From bef833478dd106c18e3e8cc211705a24ae47d801 Mon Sep 17 00:00:00 2001 From: Sebastiaan Zeeff Date: Tue, 17 Nov 2020 19:38:00 +0100 Subject: Use three image setup for build --- .github/workflows/lint-test.yaml | 77 +++++++++++++++++++++++----------------- docker/Dockerfile | 59 ++++++++++++++++++++++++++++-- 2 files changed, 101 insertions(+), 35 deletions(-) diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index aca828b..d551790 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -31,27 +31,29 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GHCR_TOKEN }} - - name: Cache Base Image Layers + - name: Cache Image Layers uses: actions/cache@v2 with: - path: /tmp/.base-buildx-cache - key: ${{ runner.os }}-buildx-base-${{ github.ref }}-${{ github.sha }} + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.ref }}-${{ github.sha }} restore-keys: | - ${{ runner.os }}-buildx-base-${{ github.ref }}- - ${{ runner.os }}-buildx-base- + ${{ runner.os }}-buildx-${{ github.ref }}- + ${{ runner.os }}-buildx- - - name: Build base image + - name: Build image for linting and testing uses: docker/build-push-action@v2 with: context: . - file: ./docker/base.Dockerfile + file: ./docker/Dockerfile push: false load: true + target: venv cache-from: | - type=local,src=/tmp/.base-buildx-cache + type=local,src=/tmp/.buildx-cache ghcr.io/python-discord/snekbox-base:latest - cache-to: type=local,dest=/tmp/.base-buildx-cache - tags: ghcr.io/python-discord/snekbox-base:${{ steps.sha_tag.outputs.tag }} + ghcr.io/python-discord/snekbox-venv:latest + cache-to: type=local,dest=/tmp/.buildx-cache + tags: ghcr.io/python-discord/snekbox-venv:${{ steps.sha_tag.outputs.tag }} - name: Show Containers run: docker image ls @@ -69,7 +71,7 @@ jobs: --volume \"${PWD}\":\"${PWD}\" \ --workdir \"${PWD}\" \ --entrypoint /bin/bash \ - ghcr.io/python-discord/snekbox-base:${{ steps.sha_tag.outputs.tag }}" + ghcr.io/python-discord/snekbox-venv:${{ steps.sha_tag.outputs.tag }}" - name: Install dependencies run: "docker exec snekbox_test /bin/bash -c \ @@ -87,6 +89,7 @@ jobs: 'coverage run -m unittest; coverage report -m'" - name: Setup python + if: always() id: python uses: actions/setup-python@v2 with: @@ -102,39 +105,47 @@ jobs: pip install coveralls~=2.1 coveralls - - name: Cache Final Image Layers - uses: actions/cache@v2 - with: - path: /tmp/.final-buildx-cache - key: ${{ runner.os }}-buildx-final-${{ github.ref }}-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-final-${{ github.ref }}- - ${{ runner.os }}-buildx-final- - - - name: Push intermediate base container to registry - run: docker push ghcr.io/python-discord/snekbox-base:${{ steps.sha_tag.outputs.tag }} - - - name: Build base image + - name: Build final image uses: docker/build-push-action@v2 with: context: . file: ./docker/Dockerfile - build-args: | - IMAGE_TAG=${{ steps.sha_tag.outputs.tag }} push: true cache-from: | - type=local,src=/tmp/.base-buildx-cache - type=local,src=/tmp/.final-buildx-cache + type=local,src=/tmp/.buildx-cache + ghcr.io/python-discord/snekbox-base:latest + ghcr.io/python-discord/snekbox-venv:latest ghcr.io/python-discord/snekbox:latest - cache-to: type=local,dest=/tmp/.final-buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache tags: ghcr.io/python-discord/snekbox:latest - - name: Build builder image + - name: Push base image uses: docker/build-push-action@v2 with: context: . file: ./docker/base.Dockerfile + target: base push: true - cache-from: type=local,src=/tmp/.base-buildx-cache - cache-to: type=local,dest=/tmp/.base-buildx-cache - tags: ghcr.io/python-discord/snekbox:latest + cache-from: | + type=local,src=/tmp/.buildx-cache + ghcr.io/python-discord/snekbox-base:latest + cache-to: | + type=local,dest=/tmp/.buildx-cache + ghcr.io/python-discord/snekbox-base:latest + tags: ghcr.io/python-discord/snekbox-base:latest + + - name: Push venv image + uses: docker/build-push-action@v2 + with: + context: . + file: ./docker/base.Dockerfile + target: base + push: true + cache-from: | + type=local,src=/tmp/.buildx-cache + ghcr.io/python-discord/snekbox-base:latest + ghcr.io/python-discord/snekbox-venv:latest + cache-to: | + type=local,dest=/tmp/.buildx-cache + ghcr.io/python-discord/snekbox-venv:latest + tags: ghcr.io/python-discord/snekbox-venv:latest diff --git a/docker/Dockerfile b/docker/Dockerfile index 9ebc82c..693da6e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,5 +1,60 @@ -ARG IMAGE_TAG=latest -FROM ghcr.io/python-discord/snekbox-base:$IMAGE_TAG +FROM python:3.9-slim-buster as builder +RUN apt-get -y update \ + && apt-get install -y \ + bison=2:3.3.* \ + flex=2.6.* \ + g++=4:8.3.* \ + gcc=4:8.3.* \ + git=1:2.20.* \ + libprotobuf-dev=3.6.* \ + libnl-route-3-dev=3.4.* \ + make=4.2.* \ + pkg-config=0.29-6 \ + protobuf-compiler=3.6.* +RUN git clone \ + -b '2.9' \ + --single-branch \ + --depth 1 \ + https://github.com/google/nsjail.git /nsjail +WORKDIR /nsjail +RUN make + +FROM python:3.9-slim-buster as base +ENV PIP_NO_CACHE_DIR=false + +RUN apt-get -y update \ + && apt-get install -y \ + gcc=4:8.3.* \ + libnl-route-3-200=3.4.* \ + libprotobuf17=3.6.* \ + && rm -rf /var/lib/apt/lists/* +RUN pip install pipenv==2020.11.4 + +COPY --from=builder /nsjail/nsjail /usr/sbin/ +RUN chmod +x /usr/sbin/nsjail + +FROM base as venv + +ARG DEV +ENV PIP_NO_CACHE_DIR=false \ + PIPENV_DONT_USE_PYENV=1 \ + PIPENV_HIDE_EMOJIS=1 \ + PIPENV_NOSPIN=1 + +COPY Pipfile Pipfile.lock /snekbox/ +WORKDIR /snekbox + +RUN if [ -n "${DEV}" ]; \ + then \ + pipenv install --deploy --system --dev; \ + else \ + pipenv install --deploy --system; \ + fi + +# At the end to avoid re-installing dependencies when only a config changes. +COPY config/ /snekbox/config + +FROM venv ENTRYPOINT ["gunicorn"] CMD ["-c", "config/gunicorn.conf.py", "snekbox.api.app"] -- cgit v1.2.3