ci: Remove unused detritus from Docker images.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
This commit is contained in:
Anders Kaseorg 2021-07-13 13:03:32 -07:00 committed by Tim Abbott
parent 7e65421b1f
commit bcc89c80a2
2 changed files with 43 additions and 89 deletions

View File

@ -3,106 +3,60 @@
# * a non-root user to run as (a pain to try to do in setup, # * a non-root user to run as (a pain to try to do in setup,
# because by then we've already cloned the repo); # because by then we've already cloned the repo);
# * Git and other basic utilities. # * Git and other basic utilities.
#
# Based on CircleCI's provided images, but those are on Debian Jessie
# and we want Ubuntu, to match our supported environments in production.
# See these templates and code:
# https://github.com/circleci/circleci-images/blob/1949c44df/shared/images/
# which we've borrowed from, chiefly Dockerfile-basic.template.
#
# The CircleCI `python` images are based on upstream's `python` (i.e.,
# https://hub.docker.com/_/python/), which also come only for Debian
# (and various obscure distros, and Windows) and not Ubuntu. Those
# are in turn based on upstream's `buildpack-deps`, which do come in
# Ubuntu flavors.
#
# So this image starts from `buildpack-deps`, does the job of `python`
# (but much simpler, with a couple of packages from the distro), and
# then borrows from the CircleCI Dockerfile.
# To rebuild from this file for a given release, say bionic: # To rebuild from this file for a given release, say Ubuntu 18.04 bionic:
# docker build . --build-arg=BASE_IMAGE=buildpack-deps:bionic-scm --pull --tag=zulip/ci:bionic # docker build . --build-arg=BASE_IMAGE=ubuntu:18.04 --pull --tag=zulip/ci:bionic
# docker push zulip/ci:bionic # docker push zulip/ci:bionic
ARG BASE_IMAGE ARG BASE_IMAGE
FROM $BASE_IMAGE FROM $BASE_IMAGE
RUN echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/90circleci \ RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime
&& echo 'DPkg::Options "--force-confnew";' >> /etc/apt/apt.conf.d/90circleci
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update \ # Set the locale.
&& apt-get install -y \
sudo \
locales \
xvfb \
parallel \
unzip zip jq \
python3-pip \
&& ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime \
&& echo "LC_ALL=C.UTF-8" | sudo tee -a /etc/default/locale
# Set the locale, together with the locale-related steps above.
ENV LC_ALL C.UTF-8 ENV LC_ALL C.UTF-8
# Install Docker. This logic comes from Circle's Dockerfile; it's probably
# faster than the upstream-recommended approach of using their apt repo,
# and fine for an image that will be rebuilt rather than upgraded.
# Docker core...
RUN set -e \
&& export DOCKER_VERSION=$(curl --silent --fail --retry 3 https://download.docker.com/linux/static/stable/x86_64/ | grep -o -e 'docker-[.0-9]*-ce\.tgz' | sort -r | head -n 1) \
&& DOCKER_URL="https://download.docker.com/linux/static/stable/x86_64/${DOCKER_VERSION}" \
&& echo Docker URL: $DOCKER_URL \
&& curl --silent --show-error --location --fail --retry 3 --output /tmp/docker.tgz "${DOCKER_URL}" \
&& ls -lha /tmp/docker.tgz \
&& tar -xz -C /tmp -f /tmp/docker.tgz \
&& mv /tmp/docker/* /usr/bin \
&& rm -rf /tmp/docker /tmp/docker.tgz \
&& command -v docker \
&& (docker version 2>/dev/null || true)
# ...docker-compose...
RUN COMPOSE_URL="https://circle-downloads.s3.amazonaws.com/circleci-images/cache/linux-amd64/docker-compose-latest" \
&& curl --silent --show-error --location --fail --retry 3 --output /usr/bin/docker-compose $COMPOSE_URL \
&& chmod +x /usr/bin/docker-compose \
&& docker-compose version
# ... and dockerize.
RUN DOCKERIZE_URL="https://circle-downloads.s3.amazonaws.com/circleci-images/cache/linux-amd64/dockerize-latest.tar.gz" \
&& curl --silent --show-error --location --fail --retry 3 --output /tmp/dockerize-linux-amd64.tar.gz $DOCKERIZE_URL \
&& tar -C /usr/local/bin -xzvf /tmp/dockerize-linux-amd64.tar.gz \
&& rm -rf /tmp/dockerize-linux-amd64.tar.gz \
&& dockerize --version
# Extra packages used by Zulip.
RUN apt-get update \
&& apt-get install --no-install-recommends \
memcached rabbitmq-server redis-server \
hunspell-en-us supervisor libssl-dev puppet \
gettext libffi-dev libfreetype6-dev zlib1g-dev \
libjpeg-dev libldap2-dev \
libxml2-dev libxslt1-dev libpq-dev moreutils
# Upgrade git if it is less than v2.18 because GitHub Actions' # Upgrade git if it is less than v2.18 because GitHub Actions'
# checkout installs source code using Rest API as an optimization # checkout installs source code using Rest API as an optimization
# if the version is less than v2.18, which causes failure in provision # if the version is less than v2.18, which causes failure in provision
# and tests because of the lack of git being initialized. # and tests because of the lack of git being initialized.
RUN export git_version=$(git --version | cut -d ' ' -f3 | cut -d 'v' -f2) && \ RUN if (. /etc/os-release && [ "$ID $VERSION_ID" = 'ubuntu 18.04' ]); then \
if dpkg --compare-versions $git_version lt 2.18; then \ apt-get update && \
sudo apt-get install -y software-properties-common && \ apt-get -y install software-properties-common && \
sudo add-apt-repository ppa:git-core/ppa -y && \ add-apt-repository -y ppa:git-core/ppa; \
sudo apt-get update && \
sudo apt-get install -y git; \
fi fi
# Remove systemd package as it is not required and hinders with install # Extra packages used by Zulip.
RUN if [ ! "$(dpkg-query -f='$(Version)' --show systemd)" = "" ]; then \ RUN apt-get update \
apt-get remove --purge --auto-remove systemd -y && \ && apt-get -y install --no-install-recommends \
echo 'Package: systemd\nPin: release *\nPin-Priority: -1' | sudo tee -a /etc/apt/preferences.d/systemd && \ build-essential \
echo '\n\nPackage: *systemd*\nPin: release *\nPin-Priority: -1' | sudo tee -a /etc/apt/preferences.d/systemd && \ ca-certificates \
echo '\nPackage: systemd:amd64\nPin: release *\nPin-Priority: -1' | sudo tee -a /etc/apt/preferences.d/systemd; \ curl \
fi gettext \
git \
hunspell-en-us \
jq \
libffi-dev \
libfreetype6-dev \
libjpeg-dev \
libldap2-dev \
libpq-dev \
libssl-dev \
libxml2-dev \
libxslt1-dev \
locales \
memcached \
moreutils \
puppet \
python3-dev \
python3-pip \
rabbitmq-server \
redis-server \
sudo \
supervisor \
unzip \
xvfb \
zlib1g-dev
ARG USERNAME=github ARG USERNAME=github
RUN groupadd --gid 3434 $USERNAME \ RUN groupadd --gid 3434 $USERNAME \

