From 202bca56421a3b8d54d5641be4cfa915af81dd1e Mon Sep 17 00:00:00 2001 From: "Zak B. Elep" Date: Fri, 17 Jul 2020 14:26:36 +0800 Subject: [PATCH 01/20] Add dzil recipe This also serves as a very simple example of using our base perl image. --- dzil/Dockerfile | 1 + dzil/aptfile | 2 ++ dzil/cpanfile | 1 + 3 files changed, 4 insertions(+) create mode 100644 dzil/Dockerfile create mode 100644 dzil/aptfile create mode 100644 dzil/cpanfile diff --git a/dzil/Dockerfile b/dzil/Dockerfile new file mode 100644 index 0000000..284e0ce --- /dev/null +++ b/dzil/Dockerfile @@ -0,0 +1 @@ +FROM deriv/perl diff --git a/dzil/aptfile b/dzil/aptfile new file mode 100644 index 0000000..dac1978 --- /dev/null +++ b/dzil/aptfile @@ -0,0 +1,2 @@ +libncurses-dev +libreadline-dev diff --git a/dzil/cpanfile b/dzil/cpanfile new file mode 100644 index 0000000..f8f0d27 --- /dev/null +++ b/dzil/cpanfile @@ -0,0 +1 @@ +requires 'Dist::Zilla::PluginBundle::Author::DERIV'; From 8f4a5bb14c05feda2d06cb01bfaeec630a981a59 Mon Sep 17 00:00:00 2001 From: "Zak B. Elep" Date: Fri, 17 Jul 2020 14:22:43 +0800 Subject: [PATCH 02/20] Dockerfile: a couple more fixes - Check aptfile for readability, not size, so it can be skipped if the file doesn't exist. - Do not auto-remove removable packages; removing them doesn't affect the overall image size anyway, and some packages (like runtime libraries auto-installed by their -dev counterparts) can be inadventently removed and break CPAN modules. --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6a39e8c..0fc5b6c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -56,13 +56,12 @@ ONBUILD ADD cpanfile aptfile /app/ # go through the CPAN deps. Once those are all done, remove anything # that we would have pulled in as a build dep (compilers, for example) # unless they happened to be in the aptfile. -ONBUILD RUN if [ -s /app/aptfile ]; then \ +ONBUILD RUN if [ -r /app/aptfile ]; then \ apt-get -y -q update \ && apt-get -y -q --no-install-recommends install $(cat /app/aptfile); \ fi \ && cpanm --notest --quiet --installdeps --with-recommends . \ && apt-get purge -y -q $(perl -le'@seen{split " ", "" . do { local ($/, @ARGV) = (undef, "/app/aptfile"); <> }} = () if -r "aptfile"; print for grep { !exists $seen{$_} } qw(make gcc git openssh-client libc6-dev libssl-dev zlib1g-dev)') \ - && apt-get -y --purge autoremove \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* /root/.cpanm /tmp/* ONBUILD ADD . /app/ From a4b11784ad02a61c9996542516cf9abf5fbe51fd Mon Sep 17 00:00:00 2001 From: "Zak B. Elep" Date: Fri, 17 Jul 2020 14:47:31 +0800 Subject: [PATCH 03/20] .github/workflows/test.yaml: Test dzil image as well This probably needs its own workflow later, but for now just do a quick build and check using the dzil image. --- .github/workflows/test.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 595669f..b3d4d78 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -1,4 +1,4 @@ -name: Build image +name: Build images on: push: @@ -13,12 +13,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - - name: Build base perl image + - name: Build images run: | docker version [ -n $DEBIAN_PROXY ] && docker_build_opts="--build-arg=DEBIAN_PROXY=${DEBIAN_PROXY}" docker build "$docker_build_opts" -t deriv/perl . + cd dzil && docker build "$docker_build_opts" -t deriv/dzil . - name: Inspect image creation and tag time run: | docker image inspect --format \'{{.Created}}\' deriv/perl docker image inspect --format \'{{.Metadata.LastTagTime}}\' deriv/perl + docker image inspect --format \'{{.Created}}\' deriv/dzil + docker image inspect --format \'{{.Metadata.LastTagTime}}\' deriv/dzil From 67688048d1c3b653bd6c0cb61177a64c8271d04a Mon Sep 17 00:00:00 2001 From: "Zak B. Elep" Date: Tue, 28 Jul 2020 17:18:46 +0800 Subject: [PATCH 04/20] Dockerfile: invoke dumb-init on cpanm ONBUILD for signals handling This is important for cross-compile builds (e.g. amd64 to arm64) as cpanm/perl won't handle signals without defining them in the code, cf https://github.com/Perl/docker-perl/issues/44. Without this, cross-compiles will appear to stall. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0fc5b6c..8b06f61 100644 --- a/Dockerfile +++ b/Dockerfile @@ -60,7 +60,7 @@ ONBUILD RUN if [ -r /app/aptfile ]; then \ apt-get -y -q update \ && apt-get -y -q --no-install-recommends install $(cat /app/aptfile); \ fi \ - && cpanm --notest --quiet --installdeps --with-recommends . \ + && /usr/bin/dumb-init -- cpanm --notest --quiet --installdeps --with-recommends . \ && apt-get purge -y -q $(perl -le'@seen{split " ", "" . do { local ($/, @ARGV) = (undef, "/app/aptfile"); <> }} = () if -r "aptfile"; print for grep { !exists $seen{$_} } qw(make gcc git openssh-client libc6-dev libssl-dev zlib1g-dev)') \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* /root/.cpanm /tmp/* From d2d32bf78367a5f72d4e7864694b9189b0b786ea Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 04:44:35 +0800 Subject: [PATCH 05/20] Move apt/cpan setup to script so we can call in sub-images too --- Dockerfile | 21 ++++++--------------- prepare-apt-cpan.sh | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 15 deletions(-) create mode 100755 prepare-apt-cpan.sh diff --git a/Dockerfile b/Dockerfile index 8b06f61..532a5e4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,17 +12,17 @@ ENV CPANM_SHA256=9b60767fe40752ef7a9d3f13f19060a63389a5c23acc3e9827e19b75500f81f # Use an apt-cacher-ng or similar proxy when available during builds ARG DEBIAN_PROXY +ARG HTTP_PROXY WORKDIR /usr/src/perl RUN [ -n "$DEBIAN_PROXY" ] \ && (echo "Acquire::http::Proxy \"http://$DEBIAN_PROXY\";" > /etc/apt/apt.conf.d/30proxy) \ - && (echo "Acquire::http::Proxy::ppa.launchpad.net DIRECT;" >> /etc/apt/apt.conf.d/30proxy) \ || echo "No local Debian proxy configured" \ && apt-get update \ && apt-get dist-upgrade -y -q --no-install-recommends \ && apt-get install -y -q --no-install-recommends \ - git openssh-client curl socat ca-certificates gcc make libc6-dev libssl-dev zlib1g-dev xz-utils dumb-init \ + git openssh-client curl socat ca-certificates gcc make libc6-dev libssl-dev zlib1g-dev xz-utils dumb-init patch \ && curl -SL https://www.cpan.org/src/5.0/perl-${PERL_VERSION}.tar.xz -o perl-${PERL_VERSION}.tar.xz \ && echo "${PERL_SHA256} *perl-${PERL_VERSION}.tar.xz" | sha256sum -c - \ && tar --strip-components=1 -xaf perl-${PERL_VERSION}.tar.xz -C /usr/src/perl \ @@ -36,34 +36,25 @@ RUN [ -n "$DEBIAN_PROXY" ] \ && tar -xzf App-cpanminus-${CPANM_VERSION}.tar.gz \ && rm App-cpanminus-${CPANM_VERSION}.tar.gz \ && cd App-cpanminus-${CPANM_VERSION} && /opt/perl-${PERL_VERSION}/bin/perl bin/cpanm . \ - && rm -rf /var/lib/apt/lists/* /var/cache/apt/* \ + && rm -rf /var/lib/apt/lists/* /var/cache/apt/* /etc/apt/apt.conf.d/30proxy \ && rm -fr ./cpanm /root/.cpanm /usr/src/perl /usr/src/App-cpanminus-${CPANM_VERSION}* /tmp/* \ -# Locale support is probably quite useful in some cases, but -# let's let individual builds decide that via aptfile config -# && echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen \ -# && locale-gen \ && mkdir -p /etc/ssh/ \ && ssh-keyscan github.com >> /etc/ssh/ssh_known_hosts \ && mkdir -p /app WORKDIR /app/ +ADD prepare-apt-cpan.sh /usr/local/bin/ ENV PATH="/opt/perl-${PERL_VERSION}/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin" +ONBUILD ARG HTTP_PROXY ONBUILD ADD cpanfile aptfile /app/ # Install everything in the aptfile first, as system deps, then # go through the CPAN deps. Once those are all done, remove anything # that we would have pulled in as a build dep (compilers, for example) # unless they happened to be in the aptfile. -ONBUILD RUN if [ -r /app/aptfile ]; then \ - apt-get -y -q update \ - && apt-get -y -q --no-install-recommends install $(cat /app/aptfile); \ - fi \ - && /usr/bin/dumb-init -- cpanm --notest --quiet --installdeps --with-recommends . \ - && apt-get purge -y -q $(perl -le'@seen{split " ", "" . do { local ($/, @ARGV) = (undef, "/app/aptfile"); <> }} = () if -r "aptfile"; print for grep { !exists $seen{$_} } qw(make gcc git openssh-client libc6-dev libssl-dev zlib1g-dev)') \ - && rm -rf /var/lib/apt/lists/* /var/cache/apt/* /root/.cpanm /tmp/* - +ONBUILD RUN prepare-apt-cpan.sh ONBUILD ADD . /app/ ENTRYPOINT [ "/usr/bin/dumb-init", "--" ] diff --git a/prepare-apt-cpan.sh b/prepare-apt-cpan.sh new file mode 100755 index 0000000..2c3332d --- /dev/null +++ b/prepare-apt-cpan.sh @@ -0,0 +1,14 @@ +#!/bin/bash +# Prepare dependencies by installing anything found in `aptfile` +# then applying CPAN modules from `cpanfile`. + +set -e + +if [ -r /app/aptfile ]; then + apt-get -y -q update + apt-get -y -q --no-install-recommends install $(cat /app/aptfile) +fi +cpanm --notest --installdeps . +apt-get purge -y -q $(perl -le'@seen{split " ", "" . do { local ($/, @ARGV) = (undef, "/app/aptfile"); <> }} = () if -r "aptfile"; print for grep { !exists $seen{$_} } qw(make gcc git openssh-client libc6-dev libssl-dev zlib1g-dev patch)') +rm -rf /var/lib/apt/lists/* /var/cache/apt/* /root/.cpanm /tmp/* + From bd50ddbc1e4f02a833424025d6814a10ad795a7a Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 04:44:35 +0800 Subject: [PATCH 06/20] dzil build should pull in authordeps and apply Pod::Inherit patch for the DERIV author bundle --- dzil/Dockerfile | 7 +++++++ dzil/aptfile | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/dzil/Dockerfile b/dzil/Dockerfile index 284e0ce..e7e1c30 100644 --- a/dzil/Dockerfile +++ b/dzil/Dockerfile @@ -1 +1,8 @@ +ARG HTTP_PROXY FROM deriv/perl +ADD pod-inherit.patch . +RUN patch -p0 $(perldoc -lm Pod::Inherit) < pod-inherit.patch +ONBUILD ADD cpanfile aptfile dist.ini /app/ +ONBUILD RUN prepare-apt-cpan.sh \ + && dzil authordeps | cpanm -n +ONBUILD ADD . /app/ diff --git a/dzil/aptfile b/dzil/aptfile index dac1978..1b7ae82 100644 --- a/dzil/aptfile +++ b/dzil/aptfile @@ -1,2 +1,8 @@ libncurses-dev libreadline-dev +git +gcc +make +libc6-dev +openssh-client +patch From dfba9188495564061616f7cce58a118486d3ee43 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 04:44:35 +0800 Subject: [PATCH 07/20] Include Pod::Inherit @INC patch --- dzil/pod-inherit.patch | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 dzil/pod-inherit.patch diff --git a/dzil/pod-inherit.patch b/dzil/pod-inherit.patch new file mode 100644 index 0000000..808081a --- /dev/null +++ b/dzil/pod-inherit.patch @@ -0,0 +1,22 @@ +--- a/Pod/Inherit.pm 2020-04-03 21:58:36.470197738 +0800 ++++ b/Pod/Inherit.pm 2014-06-13 10:45:18.000000000 +0800 +@@ -909,7 +909,7 @@ + unless (exists $INC{$class_as_filename}) { + # Still no source? Great... we'll have to pray that require will work... + print "Still no source found for $classname; forced to use 'require'\n" if ($DEBUG && !$src); +- my $did_it = $src ? do $src : Class::Load::load_optional_class($classname); ++ my $did_it = $src ? do "./$src" : Class::Load::load_optional_class($classname); + unless ($did_it) { + my $err = $@; + $err =~ s/ \(\@INC contains: .*\)//; +@@ -994,7 +994,10 @@ + $src = Path::Class::File->new($src)->as_foreign('Unix'); + + return <<__END_HEADER__; ++=encoding utf8 ++ + =for comment POD_DERIVED_INDEX_GENERATED ++ + The following documentation is automatically generated. Please do not edit + this file, but rather the original, inline with $classname + at $src From 4aa6c009daa0dbd192eb19680d7d9679c00a6459 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 04:55:46 +0800 Subject: [PATCH 08/20] Include CircleCI config as well --- .circleci/config.yml | 65 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .circleci/config.yml diff --git a/.circleci/config.yml b/.circleci/config.yml new file mode 100644 index 0000000..940767d --- /dev/null +++ b/.circleci/config.yml @@ -0,0 +1,65 @@ +version: 2.1 +orbs: + docker: circleci/docker@0.5.18 +jobs: + images: + parameters: + push: + type: boolean + default: false + docker: + - image: cimg/base:2020.01 + steps: + - run: echo "push flag is << parameters.push >>" + - checkout + - setup_remote_docker + - run: | + docker login -u circle4regentmarkets -p "$DOCKERHUB_PASSWORD" + + - run: docker build -t deriv/perl:${CIRCLE_TAG:-latest} . + - run: docker build -t deriv/dzil:${CIRCLE_TAG:-latest} dzil + - when: + condition: <> + steps: + - run: echo 'pushing images' + - run: docker push deriv/perl:${CIRCLE_TAG:-latest} + - run: docker push deriv/dzil:${CIRCLE_TAG:-latest} +workflows: + version: 2 + build-workflow: + jobs: + - images: + context: perl + - docker/hadolint: + dockerfiles: ./Dockerfile,dzil/Dockerfile + # Don't pin apt versions, we'll never remember to update them + ignore-rules: DL3008 + artifacts-path: /disable-entirely + merged: + jobs: + - images: + context: perl + push: true + filters: + branches: + only: /^master$/ + tagged: + jobs: + - images: + context: perl + filters: + branches: + ignore: /.*/ + tags: + only: /^V\d+_.*/ + daily: + jobs: + - images: + context: perl + triggers: + - schedule: + cron: 05 19 * * * + filters: + branches: + only: + - master From 3aa7ba6f4d5a3f2551c2b7e05c45c996563e288c Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:00:30 +0800 Subject: [PATCH 09/20] Update CircleCI docker orb --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 940767d..19b7d4b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,6 +1,6 @@ version: 2.1 orbs: - docker: circleci/docker@0.5.18 + docker: circleci/docker@1.4.0 jobs: images: parameters: From 15d8663f3f25ae4a5e3f72820678adb1b646b2a2 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:01:44 +0800 Subject: [PATCH 10/20] Latest orb does not have artifacts path for hadolint --- .circleci/config.