diff --git a/Dockerfile b/Dockerfile index dab80ea..20408ef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,16 +15,26 @@ FROM python:3.11.13-bookworm ARG DEBIAN_FRONTEND=noninteractive -COPY --from=docker:23 /usr/local/bin/* /usr/bin/ -COPY --from=docker:23 /usr/local/libexec/docker/cli-plugins/* /usr/libexec/docker/cli-plugins/ -COPY --from=mikefarah/yq:4.40.5 /usr/bin/yq /usr/bin/yq -COPY --from=bitnami/kubectl:1.28.6 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin -COPY --from=bitnami/minio-client:2024.5.9 /opt/bitnami/minio-client/bin/mc /usr/local/bin +COPY --from=docker:28 /usr/local/bin/* /usr/bin/ +COPY --from=docker:28 /usr/local/libexec/docker/cli-plugins/* /usr/libexec/docker/cli-plugins/ +COPY --from=mikefarah/yq:4.49.2 /usr/bin/yq /usr/bin/yq COPY --from=age /tmp/age/age /usr/bin/age COPY --from=sops /tmp/sops /usr/local/bin/sops RUN chmod +x /usr/local/bin/sops -RUN apt-get update && apt-get install -qq --no-install-recommends python3 python3-pip libyaml-dev +RUN apt-get update && apt-get install -qq --no-install-recommends \ + curl ca-certificates \ + python3 python3-pip libyaml-dev \ + && rm -rf /var/lib/apt/lists/* + +# Install kubectl (official upstream binary) +ARG KUBECTL_VERSION=1.28.6 +RUN curl -fsSL "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \ + && chmod +x /usr/local/bin/kubectl + +# Install MinIO client (mc) - use MinIO's release binary +RUN curl -fsSL "https://dl.min.io/client/mc/release/linux-amd64/mc" -o /usr/local/bin/mc \ + && chmod +x /usr/local/bin/mc ARG tutor_release ENV TUTOR_RELEASE=$tutor_release @@ -34,10 +44,7 @@ RUN pip install "tutor==${TUTOR_RELEASE}" \ "tutor-discovery==${TUTOR_RELEASE}" \ "tutor-forum==${TUTOR_RELEASE}" \ "tutor-mfe==${TUTOR_RELEASE}" \ - "tutor-minio==${TUTOR_RELEASE}" \ - "tutor-notes==${TUTOR_RELEASE}" \ - "tutor-webui==${TUTOR_RELEASE}" \ - "tutor-xqueue==${TUTOR_RELEASE}" + "tutor-notes==${TUTOR_RELEASE}" # installing AWS cli https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html RUN curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" \ diff --git a/README.md b/README.md index 9dffa4d..e2a09b2 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,8 @@ Images are published to: `abstract2tech/tutor-ci` You can build any Tutor version by specifying it when triggering the workflow. Common versions include: Tested version: -- "14.2.3" + +- "14.2.3" - "14.2.4" - "14.2.5" - "15.3.3" @@ -57,9 +58,36 @@ Not tested: ## How to Use +## Replacing Bitnami images / binaries + +The Dockerfile previously used commented Bitnami multi-stage COPYs for two helper tools: + +- kubectl (bitnami/kubectl:1.28.6) +- mc — MinIO client (bitnami/minio-client:2024.5.9) + +Rather than copying these from Bitnami images, the build now downloads the official upstream +binaries for each tool and installs them into `/usr/local/bin`: + +- kubectl — downloaded from the official Kubernetes release binary (pinned to `1.28.6` in the Dockerfile) +- mc — downloaded from MinIO's release binary + +Why this change? + +- Avoid reliance on third-party vendor images for small helper binaries. +- Pinning a known release binary reduces surprise changes caused by upstream image base changes. +- Reduces the number of build stages/sizes when those images aren't otherwise needed. + +If you'd rather copy from alternate images (for example an official docker image that already contains the binaries): + +1. Identify a replacement image and the correct path to the binary inside it (e.g. `/usr/bin/mc` or `/kubectl`). +2. Replace the relevant `curl`-download lines in the `Dockerfile` with an equivalent `COPY --from=: /usr/local/bin/`. + +Note: pin versions explicitly when using downloads or image tags to keep builds reproducible. + ## Prerequisites For maintainers who want to trigger builds: + - GitHub account with access to this repository - Docker Hub secret `DOCKER_REGISTRY_PASSWORD` must be configured in repository settings @@ -72,5 +100,6 @@ For maintainers who want to trigger builds: 5. Click "Run workflow" The workflow will: + - Build a Docker image with the specified Tutor version -- Push it to Docker Hub as `abstract2tech/tutor-ci:` \ No newline at end of file +- Push it to Docker Hub as `abstract2tech/tutor-ci:`