View File

@ -1,8 +1,8 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -eux set -eux
cd "$(dirname "${BASH_SOURCE[0]}")" cd "$(dirname "${BASH_SOURCE[0]}")"
docker build . --build-arg=BASE_IMAGE=buildpack-deps:bionic-scm --pull --tag=zulip/ci:bionic docker build . --build-arg=BASE_IMAGE=ubuntu:18.04 --pull --tag=zulip/ci:bionic
docker build . --build-arg=BASE_IMAGE=buildpack-deps:focal-scm --pull --tag=zulip/ci:focal docker build . --build-arg=BASE_IMAGE=ubuntu:20.04 --pull --tag=zulip/ci:focal
docker build . --build-arg=BASE_IMAGE=buildpack-deps:buster-scm --pull --tag=zulip/ci:buster docker build . --build-arg=BASE_IMAGE=debian:10 --pull --tag=zulip/ci:buster
docker build . --build-arg=BASE_IMAGE=buildpack-deps:bullseye-scm --pull --tag=zulip/ci:bullseye docker build . --build-arg=BASE_IMAGE=debian:bullseye --pull --tag=zulip/ci:bullseye
docker build . -f Dockerfile.prod --build-arg=BASE_IMAGE=zulip/ci:buster --build-arg=VERSION=3.4 --tag=zulip/ci:buster-3.4 docker build . -f Dockerfile.prod --build-arg=BASE_IMAGE=zulip/ci:buster --build-arg=VERSION=3.4 --tag=zulip/ci:buster-3.4