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 19b7d4b..42272d0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -31,10 +31,9 @@ workflows: - images: context: perl - docker/hadolint: - dockerfiles: ./Dockerfile,dzil/Dockerfile + dockerfiles: Dockerfile,dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them ignore-rules: DL3008 - artifacts-path: /disable-entirely merged: jobs: - images: From 8de0637b01ed6b7fdac24663cff81ff7fc6706aa Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:03:26 +0800 Subject: [PATCH 11/20] List of dockerfiles now colon-separated --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 42272d0..2dc44f5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -31,7 +31,7 @@ workflows: - images: context: perl - docker/hadolint: - dockerfiles: Dockerfile,dzil/Dockerfile + dockerfiles: Dockerfile:dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them ignore-rules: DL3008 merged: From 1138c4dc23fdedcbe32028d6c2531c5ee6c0aa8b Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:09:23 +0800 Subject: [PATCH 12/20] Switch to orb versions of build+publish --- .circleci/config.yml | 108 +++++++++++++++++++++++-------------------- 1 file changed, 58 insertions(+), 50 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 2dc44f5..d9810a8 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,64 +1,72 @@ version: 2.1 orbs: docker: circleci/docker@1.4.0 -jobs: - images: - parameters: - push: - type: boolean - default: false - docker: - - image: cimg/base:2020.01 - steps: - - run: echo "push flag is << parameters.push >>" - - checkout - - setup_remote_docker - - run: | - docker login -u circle4regentmarkets -p "$DOCKERHUB_PASSWORD" - - - run: docker build -t deriv/perl:${CIRCLE_TAG:-latest} . - - run: docker build -t deriv/dzil:${CIRCLE_TAG:-latest} dzil - - when: - condition: <> - steps: - - run: echo 'pushing images' - - run: docker push deriv/perl:${CIRCLE_TAG:-latest} - - run: docker push deriv/dzil:${CIRCLE_TAG:-latest} workflows: version: 2 build-workflow: jobs: - - images: - context: perl - - docker/hadolint: - dockerfiles: Dockerfile:dzil/Dockerfile - # Don't pin apt versions, we'll never remember to update them - ignore-rules: DL3008 + - docker/publish: + deploy: false + image: deriv/perl + - docker/publish: + deploy: false + image: deriv/dzil + path: dzil + - docker/hadolint: + dockerfiles: Dockerfile:dzil/Dockerfile + # Don't pin apt versions, we'll never remember to update them + ignore-rules: DL3008 merged: jobs: - - images: - context: perl - push: true - filters: - branches: - only: /^master$/ + - docker/publish: + deploy: true + image: deriv/perl + filters: + branches: + only: /^master$/ + - docker/publish: + deploy: true + image: deriv/dzil + path: dzil + filters: + branches: + only: /^master$/ + - docker/hadolint: + dockerfiles: Dockerfile:dzil/Dockerfile + # Don't pin apt versions, we'll never remember to update them + ignore-rules: DL3008 tagged: jobs: - - images: - context: perl - filters: - branches: - ignore: /.*/ - tags: - only: /^V\d+_.