From c0fee82c9f4aa693343e4a1097098b97e69c75fd Mon Sep 17 00:00:00 2001 From: Caspian Baska <email@caspian.computer> Date: Tue, 1 Jun 2021 14:50:37 +1000 Subject: [PATCH] build(Dockerfile): attempt to fix github ci --- Dockerfile | 83 +++++++++++++----------------- Dockerfile.test | 53 ++++++++++--------- scripts/entrypoint-test.sh | 3 ++ spec/placeos-build/drivers_spec.cr | 6 +-- src/placeos-build/drivers.cr | 2 +- 5 files changed, 68 insertions(+), 79 deletions(-) diff --git a/Dockerfile b/Dockerfile index abe2a2f..a360405 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,84 +1,73 @@ ARG CRYSTAL_VERSION=1.0.0 -FROM crystallang/crystal:${CRYSTAL_VERSION} as build +ARG PLACE_COMMIT="DEV" -ARG PLACE_COMMIT=DEV +FROM crystallang/crystal:${CRYSTAL_VERSION} as build WORKDIR /app -RUN apt update -RUN apt install --no-install-recommends -y \ +RUN apt-get update && \ + apt-get install -y apt-transport-https && \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt install --no-install-recommends -y \ bash \ ca-certificates \ curl \ - git \ - libssh2-1 libssh2-1-dev \ - libgc-dev \ llvm-10 llvm-10-dev \ - tzdata + libssh2-1 libssh2-1-dev \ + libyaml-dev \ + && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* # Add trusted CAs for communicating with external services RUN update-ca-certificates -SHELL ["/bin/bash", "-l", "-c"] - -# Install asdf version manager -RUN git clone https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch v0.8.0 -RUN $HOME/.asdf/bin/asdf plugin-add crystal https://github.com/asdf-community/asdf-crystal.git - -RUN echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.bashrc && \ - echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.profile && \ - source ~/.bashrc - -# Create a non-privileged user -ARG IMAGE_UID="10001" -ENV UID=$IMAGE_UID -ENV USER=appuser -RUN adduser \ - --disabled-password \ - --gecos "" \ - --home "/nonexistent" \ - --shell "/sbin/nologin" \ - --no-create-home \ - --uid "${UID}" \ - "${USER}" - -# These provide certificate chain validation where communicating with external services over TLS -ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt - -# Create binary directories -RUN mkdir -p repositories bin/drivers +# Install watchexec +RUN curl -sLO https://github.com/watchexec/watchexec/releases/download/cli-v1.16.0/watchexec-1.16.0-x86_64-unknown-linux-gnu.deb && \ + dpkg -i watchexec-1.16.0-x86_64-unknown-linux-gnu.deb && \ + rm -rf ./*.deb -RUN mkdir /app/.shards +RUN mkdir -p /app/bin/drivers -# Install deps +# Install shards before adding source. COPY shard.yml /app COPY shard.lock /app +RUN shards install --ignore-crystal-version -RUN shards install --production --ignore-crystal-version - -# Copy source for the long building `digest_cli` -RUN mkdir /app/src +# Build digest tool before copying rest of source for better caching. COPY src/digest_cli.cr /app/src/digest_cli.cr - RUN CRYSTAL_PATH=lib:/usr/share/crystal/src/ \ LLVM_CONFIG=$(/usr/share/crystal/src/llvm/ext/find-llvm-config) \ - PLACE_COMMIT=${PLACE_COMMIT} \ - UNAME_AT_COMPILE_TIME=true \ - shards build --error-trace --ignore-crystal-version --release --production -Dpreview_mt digest_cli + shards build digest_cli -Dpreview_mt --ignore-crystal-version --no-debug --production + +COPY scripts /app/scripts +COPY src /app/src # Add the rest of the source last for efficient caching COPY src /app/src RUN PLACE_COMMIT=${PLACE_COMMIT} \ UNAME_AT_COMPILE_TIME=true \ - shards build --error-trace --ignore-crystal-version --release --production -Dpreview_mt build + shards build --error-trace -Dpreview_mt --release --ignore-crystal-version --production build RUN chown appuser -R /app +ENV HOME="/app" + +# Install asdf version manager +SHELL ["/bin/bash", "-l", "-c"] +RUN git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch v0.8.0 && \ + $HOME/.asdf/bin/asdf plugin-add crystal https://github.com/asdf-community/asdf-crystal.git && \ + echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.bashrc && \ + echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.profile && \ + source ~/.bashrc + ############################################################################### USER appuser:appuser +# These provide certificate chain validation where communicating with external services over TLS +ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt + EXPOSE 3000 HEALTHCHECK CMD wget -qO- http://localhost:3000/api/build/v1 CMD ["/app/scripts/entrypoint.sh", "--server", "-b", "0.0.0.0", "-p", "3000"] diff --git a/Dockerfile.test b/Dockerfile.test index 553d3d4..62d6e7f 100644 --- a/Dockerfile.test +++ b/Dockerfile.test @@ -1,37 +1,32 @@ ARG CRYSTAL_VERSION=1.0.0 -FROM crystallang/crystal:${CRYSTAL_VERSION} - ARG PLACE_COMMIT="DEV" +FROM crystallang/crystal:${CRYSTAL_VERSION} as build + WORKDIR /app -RUN apt update -RUN apt install --no-install-recommends -y \ +RUN apt-get update && \ + apt-get install -y apt-transport-https && \ + apt-get update && \ + DEBIAN_FRONTEND=noninteractive \ + apt install --no-install-recommends -y \ bash \ ca-certificates \ curl \ - git \ - libssh2-1 libssh2-1-dev \ llvm-10 llvm-10-dev \ - tzdata + libssh2-1 libssh2-1-dev \ + libyaml-dev \ + && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + +# Add trusted CAs for communicating with external services +RUN update-ca-certificates # Install watchexec RUN curl -sLO https://github.com/watchexec/watchexec/releases/download/cli-v1.16.0/watchexec-1.16.0-x86_64-unknown-linux-gnu.deb && \ dpkg -i watchexec-1.16.0-x86_64-unknown-linux-gnu.deb && \ rm -rf ./*.deb -# Add trusted CAs for communicating with external services -RUN update-ca-certificates - -SHELL ["/bin/bash", "-l", "-c"] - -# Install asdf version manager -RUN git clone https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch v0.8.0 -RUN $HOME/.asdf/bin/asdf plugin-add crystal https://github.com/asdf-community/asdf-crystal.git - -RUN echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.bashrc && \ - echo -e '\n. $HOME/.asdf/asdf.sh' >> ~/.profile && \ - source ~/.bashrc +RUN mkdir -p /app/bin/drivers # Install shards before adding source. COPY shard.yml /app @@ -39,21 +34,25 @@ COPY shard.lock /app RUN shards install --ignore-crystal-version # Build digest tool before copying rest of source for better caching. -RUN mkdir /app/src COPY src/digest_cli.cr /app/src/digest_cli.cr - RUN CRYSTAL_PATH=lib:/usr/share/crystal/src/ \ LLVM_CONFIG=$(/usr/share/crystal/src/llvm/ext/find-llvm-config) \ - shards build digest_cli --ignore-crystal-version --no-debug - -COPY src/digest_cli.cr /app/src/digest_cli.cr + shards build digest_cli -Dpreview_mt --ignore-crystal-version --no-debug --production COPY scripts /app/scripts -COPY src /app/sr - -RUN mkdir -p /app/bin/drivers +COPY src /app/src # These provide certificate chain validation where communicating with external services over TLS ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt +SHELL ["/bin/bash", "-l", "-c"] +ENV HOME="/app" +# Install asdf version manager +RUN git clone --depth 1 https://github.com/asdf-vm/asdf.git $HOME/.asdf --branch v0.8.0 && \ + $HOME/.asdf/bin/asdf plugin-add crystal https://github.com/asdf-community/asdf-crystal.git && \ + echo -e '\n. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc && \ + echo -e '\n. $HOME/.asdf/asdf.sh' >> $HOME/.profile && \ + source ~/.bashrc + + CMD /app/scripts/entrypoint-test.sh diff --git a/scripts/entrypoint-test.sh b/scripts/entrypoint-test.sh index 49454ac..bb4e833 100755 --- a/scripts/entrypoint-test.sh +++ b/scripts/entrypoint-test.sh @@ -18,6 +18,9 @@ fi export CRYSTAL_PATH=lib:/usr/share/crystal/src export CRYSTAL_LIBRARY_PATH=/usr/local/lib +export PKG_CONFIG_PATH=/usr/local/opt/openssl/lib/pkgconfig +export CPPFlAGS=-L/usr/local/opt/openssl/include +export LDFLAGS=-L/usr/local/opt/openssl/lib watch="false" multithreaded="false" diff --git a/spec/placeos-build/drivers_spec.cr b/spec/placeos-build/drivers_spec.cr index a4db2f1..9a37725 100644 --- a/spec/placeos-build/drivers_spec.cr +++ b/spec/placeos-build/drivers_spec.cr @@ -2,8 +2,7 @@ module PlaceOS::Build describe Drivers do it "compiles a crystal binary specificed by an entrypoint" do Drivers.legacy_build_method = false - drivers = Drivers.new - drivers.compile( + Drivers.new.compile( repository_uri: "https://github.com/place-labs/exec_from", entrypoint: "src/app.cr", commit: "da824d2a59f7e29eea6525f472ffc67c294a48cf", @@ -13,8 +12,7 @@ module PlaceOS::Build pending "compiles drivers via the legacy ENV method" do Drivers.legacy_build_method = true - drivers = Drivers.new - drivers.compile( + Drivers.new.compile( repository_uri: "https://github.com/placeos/private-drivers", entrypoint: "drivers/place/private_helper.cr", commit: "c014d19225bb9aa2578494be797207c04745df39", diff --git a/src/placeos-build/drivers.cr b/src/placeos-build/drivers.cr index 3912b83..57a8d18 100644 --- a/src/placeos-build/drivers.cr +++ b/src/placeos-build/drivers.cr @@ -88,7 +88,7 @@ module PlaceOS::Build digest = begin PlaceOS::Build::Digest.digest([entrypoint], repository_path).first.hash rescue e - Log.warn(exception: e) { "failed to digesst, likely a legacy driver" } + Log.warn { "failed to digest #{entrypoint} using the driver's commit" } # Use the commit if a digest could not be produced commit[0, 6] end