Skip to content

fix: replace Bitnami images with direct downloads #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
CodeWithEmad wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: replace Bitnami images with direct downloads #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 17 additions & 10 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,16 +15,26 @@ FROM python:3.11.13-bookworm

ARG DEBIAN_FRONTEND=noninteractive

COPY --from=docker:23 /usr/local/bin/* /usr/bin/
COPY --from=docker:23 /usr/local/libexec/docker/cli-plugins/* /usr/libexec/docker/cli-plugins/
COPY --from=mikefarah/yq:4.40.5 /usr/bin/yq /usr/bin/yq
COPY --from=bitnami/kubectl:1.28.6 /opt/bitnami/kubectl/bin/kubectl /usr/local/bin
COPY --from=bitnami/minio-client:2024.5.9 /opt/bitnami/minio-client/bin/mc /usr/local/bin
COPY --from=docker:28 /usr/local/bin/* /usr/bin/
COPY --from=docker:28 /usr/local/libexec/docker/cli-plugins/* /usr/libexec/docker/cli-plugins/
COPY --from=mikefarah/yq:4.49.2 /usr/bin/yq /usr/bin/yq
COPY --from=age /tmp/age/age /usr/bin/age
COPY --from=sops /tmp/sops /usr/local/bin/sops
RUN chmod +x /usr/local/bin/sops

RUN apt-get update && apt-get install -qq --no-install-recommends python3 python3-pip libyaml-dev
RUN apt-get update && apt-get install -qq --no-install-recommends \
curl ca-certificates \
python3 python3-pip libyaml-dev \
&& rm -rf /var/lib/apt/lists/*

# Install kubectl (official upstream binary)
ARG KUBECTL_VERSION=1.28.6
RUN curl -fsSL "https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl

# Install MinIO client (mc) - use MinIO's release binary
RUN curl -fsSL "https://dl.min.io/client/mc/release/linux-amd64/mc" -o /usr/local/bin/mc \
&& chmod +x /usr/local/bin/mc

ARG tutor_release
ENV TUTOR_RELEASE=$tutor_release
Expand All @@ -34,10 +44,7 @@ RUN pip install "tutor==${TUTOR_RELEASE}" \
"tutor-discovery==${TUTOR_RELEASE}" \
"tutor-forum==${TUTOR_RELEASE}" \
"tutor-mfe==${TUTOR_RELEASE}" \
"tutor-minio==${TUTOR_RELEASE}" \
"tutor-notes==${TUTOR_RELEASE}" \
"tutor-webui==${TUTOR_RELEASE}" \
"tutor-xqueue==${TUTOR_RELEASE}"
"tutor-notes==${TUTOR_RELEASE}"

# installing AWS cli https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
RUN curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip" \
Expand Down
33 changes: 31 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ Images are published to: `abstract2tech/tutor-ci`

You can build any Tutor version by specifying it when triggering the workflow. Common versions include:
Tested version:
- "14.2.3"

- "14.2.3"
- "14.2.4"
- "14.2.5"
- "15.3.3"
Expand Down Expand Up @@ -57,9 +58,36 @@ Not tested:

## How to Use

## Replacing Bitnami images / binaries

The Dockerfile previously used commented Bitnami multi-stage COPYs for two helper tools:

- kubectl (bitnami/kubectl:1.28.6)
- mc — MinIO client (bitnami/minio-client:2024.5.9)

Rather than copying these from Bitnami images, the build now downloads the official upstream
binaries for each tool and installs them into `/usr/local/bin`:

- kubectl — downloaded from the official Kubernetes release binary (pinned to `1.28.6` in the Dockerfile)
- mc — downloaded from MinIO's release binary

Why this change?

- Avoid reliance on third-party vendor images for small helper binaries.
- Pinning a known release binary reduces surprise changes caused by upstream image base changes.
- Reduces the number of build stages/sizes when those images aren't otherwise needed.

If you'd rather copy from alternate images (for example an official docker image that already contains the binaries):

1. Identify a replacement image and the correct path to the binary inside it (e.g. `/usr/bin/mc` or `/kubectl`).
2. Replace the relevant `curl`-download lines in the `Dockerfile` with an equivalent `COPY --from=<image>:<tag> <path-to-binary> /usr/local/bin/<bin>`.

Note: pin versions explicitly when using downloads or image tags to keep builds reproducible.

## Prerequisites

For maintainers who want to trigger builds:

- GitHub account with access to this repository
- Docker Hub secret `DOCKER_REGISTRY_PASSWORD` must be configured in repository settings

Expand All @@ -72,5 +100,6 @@ For maintainers who want to trigger builds:
5. Click "Run workflow"

The workflow will:

- Build a Docker image with the specified Tutor version
- Push it to Docker Hub as `abstract2tech/tutor-ci:<version>`
- Push it to Docker Hub as `abstract2tech/tutor-ci:<version>`