*/ + - docker/publish: + deploy: true + image: deriv/perl + filters: + branches: + only: /^master$/ + - docker/publish: + deploy: true + image: deriv/dzil + path: dzil + filters: + branches: + only: /^master$/ + - docker/hadolint: + dockerfiles: Dockerfile:dzil/Dockerfile + # Don't pin apt versions, we'll never remember to update them + ignore-rules: DL3008 daily: jobs: - - images: - context: perl + - docker/publish: + deploy: false + image: deriv/perl + - docker/publish: + deploy: false + image: deriv/dzil + path: dzil triggers: - - schedule: - cron: 05 19 * * * - filters: - branches: - only: - - master + - schedule: + cron: 05 19 * * * + filters: + branches: + only: + - master From 9c128b13c079e0deab4731d7ff2db23a296af257 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:13:19 +0800 Subject: [PATCH 13/20] Clean up CircleCI config - no point running hadolint everywhere --- .circleci/config.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index d9810a8..88817cc 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,6 +35,9 @@ workflows: dockerfiles: Dockerfile:dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them ignore-rules: DL3008 + filters: + branches: + only: /^master$/ tagged: jobs: - docker/publish: @@ -50,10 +53,6 @@ workflows: filters: branches: only: /^master$/ - - docker/hadolint: - dockerfiles: Dockerfile:dzil/Dockerfile - # Don't pin apt versions, we'll never remember to update them - ignore-rules: DL3008 daily: jobs: - docker/publish: @@ -63,6 +62,10 @@ workflows: deploy: false image: deriv/dzil path: dzil + - docker/hadolint: + dockerfiles: Dockerfile:dzil/Dockerfile + # Don't pin apt versions, we'll never remember to update them + ignore-rules: DL3008 triggers: - schedule: cron: 05 19 * * * From da7ca78326cd3dde7a05d246685c8805060c86e5 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:13:27 +0800 Subject: [PATCH 14/20] Apply hadolint recommendations --- Dockerfile | 22 +++++++++++----------- dzil/Dockerfile | 6 +++--- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 532a5e4..a731f9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,39 +23,39 @@ RUN [ -n "$DEBIAN_PROXY" ] \ && apt-get dist-upgrade -y -q --no-install-recommends \ && apt-get install -y -q --no-install-recommends \ git openssh-client curl socat ca-certificates gcc make libc6-dev libssl-dev zlib1g-dev xz-utils dumb-init patch \ - && curl -SL https://www.cpan.org/src/5.0/perl-${PERL_VERSION}.tar.xz -o perl-${PERL_VERSION}.tar.xz \ + && curl -SL https://www.cpan.org/src/5.0/"perl-${PERL_VERSION}".tar.xz -o "perl-${PERL_VERSION}".tar.xz \ && echo "${PERL_SHA256} *perl-${PERL_VERSION}.tar.xz" | sha256sum -c - \ - && tar --strip-components=1 -xaf perl-${PERL_VERSION}.tar.xz -C /usr/src/perl \ - && rm perl-${PERL_VERSION}.tar.xz \ - && ./Configure -Duse64bitall -Duseshrplib -Dprefix=/opt/perl-${PERL_VERSION} -Dman1dir=none -Dman3dir=none -des \ + && tar --strip-components=1 -xaf "perl-${PERL_VERSION}".tar.xz -C /usr/src/perl \ + && rm "perl-${PERL_VERSION}".tar.xz \ + && ./Configure -Duse64bitall -Duseshrplib -Dprefix=/opt/"perl-${PERL_VERSION}" -Dman1dir=none -Dman3dir=none -des \ && make -j$(nproc) \ && make install \ && cd /usr/src \ && curl -LO https://www.cpan.org/authors/id/M/MI/MIYAGAWA/App-cpanminus-${CPANM_VERSION}.tar.gz \ && echo "${CPANM_SHA256} *App-cpanminus-${CPANM_VERSION}.tar.gz" | sha256sum -c - \ - && tar -xzf App-cpanminus-${CPANM_VERSION}.tar.gz \ - && rm App-cpanminus-${CPANM_VERSION}.tar.gz \ - && cd App-cpanminus-${CPANM_VERSION} && /opt/perl-${PERL_VERSION}/bin/perl bin/cpanm . \ + && tar -xzf "App-cpanminus-${CPANM_VERSION}".tar.gz \ + && rm "App-cpanminus-${CPANM_VERSION}".tar.gz \ + && cd "App-cpanminus-${CPANM_VERSION}" && /opt/"perl-${PERL_VERSION}"/bin/perl bin/cpanm . \ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* /etc/apt/apt.conf.d/30proxy \ - && rm -fr ./cpanm /root/.cpanm /usr/src/perl /usr/src/App-cpanminus-${CPANM_VERSION}* /tmp/* \ + && rm -fr ./cpanm /root/.cpanm /usr/src/perl /usr/src/"App-cpanminus-${CPANM_VERSION}"* /tmp/* \ && mkdir -p /etc/ssh/ \ && ssh-keyscan github.com >> /etc/ssh/ssh_known_hosts \ && mkdir -p /app WORKDIR /app/ -ADD prepare-apt-cpan.sh /usr/local/bin/ +COPY prepare-apt-cpan.sh /usr/local/bin/ ENV PATH="/opt/perl-${PERL_VERSION}/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin" ONBUILD ARG HTTP_PROXY -ONBUILD ADD cpanfile aptfile /app/ +ONBUILD COPY cpanfile aptfile /app/ # Install everything in the aptfile first, as system deps, then # go through the CPAN deps. Once those are all done, remove anything # that we would have pulled in as a build dep (compilers, for example) # unless they happened to be in the aptfile. ONBUILD RUN prepare-apt-cpan.sh -ONBUILD ADD . /app/ +ONBUILD COPY . /app/ ENTRYPOINT [ "/usr/bin/dumb-init", "--" ] diff --git a/dzil/Dockerfile b/dzil/Dockerfile index e7e1c30..483b457 100644 --- a/dzil/Dockerfile +++ b/dzil/Dockerfile @@ -1,8 +1,8 @@ ARG HTTP_PROXY FROM deriv/perl -ADD pod-inherit.patch . +COPY pod-inherit.patch . RUN patch -p0 $(perldoc -lm Pod::Inherit) < pod-inherit.patch -ONBUILD ADD cpanfile aptfile dist.ini /app/ +ONBUILD COPY cpanfile aptfile dist.ini /app/ ONBUILD RUN prepare-apt-cpan.sh \ && dzil authordeps | cpanm -n -ONBUILD ADD . /app/ +ONBUILD COPY . /app/ From ffe3d9c620b95de3b6865fa4fdf1b8a8e01acf96 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:18:02 +0800 Subject: [PATCH 15/20] Filter out some more hadolint checks --- .circleci/config.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 88817cc..ab43116 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -15,7 +15,7 @@ workflows: - docker/hadolint: dockerfiles: Dockerfile:dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them - ignore-rules: DL3008 + ignore-rules: DL3008,SC2046,DL3003,DL4006 merged: jobs: - docker/publish: @@ -34,7 +34,7 @@ workflows: - docker/hadolint: dockerfiles: Dockerfile:dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them - ignore-rules: DL3008 + ignore-rules: DL3008,SC2046,DL3003,DL4006 filters: branches: only: /^master$/ @@ -65,7 +65,7 @@ workflows: - docker/hadolint: dockerfiles: Dockerfile:dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them - ignore-rules: DL3008 + ignore-rules: DL3008,SC2046,DL3003,DL4006 triggers: - schedule: cron: 05 19 * * * From 24726eb19ce70048613f5423cd85b7ae913fda6d Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:18:55 +0800 Subject: [PATCH 16/20] Try to set WORKDIR --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index a731f9b..1276680 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,6 +48,7 @@ COPY prepare-apt-cpan.sh /usr/local/bin/ ENV PATH="/opt/perl-${PERL_VERSION}/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin" ONBUILD ARG HTTP_PROXY +ONBUILD WORKDIR /app/ ONBUILD COPY cpanfile aptfile /app/ # Install everything in the aptfile first, as system deps, then From 8b6c9fd952172ff0616e5f17dbc00920e8e83b48 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:42:33 +0800 Subject: [PATCH 17/20] Attempt to make job steps sequential --- .circleci/config.yml | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ab43116..b08f361 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,21 +1,36 @@ version: 