From ee4a190e09b5cb038a8b0ec7ad16b6c07c6889be Mon Sep 17 00:00:00 2001 From: reubenmiller Date: Tue, 26 Nov 2024 15:29:16 +0100 Subject: [PATCH 1/3] reduce size of devcontainer by installing everything in single layer --- .devcontainer/Dockerfile | 90 ++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index bc1af180b46..775cd372f24 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -7,7 +7,7 @@ FROM mcr.microsoft.com/devcontainers/rust:1-${VARIANT} RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ && apt-get -y install --no-install-recommends \ # apt dependencies - apt-transport-https ca-certificates gnupg-agent software-properties-common lsb-release \ + apt-transport-https ca-certificates gnupg-agent software-properties-common \ # Debian packaging utilities equivs \ dpkg-dev \ @@ -35,61 +35,61 @@ RUN apt-get update && export DEBIAN_FRONTEND=noninteractive \ nginx \ # JSON tools jq \ - jo - -# tedge dependencies -# Install more recent version of mosquitto >= 2.0.18 from debian backports to avoid mosquitto following bugs: -# The mosquitto repo can't be used as it does not included builds for arm64/aarch64 (only amd64 and armhf) -# * https://github.com/eclipse/mosquitto/issues/2604 (2.0.11) -# * https://github.com/eclipse/mosquitto/issues/2634 (2.0.15) -RUN sh -c "echo 'deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/debian-bookworm-backports.list" \ + jo \ + # tedge dependencies + # Install more recent version of mosquitto >= 2.0.18 from debian backports to avoid mosquitto following bugs: + # The mosquitto repo can't be used as it does not included builds for arm64/aarch64 (only amd64 and armhf) + # * https://github.com/eclipse/mosquitto/issues/2604 (2.0.11) + # * https://github.com/eclipse/mosquitto/issues/2634 (2.0.15) + && sh -c "echo 'deb [signed-by=/usr/share/keyrings/debian-archive-keyring.gpg] http://deb.debian.org/debian bookworm-backports main' > /etc/apt/sources.list.d/debian-bookworm-backports.list" \ && apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install -t bookworm-backports \ mosquitto \ - mosquitto-clients - -# Remove unnecessary systemd services -RUN rm -f /lib/systemd/system/multi-user.target.wants/* \ - /etc/systemd/system/*.wants/* \ - /lib/systemd/system/local-fs.target.wants/* \ - /lib/systemd/system/sockets.target.wants/*udev* \ - /lib/systemd/system/sockets.target.wants/*initctl* \ - /lib/systemd/system/systemd-update-utmp* \ + mosquitto-clients \ + # + # Remove unnecessary systemd services + && rm -f /lib/systemd/system/multi-user.target.wants/* \ + /etc/systemd/system/*.wants/* \ + /lib/systemd/system/local-fs.target.wants/* \ + /lib/systemd/system/sockets.target.wants/*udev* \ + /lib/systemd/system/sockets.target.wants/*initctl* \ + /lib/systemd/system/systemd-update-utmp* \ + # # Remove policy-rc.d file which prevents services from starting - && rm -f /usr/sbin/policy-rc.d - -# Install gh utility -RUN curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ + && rm -f /usr/sbin/policy-rc.d \ + # + # Install gh utility + && curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg \ && sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg \ && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null \ && sudo apt update \ - && sudo apt install -y gh - -# Install nfpm packager -RUN echo "deb [trusted=yes] https://repo.goreleaser.com/apt/ /" | tee /etc/apt/sources.list.d/goreleaser.list \ + && sudo apt install -y gh \ + # + # Install nfpm packager + && echo "deb [trusted=yes] https://repo.goreleaser.com/apt/ /" | tee /etc/apt/sources.list.d/goreleaser.list \ && apt update \ - && apt install -y nfpm - -# Install docker cli -RUN mkdir -p /etc/apt/keyrings \ + && apt install -y nfpm \ + # + # Install docker cli + && mkdir -p /etc/apt/keyrings \ && curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg \ - && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ + && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ && apt-get update \ - && apt-get install -y docker-ce-cli docker-compose-plugin - -# Node js (for browser based tests and documentation using docusaurus) -RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \ + && apt-get install -y docker-ce-cli docker-compose-plugin docker-buildx-plugin \ + # + # Node js (for browser based tests and documentation using docusaurus) + && curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \ && apt-get install -y nodejs \ - && npm install -g yarn - -# Instll just (project task runner) -RUN curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/bin/ - -# Update python deps -RUN pip3 install --upgrade pip --break-system-packages - -# Delete the dummy systemctl command added by the base image -RUN rm -f /usr/local/bin/systemctl + && npm install -g yarn \ + # + # Install just (project task runner) + && curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | bash -s -- --to /usr/bin/ \ + # + # Update python deps + && pip3 install --upgrade pip --break-system-packages \ + # + # Delete the dummy systemctl command added by the base image + && rm -f /usr/local/bin/systemctl # Persist bash history USER root From dff88d29212075ea1dc57ce7bd3fb4db2874e4be Mon Sep 17 00:00:00 2001 From: reubenmiller Date: Tue, 26 Nov 2024 15:29:50 +0100 Subject: [PATCH 2/3] switch to using public dev container --- .devcontainer/docker-compose.yml | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml index 23c3a740a47..8722ad31129 100644 --- a/.devcontainer/docker-compose.yml +++ b/.devcontainer/docker-compose.yml @@ -1,15 +1,10 @@ version: '3' services: tedge: - build: - context: . - dockerfile: Dockerfile - args: - VARIANT: bookworm + image: ${DEVCONTAINER_IMAGE:-ghcr.io/thin-edge/devcontainer:latest-bookworm} environment: - DOCKER_HOST=unix:///opt/run/docker.sock - # Option 1: Use privileged container (for dev purposes only!) volumes: # Mount docker socket to something other than /var/run as a # a privileged container or with CAP_SYS_ADMIN overwrites this @@ -21,18 +16,6 @@ services: - ..:/workspace:cached privileged: true - # Option 2: Only mount cgroup as readonly (but requires it to already exist) - # privileged: true - # volumes: - # # Mount docker socker to something other that /var/run as a - # # a privileged container or with CAP_SYS_ADMIN overwrites this - # - /var/run/docker.sock:/opt/run/docker.sock - # - tedge-bashhistory:/commandhistory - # - device-certs:/etc/tedge/device-certs - # - /sys/fs/cgroup:/sys/fs/cgroup:ro - # cap_add: - # - CAP_SYS_ADMIN - volumes: tedge-bashhistory: device-certs: From 8e00c96a85e2279d3230306295efea092769f8fe Mon Sep 17 00:00:00 2001 From: reubenmiller Date: Tue, 26 Nov 2024 15:30:11 +0100 Subject: [PATCH 3/3] add workflow to publish dev container periodically --- .github/workflows/devcontainer.yml | 41 ++++++++++++++++++++++++++++++ justfile | 17 +++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 .github/workflows/devcontainer.yml diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml new file mode 100644 index 00000000000..cad2d83f2e9 --- /dev/null +++ b/.github/workflows/devcontainer.yml @@ -0,0 +1,41 @@ +name: devcontainer + +on: + # trigger manually + workflow_dispatch: + + # run automatically once a month to update + # any changes in the base image + schedule: + - cron: "0 1 1 * *" + + # update on changes + push: + paths: + - '.devcontainer/**' + +jobs: + publish: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@v4 + + - name: Setup Docker buildx + uses: docker/setup-buildx-action@v3 + with: + install: true + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - uses: taiki-e/install-action@just + - name: Publish + run: just publish-dev-container "$(date +%Y%m%d)" diff --git a/justfile b/justfile index 51880377966..38f6a3bb632 100644 --- a/justfile +++ b/justfile @@ -22,6 +22,23 @@ info: version TYPE="all": @./ci/build_scripts/version.sh {{TYPE}} 2>/dev/null || exit 0 +# Publish the dev container to provide more reproducible dev environments +# +# docker login ghcr.io +publish-dev-container TAG="latest" IMAGE="ghcr.io/thin-edge/devcontainer" VARIANT="bookworm" OUTPUT_TYPE="registry": + docker buildx install + cd .devcontainer && docker buildx build \ + --platform linux/amd64,linux/arm64,linux/arm/7 \ + --build-arg "VARIANT={{VARIANT}}" \ + --label "org.opencontainers.image.version={{VERSION}}-{{VARIANT}}" \ + --label "org.opencontainers.image.source=https://github.com/thin-edge/thin-edge.io" \ + -t "{{IMAGE}}:{{TAG}}-{{VARIANT}}" \ + -t "{{IMAGE}}:latest-{{VARIANT}}" \ + -f Dockerfile \ + --output=type="{{OUTPUT_TYPE}}",oci-mediatypes=false \ + --provenance=false \ + . + # Default recipe [private] default: