build and upload both Debian and Alpine images

ca/django_ca/tests/pydantic/base.py

@@ -34,9 +34,6 @@ def assert_cryptography_model(
     """Test that a cryptography model matches the expected value."""
     model = model_class(**parameters)
     assert model.cryptography == expected
-    print(1, expected)
-    print(2, model)
-    print(3, model_class.model_validate(expected))
     assert model == model_class.model_validate(expected), (model, expected)
     assert model == model_class.model_validate_json(model.model_dump_json())  # test JSON serialization
     return model  # for any further tests on the model

devscripts/build/docker.py

@@ -24,7 +24,7 @@
 class Command(DevCommand):
     """Command class implementing the command to build a Python Wheel."""
 
-    help_text = "Build a Docker image."
+    help_text = "Build the Docker image."
     description = "Builds the Docker image."
 
     modules = (("django_ca", "django-ca"),)
@@ -35,6 +35,20 @@ def add_arguments(self, parser: argparse.ArgumentParser) -> None:
             "--prune", dest="docker_prune", default=True, help="Remove Docker data before building image."
         )
         parser.add_argument("--release", help="Version to use (default: current version).")
+        parser.add_argument(
+            "--no-alpine",
+            dest="alpine",
+            action="store_false",
+            default=True,
+            help="Do not build Alpine based image.",
+        )
+        parser.add_argument(
+            "--no-debian",
+            dest="debian",
+            action="store_false",
+            default=True,
+            help="Do not build Debian based image.",
+        )
 
     def handle(self, args: argparse.Namespace) -> tuple[str, str]:  # type: ignore[override]
         if args.release:
@@ -43,11 +57,17 @@ def handle(self, args: argparse.Namespace) -> tuple[str, str]:  # type: ignore[o
             release = self.django_ca.__version__
 
         tag = self.get_docker_tag(release)
-
-        info(f"Building Docker image as {tag} ...")
+        cwd = config.ROOT_DIR
+        env = {"DOCKER_BUILDKIT": "1"}
 
         # NOTE: docker-py does not yet support BuildKit, so we call the CLI directly. See also:
         #   https://github.com/docker/docker-py/issues/2230
-        self.run("docker", "build", "-t", tag, ".", env={"DOCKER_BUILDKIT": "1"}, cwd=config.ROOT_DIR)
+        if args.debian:
+            info(f"Building Debian based image as {tag}...")
+            self.run("docker", "build", "-t", tag, ".", env=env, cwd=cwd)
+        if args.alpine:
+            alpine_tag = f"{tag}-alpine"
+            info(f"Building Alpine based image as {alpine_tag}...")
+            self.run("docker", "build", "-t", alpine_tag, "-f", "Dockerfile.alpine", ".", env=env, cwd=cwd)
 
         return release, tag

devscripts/commands/release.py

@@ -142,6 +142,12 @@ def handle(self, args: argparse.Namespace) -> None:
                 self.run("docker", "tag", docker_tag, revision_tag)
                 self.run("docker", "tag", docker_tag, latest_tag)
 
+                alpine_tag = f"{docker_tag}-alpine"
+                alpine_latest_tag = f"{config.DOCKER_TAG}:latest"
+                alpine_revision_tag = f"{alpine_tag}-1"
+                self.run("docker", "tag", alpine_tag, alpine_revision_tag)
+                self.run("docker", "tag", alpine_tag, alpine_latest_tag)
+
                 # Push GIT tag
                 repo.remotes.origin.push(refspec=git_tag)
 
@@ -152,6 +158,9 @@ def handle(self, args: argparse.Namespace) -> None:
                 self.run("docker", "push", docker_tag)
                 self.run("docker", "push", revision_tag)
                 self.run("docker", "push", latest_tag)
+                self.run("docker", "push", alpine_tag)
+                self.run("docker", "push", alpine_revision_tag)
+                self.run("docker", "push", alpine_latest_tag)
 
                 ok("Uploaded release artifacts.")
 

docs/source/changelog/TBR_2.1.0.rst

@@ -2,13 +2,20 @@
 2.1.0 (TBR)
 ###########
 
+************
+Docker image
+************
+
+* The main Docker image is now based off Debian instead of Alpine. The Alpine image is still provided with the
+  ``-alpine`` suffix (e.g. ``mathiasertl/django-ca:2.1.0-alpine`).
+
 ****************************
 Certificate Revocation Lists
 ****************************
 
 * Certificate Revocation Lists (CRLs) are now stored in the database via the
-  :class:`~django_ca.models.CertificateRevocationList` model. This makes CRL functionality more robust, as
-  clearing the cache will no longer cause an error.
+  :class:`~django_ca.models.CertificateRevocationList` model. This makes CRLs more robust, as clearing the
+  cache will no longer cause an error.
 
 *******************
 OCSP responder keys
@@ -35,8 +42,8 @@ Command-line utilities
 * The ``--scope`` parameter to :command:`manage.py dump_crl` is deprecated and will be removed in django-ca
   2.3.0. Use ``--only-contains-ca-certs``, ``--only-contains-user-certs`` or
   ``--only-contains-attribute-certs`` instead.
-* **BACKWARDS INCOMPATIBLE:** The ``--algorithm`` parameter no longer has any effect and will be removed in
-  django-ca 2.3.0.
+* **BACKWARDS INCOMPATIBLE:**  The ``--algorithm`` parameter to :command:`manage.py dump_crl` no longer has
+  any effect and will be removed in django-ca 2.3.0.
 
 ********
 Settings

docs/source/include/quickstart_with_docker_compose/.env.jinja

@@ -1,3 +1,7 @@
+# Optionally use a different Docker tag for django-ca. For available tags, see:
+#   https://hub.docker.com/r/mathiasertl/django-ca
+#DJANGO_CA_VERSION=alpine
+
 # The hostname for your CA.
 # WARNING: Changing this requires new CAs (because the hostname goes into the certificates).
 DJANGO_CA_CA_DEFAULT_HOSTNAME={{ ca_default_hostname }}

docs/source/quickstart/docker.rst

@@ -138,6 +138,10 @@ You thus need to start two containers with slightly different configuration:
    :include: /include/quickstart_with_docker/start-django-ca.yaml
    :context: quickstart-with-docker
 
+You can also use different versions of the Docker image, including images based on Alpine Linux. Please see
+the `Docker Hub page <https://hub.docker.com/r/mathiasertl/django-ca>`_ for more information about available
+tags.
+
 Start NGINX
 ===========