2.1 orbs: docker: circleci/docker@1.4.0 +jobs: + perl: + executor: docker/docker + steps: + - setup_remote_docker + - checkout + - docker/check + - docker/build: + image: deriv/perl + dzil: + executor: docker/docker + steps: + - setup_remote_docker + - checkout + - docker/check + - docker/build: + image: deriv/dzil + path: dzil workflows: version: 2 build-workflow: jobs: - - docker/publish: - deploy: false - image: deriv/perl - - docker/publish: - deploy: false - image: deriv/dzil - path: dzil + - perl + - dzil: + requires: + - perl - docker/hadolint: dockerfiles: Dockerfile:dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them - ignore-rules: DL3008,SC2046,DL3003,DL4006 + ignore-rules: DL3008,SC2046,DL3003,DL4006,DL3006 merged: jobs: - docker/publish: @@ -34,7 +49,7 @@ workflows: - docker/hadolint: dockerfiles: Dockerfile:dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them - ignore-rules: DL3008,SC2046,DL3003,DL4006 + ignore-rules: DL3008,SC2046,DL3003,DL4006,DL3006 filters: branches: only: /^master$/ @@ -65,7 +80,7 @@ workflows: - docker/hadolint: dockerfiles: Dockerfile:dzil/Dockerfile # Don't pin apt versions, we'll never remember to update them - ignore-rules: DL3008,SC2046,DL3003,DL4006 + ignore-rules: DL3008,SC2046,DL3003,DL4006,DL3006 triggers: - schedule: cron: 05 19 * * * From c0e04092ced753f2bc7ed6349a52c2e0e4b5087c Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:48:09 +0800 Subject: [PATCH 18/20] Apply `perl` context --- .circleci/config.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index b08f361..07375e7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -23,8 +23,10 @@ workflows: version: 2 build-workflow: jobs: - - perl + - perl: + context: perl - dzil: + context: perl requires: - perl - docker/hadolint: From 2a57592a42dfab0276e929555f495b8b2d307cc1 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:52:38 +0800 Subject: [PATCH 19/20] CircleCI orb has several bugs, so the current version is not usable --- .circleci/config.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 07375e7..f4b3d2c 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,18 +7,21 @@ jobs: steps: - setup_remote_docker - checkout - - docker/check - - docker/build: - image: deriv/perl + - run: + command: | + echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_LOGIN" --password-stdin + docker build -t deriv/perl . + name: Build deriv/perl dzil: executor: docker/docker steps: - setup_remote_docker - checkout - - docker/check - - docker/build: - image: deriv/dzil - path: dzil + - run: + command: | + echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_LOGIN" --password-stdin + cd dzil && docker build -t deriv/dzil . + name: Build deriv/dzil workflows: version: 2 build-workflow: From 43551cc566f8736d3d08947acbc5c9b94c96d779 Mon Sep 17 00:00:00 2001 From: Tom Molesworth Date: Mon, 24 Aug 2020 05:55:04 +0800 Subject: [PATCH 20/20] Report $DOCKER_LOGIN to test context-is-broken hypothesis --- .circleci/config.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f4b3d2c..42e7609 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -9,7 +9,8 @@ jobs: - checkout - run: command: | - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_LOGIN" --password-stdin + echo Log in as "$DOCKER_LOGIN" + echo "$DOCKER_PASSWORD" | docker login --username "$DOCKER_LOGIN" --password-stdin docker build -t deriv/perl . name: Build deriv/perl dzil: