Refatora build de imagem para usar podman rootless + nix (#7)

* Adiciona boilerplate nix, flake.nix * Adiciona flake.lock * WIP, funcionou, ainda ajustando * Muitas melhorias e refatorações * Update Makefile Co-authored-by: Rodrigo Castro <[email protected]> * Adiciona podman --version para gerar logs Co-authored-by: Rodrigo Castro <[email protected]>
imobanco · Jul 22, 2021 · f7f899c · f7f899c
1 parent cc55279
commit f7f899c
Show file tree

Hide file tree

Showing 6 changed files with 138 additions and 39 deletions.
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -12,7 +12,8 @@ jobs:
     runs-on: ubuntu-18.04
     steps:
       - uses: actions/checkout@v2
-
+      - name: Prints podman --version
+        run: podman --version
       - name: Build dev
         run: make dev.build
 

diff --git a/Containerfile.dev b/Containerfile.dev
@@ -0,0 +1,31 @@
+FROM python:3.8.3-slim-buster
+
+# Set python environment variables
+ENV PYTHONDONTWRITEBYTECODE 1
+ENV PYTHONUNBUFFERED 1
+ENV PIP_NO_CACHE_DIR 0
+# ENV PIP_DISABLE_PIP_VERSION_CHECK 1
+
+ENV USER app_user
+
+WORKDIR /home/app_user
+
+RUN apt-get update \
+ && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends --no-install-suggests -y \
+    ca-certificates \
+ && apt-get -y autoremove \
+ && apt-get -y clean  \
+ && rm -rf /var/lib/apt/lists/*
+
+RUN addgroup app_group \
+ && adduser \
+    --quiet \
+    --disabled-password \
+    --shell /bin/bash \
+    --home /home/app_user \
+    --gecos "User" app_user \
+    --ingroup app_group \
+ && chmod 0700 /home/app_user \
+ && chown --recursive app_user:app_group /home/app_user
+
+CMD ["/bin/bash"]
diff --git a/Dockerfile.dev b/Dockerfile.dev
diff --git a/Makefile b/Makefile
@@ -1,5 +1,11 @@
+REGISTRY=imobanco
+IMAGE_NAME=python
+IMAGE_TAG=dev-latest
+INCOME_API_IMAGE=$(REGISTRY)/$(IMAGE_NAME):$(IMAGE_TAG)
+
+
 dev.build:
-	docker build -f Dockerfile.dev .
+	podman build --file Containerfile.dev --tag $(INCOME_API_IMAGE) .
 
 prod.build:
 	docker build -f Dockerfile.prod .

diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -0,0 +1,57 @@
+{
+  description = "This is a nix with flakes package";
+
+  inputs = {
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+
+  outputs = { self, nixpkgs, flake-utils }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+
+        pkgsAllowUnfree = import nixpkgs {
+          system = "x86_64-linux";
+          config = { allowUnfree = true; };
+        };
+
+        # Provides a script that copies required files to ~/
+        podmanSetupScript =
+          let
+            registriesConf = pkgsAllowUnfree.writeText "registries.conf" ''
+              [registries.search]
+              registries = ['docker.io']
+              [registries.block]
+              registries = []
+            '';
+          in
+          pkgsAllowUnfree.writeShellScriptBin "podman-setup-script" ''
+            # Dont overwrite customised configuration
+            if ! test -f ~/.config/containers/policy.json; then
+              install -Dm555 ${pkgsAllowUnfree.skopeo.src}/default-policy.json ~/.config/containers/policy.json
+            fi
+
+            if ! test -f ~/.config/containers/registries.conf; then
+              install -Dm555 ${registriesConf} ~/.config/containers/registries.conf
+            fi
+          '';
+
+      in
+      {
+
+        devShell = pkgsAllowUnfree.mkShell {
+          buildInputs = with pkgsAllowUnfree; [
+            gnumake
+            podman
+            podmanSetupScript
+          ];
+
+          shellHook = ''
+            export TMPDIR=/tmp
+
+            podman-setup-script
+
+            echo "Entering the nix devShell"
+          '';
+        };
+      });
+}