From 0adc66a79f827465f829e927ad78903af1bf6d67 Mon Sep 17 00:00:00 2001 From: Matt Loberg Date: Tue, 7 Nov 2023 15:48:59 -0600 Subject: [PATCH] feat: setup new base image with 3.12 --- .github/CODEOWNERS | 1 + .github/dependabot.yml | 6 ++++ .github/workflows/build.yml | 65 +++++++++++++++++++++++++++++++++++++ .github/workflows/lint.yml | 27 +++++++++++++++ 3.12/Dockerfile | 28 ++++++++++++++++ 3.6/Dockerfile | 17 ---------- README.md | 32 ++++++++++++++++-- 7 files changed, 156 insertions(+), 20 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/lint.yml create mode 100644 3.12/Dockerfile delete mode 100644 3.6/Dockerfile diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..ce07a21 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @articulate/platform diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3a626c3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..22da6ca --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,65 @@ +name: Build + +on: + pull_request: + push: + branches: + - main + schedule: + - cron: '0 0 * * 1-6' + - cron: '0 0 * * 0' # runs with no-cache + workflow_dispatch: + inputs: + no-cache: + description: 'Skip Docker cache' + type: boolean + default: false + +jobs: + setup: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Find Dockerfiles + id: scan + run: echo "dockerfiles=$(find . -name Dockerfile | cut -c3- | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" + outputs: + dockerfiles: ${{ steps.scan.outputs.dockerfiles }} + build: + runs-on: ubuntu-latest + needs: setup + strategy: + fail-fast: false + matrix: + dockerfile: ${{ fromJSON(needs.setup.outputs.dockerfiles) }} + steps: + - uses: actions/checkout@v4 + - name: Get image metadata + id: meta + run: | + tags=$(grep "tags=" ${{ matrix.dockerfile }} | cut -d "=" -f 2) + echo "context=$(dirname "${{ matrix.dockerfile }}")" >> "$GITHUB_OUTPUT" + echo "tags=${tags}" >> "$GITHUB_OUTPUT" + echo "cache=$(echo "$tags" | cut -d "," -f 1)" >> "$GITHUB_OUTPUT" + - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - uses: docker/build-push-action@v5 + with: + context: ${{ steps.meta.outputs.context }} + pull: ${{ github.event_name != 'pull_request' }} + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + platforms: linux/amd64,linux/arm64/v8 + cache-from: type=registry,ref=${{ steps.meta.outputs.cache }} + cache-to: type=inline + no-cache: ${{ github.event.schedule == '0 0 * * 0' || (github.event_name == 'workflow_dispatch' && inputs.no-cache) }} + notify: + runs-on: ubuntu-latest + needs: build + if: github.event_name != 'pull_request' + steps: + - run: curl ${{ secrets.DMS_URL }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..46a52a5 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,27 @@ +name: Lint + +on: pull_request + +jobs: + setup: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Find Dockerfiles + id: scan + run: echo "dockerfiles=$(find . -name Dockerfile | cut -c3- | jq -R -s -c 'split("\n")[:-1]')" >> "$GITHUB_OUTPUT" + outputs: + dockerfiles: ${{ steps.scan.outputs.dockerfiles }} + lint: + runs-on: ubuntu-latest + needs: [setup] + strategy: + fail-fast: false + matrix: + dockerfile: ${{ fromJSON(needs.setup.outputs.dockerfiles) }} + steps: + - uses: actions/checkout@v4 + - uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # pin@v3.1.0 + with: + dockerfile: ${{ matrix.dockerfile }} + ignore: DL3008,DL3016,DL3033 diff --git a/3.12/Dockerfile b/3.12/Dockerfile new file mode 100644 index 0000000..697bc7a --- /dev/null +++ b/3.12/Dockerfile @@ -0,0 +1,28 @@ +# tags=articulate/python:3.12 +# syntax=docker/dockerfile:1 +FROM python:3.12-slim-bookworm + +ENV SERVICE_ROOT /service +ENV SERVICE_USER service +ENV SERVICE_UID 1001 + +ARG TARGETARCH + +ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/install_packages /usr/local/bin/install_packages +ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/awscli.sh /tmp/awscli.sh + +RUN install_packages make && /tmp/awscli.sh && rm /tmp/awscli.sh \ + && groupadd --gid $SERVICE_UID $SERVICE_USER \ + && useradd --create-home --shell /bin/bash --gid $SERVICE_UID --uid $SERVICE_UID $SERVICE_USER + +ADD --chmod=755 https://github.com/articulate/docker-bootstrap/releases/latest/download/docker-bootstrap_linux_${TARGETARCH} /entrypoint +ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/docker-secrets /usr/local/bin/secrets +ADD --chmod=755 https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh /wait-for-it.sh + +USER $SERVICE_USER +WORKDIR $SERVICE_ROOT + +# Our entrypoint will pull in our environment variables from Consul and Vault, +# and execute whatever command we provided the container. +# See https://github.com/articulate/docker-bootstrap +ENTRYPOINT [ "/entrypoint" ] diff --git a/3.6/Dockerfile b/3.6/Dockerfile deleted file mode 100644 index af12e75..0000000 --- a/3.6/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM python:3.6-stretch - -ENV SERVICE_USER service -RUN apt-get update -qq \ - && apt-get -y install groff \ - && rm -rf /var/lib/apt/lists/* - -ADD https://raw.githubusercontent.com/articulate/docker-consul-template-bootstrap/master/install.sh /tmp/consul_template_install.sh -RUN bash /tmp/consul_template_install.sh && rm /tmp/consul_template_install.sh - -# UID and GID need to be hardcoded to 90001 to match the service user on the host instance for volume mounting -RUN groupadd -g 90001 $SERVICE_USER && useradd -u 90001 --create-home --home /home/$SERVICE_USER --gid $SERVICE_USER --shell /bin/bash $SERVICE_USER - -ADD https://raw.githubusercontent.com/articulate/docker-consul-template-bootstrap/master/wait-for-it.sh /wait-for-it.sh -RUN chmod a+rx /wait-for-it.sh - -ENTRYPOINT ["/entrypoint.sh"] diff --git a/README.md b/README.md index 76f2446..94cfbae 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,31 @@ -# Articulate Python Images +# Docker Python Images -Base Python image +Base Python Docker images. -These are all built on Dockerhub as Automated Builds. +## What's Included + +* [docker-bootstrap](https://github.com/articulate/docker-bootstrap) entrypoint + for loading environment variables from Consul and Vault. +* [secrets](https://github.com/articulate/docker-bootstrap/blob/main/scripts/docker-secrets) + to load Docker secrets as environment variables. +* [install_packages](https://github.com/articulate/docker-bootstrap/blob/main/scripts/install_packages) + to install apt packages. +* [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) + for interacting with AWS services. + +## Tags + +> 🌟 recommended image + +* __articulate/python:3.12__ 🌟 + +## Creating a new image + +The easiest way to create a new image is to copy an existing one and change the +base image. If creating from scratch, the images need the following: + +* Everything listed in [What's included](#whats-included) +* `make` for internal tooling. +* A _service_ user and group with a GID and UID of 1001. This should be the default + user. +* A _/service_ directory as the default working directory.