Merge pull request #3265 from reubenmiller/dev-publish-devcontainer

dev: publish devcontainer image
thin-edge · Nov 26, 2024 · 140f061 · 140f061
2 parents 82df8e0 + 8e00c96
commit 140f061
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 63 deletions.
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -7,7 +7,7 @@ FROM mcr.microsoft.com/devcontainers/rust:1-${VARIANT}
 RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
     && apt-get -y install --no-install-recommends \
         # apt dependencies
-        apt-transport-https ca-certificates gnupg-agent software-properties-common lsb-release \
+        apt-transport-https ca-certificates gnupg-agent software-properties-common \
         # Debian packaging utilities
         equivs \
         dpkg-dev \
@@ -35,61 +35,61 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \
         nginx \
         # JSON tools
         jq \
-        jo
-
-# tedge dependencies
-# Install more recent version of mosquitto >= 2.0.18 from debian backports to avoid mosquitto following bugs:
-# The mosquitto repo can't be used as it does not included builds for arm64/aarch64 (only amd64 and armhf)
-# * https://github.com/eclipse/mosquitto/issues/2604 (2.0.11)
-# * https://github.com/eclipse/mosquitto/issues/2634 (2.0.15)
-RUN sh -c "echo 'deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/debian-bookworm-backports.list" \
+        jo \
+    # tedge dependencies
+    # Install more recent version of mosquitto >= 2.0.18 from debian backports to avoid mosquitto following bugs:
+    # The mosquitto repo can't be used as it does not included builds for arm64/aarch64 (only amd64 and armhf)
+    # * https://github.com/eclipse/mosquitto/issues/2604 (2.0.11)
+    # * https://github.com/eclipse/mosquitto/issues/2634 (2.0.15)
+    && sh -c "echo 'deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/debian-bookworm-backports.list" \
     && apt-get update \
     && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install -t bookworm-backports \
         mosquitto \
-        mosquitto-clients
-
-# Remove unnecessary systemd services
-RUN rm -f /lib/systemd/system/multi-user.target.wants/* \
-    /etc/systemd/system/*.wants/* \
-    /lib/systemd/system/local-fs.target.wants/* \
-    /lib/systemd/system/sockets.target.wants/*udev* \
-    /lib/systemd/system/sockets.target.wants/*initctl* \
-    /lib/systemd/system/systemd-update-utmp* \
+        mosquitto-clients \
+    #
+    # Remove unnecessary systemd services
+    && rm -f /lib/systemd/system/multi-user.target.wants/* \
+        /etc/systemd/system/*.wants/* \
+        /lib/systemd/system/local-fs.target.wants/* \
+        /lib/systemd/system/sockets.target.wants/*udev* \
+        /lib/systemd/system/sockets.target.wants/*initctl* \
+        /lib/systemd/system/systemd-update-utmp* \
+    #
     # Remove policy-rc.d file which prevents services from starting
-    && rm -f /usr/sbin/policy-rc.d
-
-# Install gh utility
-RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
+    && rm -f /usr/sbin/policy-rc.d \
+    #
+    # Install gh utility
+    && curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \
     && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \
     && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \
     && sudo apt update \
-    && sudo apt install -y gh
-
-# Install nfpm packager
-RUN echo "deb [trusted=yes] https://repo.goreleaser.com/apt/ /" | tee /etc/apt/sources.list.d/goreleaser.list \
+    && sudo apt install -y gh \
+    #
+    # Install nfpm packager
+    && echo "deb [trusted=yes] https://repo.goreleaser.com/apt/ /" | tee /etc/apt/sources.list.d/goreleaser.list \
     && apt update \
-    && apt install -y nfpm
-
-# Install docker cli
-RUN mkdir -p /etc/apt/keyrings \
+    && apt install -y nfpm \
+    #
+    # Install docker cli
+    && mkdir -p /etc/apt/keyrings \
     && curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
-    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \
     && apt-get update \
-    && apt-get install -y docker-ce-cli docker-compose-plugin
-
-# Node js (for browser based tests and documentation using docusaurus)
-RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
+    && apt-get install -y docker-ce-cli docker-compose-plugin docker-buildx-plugin \
+    #
+    # Node js (for browser based tests and documentation using docusaurus)
+    && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
     && apt-get install -y nodejs \
-    && npm install -g yarn
-
-# Instll just (project task runner)
-RUN curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/bin/
-
-# Update python deps
-RUN pip3 install --upgrade pip --break-system-packages
-
-# Delete the dummy systemctl command added by the base image
-RUN rm -f /usr/local/bin/systemctl
+    && npm install -g yarn \
+    #
+    # Install just (project task runner)
+    && curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/bin/ \
+    #
+    # Update python deps
+    && pip3 install --upgrade pip --break-system-packages \
+    #
+    # Delete the dummy systemctl command added by the base image
+    && rm -f /usr/local/bin/systemctl
 
 # Persist bash history
 USER root

diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -1,15 +1,10 @@
 version: '3'
 services:
   tedge:
-    build:
-      context: .
-      dockerfile: Dockerfile
-      args: 
-        VARIANT: bookworm
+    image: ${DEVCONTAINER_IMAGE:-ghcr.io/thin-edge/devcontainer:latest-bookworm}
     environment:
       - DOCKER_HOST=unix:///opt/run/docker.sock
 
-    # Option 1: Use privileged container (for dev purposes only!)
     volumes:
       # Mount docker socket to something other than /var/run as a
       # a privileged container or with CAP_SYS_ADMIN overwrites this
@@ -21,18 +16,6 @@ services:
       - ..:/workspace:cached
     privileged: true
 
-    # Option 2: Only mount cgroup as readonly (but requires it to already exist)
-    # privileged: true
-    # volumes:
-    #   # Mount docker socker to something other that /var/run as a
-    #   # a privileged container or with CAP_SYS_ADMIN overwrites this
-    #   - /var/run/docker.sock:/opt/run/docker.sock
-    #   - tedge-bashhistory:/commandhistory
-    #   - device-certs:/etc/tedge/device-certs
-    #   - /sys/fs/cgroup:/sys/fs/cgroup:ro
-    # cap_add:
-    #   - CAP_SYS_ADMIN
-
 volumes:
   tedge-bashhistory:
   device-certs:
diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml
@@ -0,0 +1,41 @@
+name: devcontainer
+
+on:
+  # trigger manually
+  workflow_dispatch:
+
+  # run automatically once a month to update
+  # any changes in the base image
+  schedule:
+  - cron: "0 1 1 * *"
+
+  # update on changes
+  push:
+    paths:
+      - '.devcontainer/**'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          install: true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - uses: taiki-e/install-action@just
+      - name: Publish
+        run: just publish-dev-container "$(date +%Y%m%d)"
diff --git a/justfile b/justfile
@@ -22,6 +22,23 @@ info:
 version TYPE="all":
     @./ci/build_scripts/version.sh {{TYPE}} 2>/dev/null || exit 0
 
+# Publish the dev container to provide more reproducible dev environments
+#
+# docker login ghcr.io
+publish-dev-container TAG="latest" IMAGE="ghcr.io/thin-edge/devcontainer" VARIANT="bookworm" OUTPUT_TYPE="registry":
+    docker buildx install
+    cd .devcontainer && docker buildx build \
+        --platform linux/amd64,linux/arm64,linux/arm/7 \
+        --build-arg "VARIANT={{VARIANT}}" \
+        --label "org.opencontainers.image.version={{VERSION}}-{{VARIANT}}" \
+        --label "org.opencontainers.image.source=https://github.com/thin-edge/thin-edge.io" \
+        -t "{{IMAGE}}:{{TAG}}-{{VARIANT}}" \
+        -t "{{IMAGE}}:latest-{{VARIANT}}" \
+        -f Dockerfile \
+        --output=type="{{OUTPUT_TYPE}}",oci-mediatypes=false \
+        --provenance=false \
+        .
+
 # Default recipe
 [private]
 default: