-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update Crate Docker image #1664
Conversation
We usually just provide both a Debian version and an Alpine version, so I am hesitant to just switch image bases without a transition period, but I couldn't really find users doing The vendored dependency of Other feedback on the Dockerfile: # specific version rather than latest
- FROM alpine:latest
+ FROM alpine:3.3
# unneeded as "http://dl-cdn.alpinelinux.org/alpine/v3.3/community" is already in the file
-RUN echo 'http://nl.alpinelinux.org/alpine/latest-stable/community' >> /etc/apk/repositories
# combine layers, otherwise apk del doesn't actually save space
# use --no-cache :)
RUN set -ex \
- && apk update \
- && apk add --update-cache openssl ca-certificates libtirpc \
- --virtual .fetch-deps tar wget \
- && wget -nv "$CDN/sigar/$LIB_SIGAR.1.0" -P /usr/local/lib \
+ && apk add --no-cache --virtual .fetch-deps \
+ openssl ca-certificates libtirpc \
+ tar wget \
+ && wget -nv "sourceforgeurl?" -P /usr/local/lib \
&& ln /usr/local/lib/$LIB_SIGAR.1.0 /usr/local/lib/$LIB_SIGAR.1 \
&& runDeps="$(\
scanelf --needed --nobanner --recursive /usr/local \
| awk '{ gsub(/,/, "\nso:", $2); print "so:" $2 }' \
| sort -u \
| xargs -r apk info --installed \
| sort -u \
)" \
- && apk add --no-cache --virtual .libsigar-rundeps $runDeps
-
-RUN mkdir /crate \
+ && apk add --no-cache --virtual .libsigar-rundeps $runDeps \
+ && mkdir /crate \
&& wget -nv -O - "$CDN/releases/crate-$CRATE_VERSION.tar.gz" \
| tar -xzC /crate --strip-components=1 \
# not necessary, but provides nice symmetry with libsigar-rundeps
- && apk add --update-cache openjdk8-jre-base python3 \
+ && apk add --no-cache --virtual .crate-rundeps openjdk8-jre-base python3 \
&& apk del .fetch-deps \
- && rm -rf /var/cache/apk/*
-
# not strictly necessary:
-RUN ln -sf /usr/bin/python3 /usr/bin/python \
+ && ln -sf /usr/bin/python3 /usr/bin/python \
&& ln -sf /usr/local/lib/$LIB_SIGAR.1 /crate/lib/sigar/$LIB_SIGAR
# lastly, should move the user and group creation to the beginning of the Dockerfile so that the layer could be shared between versions of crate |
@yosifkit Thanks for the feedback. Here is the fixup. Now we explicitly build |
We recommend embedding the gpg keys directly in the dockerfile like tomcat and also using [ You have one Might want to move |
Crate Docker image is based Alpine Linux now
Hi @yosifkit, we have addressed your comments, here is the follow up pull request. |
hi @yosifkit, do you already have some feedback for us? thanks in advance. |
Hey folks, sorry for the delay. Just took a look, and everything looks good. For the next revision, I'd like to see the key ID replaced with a full fingerprint, but I don't think we need to hold this up for that (ie, LGTM (crate/docker-crate@c9cbce8...abc17a2) Build test of #1664; f81242c ( $ bashbrew build "crate"
Cloning crate (git://github.com/crate/docker-crate) ...
Processing crate:latest ...
Processing crate:0.52 ...
Processing crate:0.52.4 ...
Processing crate:0.54 ...
Processing crate:0.54.8 ...
$ bashbrew list --uniq "$url" | xargs test/run.sh
testing crate:latest
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed
testing crate:0.52
'utc' [1/4]...passed
'cve-2014--shellshock' [2/4]...passed
'no-hard-coded-passwords' [3/4]...passed
'override-cmd' [4/4]...passed |
Looks like the build server is having a rough time trying to reach http://apache.uib.no reliably, so if we could swap that to a US-based mirror or something soon, that'd be helpful. 😅 The way (adding an |
Fixes proposed in crate/docker-crate#54 |
The Crate Docker image is based Alpine Linux now