From e28d134370196d3e4d3ff9016a36cce011031e58 Mon Sep 17 00:00:00 2001 From: Matthieu Date: Thu, 9 Sep 2021 13:30:28 +0000 Subject: [PATCH] fix docker images --- .devcontainer/Dockerfile | 26 +++++++++++++++++++++++ .devcontainer/devcontainer.json | 30 ++++++++++++++++++++++++++ .github/workflows/bazel-build.yml | 18 +++++++--------- BUILD | 8 +++---- bazel/BUILD | 2 ++ bazel/docker.bzl | 35 ++++++++++++++++++++++++------- bazel/rust.bzl | 2 +- gateway/BUILD | 9 ++++---- ratelimiter/BUILD | 1 + webhook/BUILD | 1 + 10 files changed, 103 insertions(+), 29 deletions(-) create mode 100644 .devcontainer/Dockerfile create mode 100644 .devcontainer/devcontainer.json diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile new file mode 100644 index 0000000..ba27052 --- /dev/null +++ b/.devcontainer/Dockerfile @@ -0,0 +1,26 @@ +FROM mcr.microsoft.com/vscode/devcontainers/base:0-focal + +# ** [Optional] Uncomment this section to install additional packages. ** +# RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ +# && apt-get -y install --no-install-recommends + +RUN apt update -y && apt install apt-transport-https curl gnupg python build-essential ca-certificates lsb-release -y && \ + curl -fsSL https://bazel.build/bazel-release.pub.gpg | gpg --dearmor -o /etc/apt/trusted.gpg.d/bazel.gpg && \ + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg && \ + echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list && \ + echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list && \ + apt update -y && apt install bazel docker-ce-cli -y + +ARG NONROOT_USER=vscode + +RUN echo "#!/bin/sh\n\ + SOCKET_GID=\$(stat -c '%g' /var/run/docker.sock) \n\ + if [ \"${SOCKET_GID}\" != '0' ]; then\n\ + if [ \"\$(cat /etc/group | grep :\${SOCKET_GID}:)\" = '' ]; then groupadd --gid \${SOCKET_GID} docker-host; fi \n\ + if [ \"\$(id ${NONROOT_USER} | grep -E \"groups=.*(=|,)\${SOCKET_GID}\(\")\" = '' ]; then usermod -aG \${SOCKET_GID} ${NONROOT_USER}; fi\n\ + fi\n\ + exec \"\$@\"" > /usr/local/share/docker-init.sh \ + && chmod +x /usr/local/share/docker-init.sh + +ENTRYPOINT [ "/usr/local/share/docker-init.sh" ] +CMD [ "sleep", "infinity" ] \ No newline at end of file diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 0000000..f1cc4d9 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,30 @@ +// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at: +// https://github.com/microsoft/vscode-dev-containers/tree/v0.191.1/containers/debian +{ + "name": "Ubuntu", + "build": { + "dockerfile": "Dockerfile", + // Update 'VARIANT' to pick an Debian version: bullseye, buster, stretch + "args": { "VARIANT": "focal" } + }, + + // Set *default* container specific settings.json values on container create. + "settings": {}, + + // Add the IDs of extensions you want installed when the container is created. + "extensions": [], + + // Use 'forwardPorts' to make a list of ports inside the container available locally. + // "forwardPorts": [], + + // Uncomment to use the Docker CLI from inside the container. See https://aka.ms/vscode-remote/samples/docker-from-docker. + "mounts": ["source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"], + + // Uncomment when using a ptrace-based debugger like C++, Go, and Rust + // "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ], + + // Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root. + "remoteUser": "vscode", + "overrideCommand": false, + "runArgs": ["--init"], +} \ No newline at end of file diff --git a/.github/workflows/bazel-build.yml b/.github/workflows/bazel-build.yml index d96a4ca..7648c7d 100644 --- a/.github/workflows/bazel-build.yml +++ b/.github/workflows/bazel-build.yml @@ -21,19 +21,15 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - uses: actions/checkout@v2 + - uses: ilammy/msvc-dev-cmd@v1 if: matrix.os == 'windows-latest' - - uses: lukka/run-vcpkg@v7 - if: matrix.os == 'windows-latest' - with: - setupOnly: true - vcpkgGitCommitId: "bcf551b980380fe7f84fa302ad7ef3c184f9bf4f" - - run: | - $VCPKG_ROOT/vcpkg integrate install - $VCPKG_ROOT/vcpkg install libsodium - shell: bash - if: matrix.os == 'windows-latest' + - name: Extract branch name + shell: bash + run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})" + id: extract_branch + - uses: docker-practice/actions-setup-docker@master if: matrix.os == 'ubuntu-latest' - uses: docker/login-action@v1 @@ -79,5 +75,5 @@ jobs: - name: Publish docker images shell: bash run: | - bazel run //:publish + bazel run --define docker_repo=ghcr.io --define docker_tag=${{ steps.extract_branch.outputs.branch }} //:publish if: matrix.os == 'ubuntu-latest' diff --git a/BUILD b/BUILD index cf4ac62..2407489 100644 --- a/BUILD +++ b/BUILD @@ -20,10 +20,10 @@ container_bundle( name = "bundle", images = { - "ghcr.io/discordnova/nova/novactl:latest": "//novactl:image", - "ghcr.io/discordnova/nova/gateway:latest": "//gateway:image", - "ghcr.io/discordnova/nova/ratelimiter:latest": "//ratelimiter:image", - "ghcr.io/discordnova/nova/webhook:latest": "//webhook:image", + "$(docker_repo)/discordnova/nova/novactl:$(docker_tag)": "//novactl:image", + "$(docker_repo)/discordnova/nova/gateway:$(docker_tag)": "//gateway:image", + "$(docker_repo)/discordnova/nova/ratelimiter:$(docker_tag)": "//ratelimiter:image", + "$(docker_repo)/discordnova/nova/webhook:$(docker_tag)": "//webhook:image", } ) diff --git a/bazel/BUILD b/bazel/BUILD index e69de29..dac72c2 100644 --- a/bazel/BUILD +++ b/bazel/BUILD @@ -0,0 +1,2 @@ +load("//bazel:docker.bzl", "images") +images() \ No newline at end of file diff --git a/bazel/docker.bzl b/bazel/docker.bzl index 8d21374..be6a1d0 100644 --- a/bazel/docker.bzl +++ b/bazel/docker.bzl @@ -4,6 +4,9 @@ load("@io_bazel_rules_docker//toolchains/docker:toolchain.bzl", "toolchain_confi load("@io_bazel_rules_docker//repositories:repositories.bzl", "repositories") load("@io_bazel_rules_docker//repositories:deps.bzl", "deps") load("@io_bazel_rules_docker//container:container.bzl", "container_pull") +load("@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl", "download_pkgs") +load("@io_bazel_rules_docker//docker/package_managers:install_pkgs.bzl", "install_pkgs") +load("@io_bazel_rules_docker//container:container.bzl", "container_image") load( "@io_bazel_rules_docker//go:image.bzl", @@ -14,6 +17,23 @@ load( _rust_image_repos = "repositories", ) +def images(): + download_pkgs( + name = "download_base_pkgs", + image_tar = "@debian//image", + packages = ["libgcc-10-dev", "libc6"] + ) + install_pkgs( + name = "base_pkgs", + image_tar = "@debian//image", + installables_tar = ":download_base_pkgs.tar", + output_image_name = "distroless_base_with_libgcc" + ) + container_image( + name = "base", + base = ":base_pkgs.tar", + visibility = ["//visibility:public"], + ) def load_docker(): """ @@ -27,15 +47,14 @@ def load_docker(): _go_image_repos() _rust_image_repos() container_pull( - name = "io_docker_index_library_debian_stable_slim", - digest = "sha256:2c4bb6b7236db0a55ec54ba8845e4031f5db2be957ac61867872bf42e56c4deb", + name = "distroless_debian10", registry = "gcr.io", - repository = "distroless/cc-debian10", + repository = "distroless/base-debian10", tag = "latest", ) container_pull( - name = "ubuntu1604", - registry = "l.gcr.io", - repository = "google/ubuntu1604", - tag = "latest", - ) + name = "debian", + registry = "docker.io", + repository = "library/debian", + tag = "stable", + ) \ No newline at end of file diff --git a/bazel/rust.bzl b/bazel/rust.bzl index a6d3e4f..c8e21d5 100644 --- a/bazel/rust.bzl +++ b/bazel/rust.bzl @@ -10,7 +10,7 @@ def load_rust_toolchains(): """ rust_repositories( edition = "2018", - iso_date = "2021-06-16", + iso_date = "2021-09-09", version = "nightly", ) diff --git a/gateway/BUILD b/gateway/BUILD index 2413b4d..c0a9f5d 100644 --- a/gateway/BUILD +++ b/gateway/BUILD @@ -1,9 +1,6 @@ load("@rules_rust//rust:rust.bzl", "rust_binary") load("//cargo:crates.bzl", "all_crate_deps", "crate_deps") -load("@io_bazel_rules_docker//container:container.bzl", "container_image") load("@io_bazel_rules_docker//rust:image.bzl", "rust_image") -load("@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl", "download_pkgs") -load("@io_bazel_rules_docker//docker/package_managers:install_pkgs.bzl", "install_pkgs") test_suite(name = "tests") @@ -17,7 +14,9 @@ rust_binary( rust_image( name = "image", - binary = ":gateway", + srcs = glob(["src/**/*.rs"]), + proc_macro_deps = crate_deps(["serde_repr"]), + deps = all_crate_deps(), visibility = ["//visibility:public"], - base = "@ubuntu1604//image", + base = "//bazel:base", ) diff --git a/ratelimiter/BUILD b/ratelimiter/BUILD index f9143e1..4a122e1 100644 --- a/ratelimiter/BUILD +++ b/ratelimiter/BUILD @@ -32,4 +32,5 @@ rust_image( srcs = ["src/main.rs"], deps = all_crate_deps() + [":build_script"], visibility = ["//visibility:public"], + base = "//bazel:base", ) \ No newline at end of file diff --git a/webhook/BUILD b/webhook/BUILD index 4e99e2c..65ce039 100644 --- a/webhook/BUILD +++ b/webhook/BUILD @@ -22,4 +22,5 @@ rust_image( srcs = glob(["src/**"]), deps = all_crate_deps(), visibility = ["//visibility:public"], + base = "//bazel:base", ) -- 2.39.5