.pkg +++ b/dune.lock/dune-site.3.20.2.pkg @@ -1,4 +1,4 @@ -(version 3.21.1) +(version 3.20.2) (build (all_platforms @@ -16,6 +16,6 @@ (source (fetch (url - https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz) + https://github.com/ocaml/dune/releases/download/3.20.2/dune-3.20.2.tbz) (checksum - sha256=84f7a82c6d80a7124f3847e9a489e80cfbeafb7bed3573ac01286ef56fd08d94))) + sha256=b1a86b2d60bdb4a8b9bb6861bdf2f9f28a6e7cb5d833ce81afecceb9ef9ca549))) diff --git a/dune.lock/dyn.3.21.1.pkg b/dune.lock/dyn.3.20.2.pkg similarity index 64% rename from dune.lock/dyn.3.21.1.pkg rename to dune.lock/dyn.3.20.2.pkg index 14b036d..5bb9315 100644 --- a/dune.lock/dyn.3.21.1.pkg +++ b/dune.lock/dyn.3.20.2.pkg @@ -1,4 +1,4 @@ -(version 3.21.1) +(version 3.20.2) (build (all_platforms @@ -16,6 +16,6 @@ (source (fetch (url - https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz) + https://github.com/ocaml/dune/releases/download/3.20.2/dune-3.20.2.tbz) (checksum - sha256=84f7a82c6d80a7124f3847e9a489e80cfbeafb7bed3573ac01286ef56fd08d94))) + sha256=b1a86b2d60bdb4a8b9bb6861bdf2f9f28a6e7cb5d833ce81afecceb9ef9ca549))) diff --git a/dune.lock/fs-io.3.21.1.pkg b/dune.lock/fs-io.3.21.1.pkg deleted file mode 100644 index 6e9a596..0000000 --- a/dune.lock/fs-io.3.21.1.pkg +++ /dev/null @@ -1,21 +0,0 @@ -(version 3.21.1) - -(build - (all_platforms - ((action - (progn - (when %{pkg-self:dev} (run dune subst)) - (run rm -rf vendor/csexp) - (run rm -rf vendor/pp) - (run dune build -p %{pkg-self:name} -j %{jobs} @install)))))) - -(depends - (all_platforms - (dune base-unix ocaml))) - -(source - (fetch - (url - https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz) - (checksum - sha256=84f7a82c6d80a7124f3847e9a489e80cfbeafb7bed3573ac01286ef56fd08d94))) diff --git a/dune.lock/lock.dune b/dune.lock/lock.dune index 89b6a89..db068d7 100644 --- a/dune.lock/lock.dune +++ b/dune.lock/lock.dune @@ -10,7 +10,7 @@ ((source https://github.com/ocaml-dune/opam-overlays.git#2a9543286ff0e0656058fee5c0da7abc16b8717d)) ((source - https://github.com/ocaml/opam-repository.git#4d2d05075ed20338fa6af3429fc5c18858025bd3)))) + https://github.com/ocaml/opam-repository.git#1e2ff749f83856d7d062692d6171f3f79e4aac8a)))) (expanded_solver_variable_bindings (variable_values diff --git a/dune.lock/ordering.3.21.1.pkg b/dune.lock/ordering.3.20.2.pkg similarity index 63% rename from dune.lock/ordering.3.21.1.pkg rename to dune.lock/ordering.3.20.2.pkg index 36d562a..0b0092a 100644 --- a/dune.lock/ordering.3.21.1.pkg +++ b/dune.lock/ordering.3.20.2.pkg @@ -1,4 +1,4 @@ -(version 3.21.1) +(version 3.20.2) (build (all_platforms @@ -16,6 +16,6 @@ (source (fetch (url - https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz) + https://github.com/ocaml/dune/releases/download/3.20.2/dune-3.20.2.tbz) (checksum - sha256=84f7a82c6d80a7124f3847e9a489e80cfbeafb7bed3573ac01286ef56fd08d94))) + sha256=b1a86b2d60bdb4a8b9bb6861bdf2f9f28a6e7cb5d833ce81afecceb9ef9ca549))) diff --git a/dune.lock/stdune.3.20.2.pkg b/dune.lock/stdune.3.20.2.pkg new file mode 100644 index 0000000..0e2a1d4 --- /dev/null +++ b/dune.lock/stdune.3.20.2.pkg @@ -0,0 +1,21 @@ +(version 3.20.2) + +(build + (all_platforms + ((action + (progn + (when %{pkg-self:dev} (run dune subst)) + (run rm -rf vendor/csexp) + (run rm -rf vendor/pp) + (run dune build -p %{pkg-self:name} -j %{jobs} @install)))))) + +(depends + (all_platforms + (dune ocaml base-unix dyn ordering pp csexp))) + +(source + (fetch + (url + https://github.com/ocaml/dune/releases/download/3.20.2/dune-3.20.2.tbz) + (checksum + sha256=b1a86b2d60bdb4a8b9bb6861bdf2f9f28a6e7cb5d833ce81afecceb9ef9ca549))) diff --git a/dune.lock/stdune.3.21.1.pkg b/dune.lock/stdune.3.21.1.pkg deleted file mode 100644 index d3adf9a..0000000 --- a/dune.lock/stdune.3.21.1.pkg +++ /dev/null @@ -1,21 +0,0 @@ -(version 3.21.1) - -(build - (all_platforms - ((action - (progn - (when %{pkg-self:dev} (run dune subst)) - (run rm -rf vendor/csexp) - (run rm -rf vendor/pp) - (run dune build -p %{pkg-self:name} -j %{jobs} @install)))))) - -(depends - (all_platforms - (dune ocaml base-unix csexp dyn fs-io ordering pp top-closure))) - -(source - (fetch - (url - https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz) - (checksum - sha256=84f7a82c6d80a7124f3847e9a489e80cfbeafb7bed3573ac01286ef56fd08d94))) diff --git a/dune.lock/top-closure.3.21.1.pkg b/dune.lock/top-closure.3.21.1.pkg deleted file mode 100644 index 36d562a..0000000 --- a/dune.lock/top-closure.3.21.1.pkg +++ /dev/null @@ -1,21 +0,0 @@ -(version 3.21.1) - -(build - (all_platforms - ((action - (progn - (when %{pkg-self:dev} (run dune subst)) - (run rm -rf vendor/csexp) - (run rm -rf vendor/pp) - (run dune build -p %{pkg-self:name} -j %{jobs} @install)))))) - -(depends - (all_platforms - (dune ocaml))) - -(source - (fetch - (url - https://github.com/ocaml/dune/releases/download/3.21.1/dune-3.21.1.tbz) - (checksum - sha256=84f7a82c6d80a7124f3847e9a489e80cfbeafb7bed3573ac01286ef56fd08d94))) From 2bfa66cf582f02033bae2ec2c6c1b4d393cf2ff6 Mon Sep 17 00:00:00 2001 From: Marek Kubica Date: Wed, 4 Mar 2026 14:32:04 +0100 Subject: [PATCH 4/5] Add comment on editing of lock file Signed-off-by: Marek Kubica --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 53e0865..6684727 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,9 @@ RUN apk update && \ apk add curl git musl-dev linux-headers make dune gcc WORKDIR /home/sandworm COPY . . +# There is a bug that makes Dune believe the lock file is out of date. +# This is not the case, thus we disable the check by removing the hash from +# the lock file as a (temporary) workaround RUN sed -i /dependency_hash/d dune.lock/lock.dune RUN apk add $(dune show depexts 2>&1) RUN dune build --release From 4355e5d7fb3f359327a08eca05097360ecca07a5 Mon Sep 17 00:00:00 2001 From: Marek Kubica Date: Wed, 4 Mar 2026 14:33:50 +0100 Subject: [PATCH 5/5] We don't use OPAM in the Docker container, no need for the OPAM file Signed-off-by: Marek Kubica --- .dockerignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index 566bd32..1cf39e1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,7 +2,6 @@ !dune !dune-project !dune.lock -!sandworm.opam !bin/ !lib/ !static/