arcanis/ahriman
1
0
Fork 0
mirror of https://github.com/arcan1s/ahriman.git synced 2025-04-24 07:17:17 +00:00
Code Issues Projects Releases Wiki Activity

build: docker image generation improvements

Browse Source 
There are two major changes here. First of all, the image generation now
consist of two separated stages, the build itself and the production
image generation. Secondly, the packages inside image are now installed
as they were at the time of the root image generation (defined by stat
command)

Another side change is that container does not longer ship syncronized
(and out-of-dated) pacman databases; they have to be synced manually
This commit is contained in:
Evgenii Alekseev 2024-11-15 16:54:04 +02:00
parent f09082dff2
commit 0cc35e70e3
2 changed files with 106 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

159
docker/Dockerfile
View File

@ -1,4 +1,77 @@
FROM archlinux:base # build image
FROM archlinux:base AS build
# install environment
## create build user
RUN useradd -m -d "/home/build" -s "/usr/bin/nologin" build
## extract container creation date and set mirror for this timestamp, set PKGEXT and refresh database next
RUN echo "Server = https://archive.archlinux.org/repos/$(stat -c "%y" "/var/lib/pacman" | cut -d " " -f 1 | sed "s,-,/,g")/\$repo/os/\$arch" > "/etc/pacman.d/mirrorlist" && \
pacman -Sy
## setup package cache
RUN runuser -u build -- mkdir "/tmp/pkg" && \
echo "PKGDEST=/tmp/pkg" >> "/etc/makepkg.conf" && \
echo "[options]" >> "/etc/pacman.conf" && \
echo "CacheDir = /tmp/pkg/" >> "/etc/pacman.conf"
## install anc configure sudo
RUN pacman -S --noconfirm --asdeps sudo && \
echo "build ALL=(ALL) NOPASSWD: ALL" > "/etc/sudoers.d/build"
## copy install script
COPY "docker/install-aur-package.sh" "/usr/local/bin/install-aur-package"
## install package dependencies
RUN pacman -S --noconfirm --asdeps \
devtools \
git \
pyalpm \
python-bcrypt \
python-inflection \
python-pyelftools \
python-requests \
&& \
pacman -S --noconfirm --asdeps \
base-devel \
python-build \
python-flit \
python-installer \
python-tox \
python-wheel \
&& \
pacman -S --noconfirm --asdeps \
git \
python-aiohttp \
python-boto3 \
python-cerberus \
python-cryptography \
python-jinja \
python-systemd \
rsync \
&& \
runuser -u build -- install-aur-package \
python-aioauth-client \
python-sphinx-typlog-theme \
python-webargs \
python-aiohttp-apispec-git \
python-aiohttp-cors \
python-aiohttp-jinja2 \
python-aiohttp-session \
python-aiohttp-security \
python-requests-unixsocket2
# install ahriman
## copy tree
COPY --chown=build . "/home/build/ahriman"
## create package archive and install it
RUN cd "/home/build/ahriman" && \
tox -e archive && \
cp ./dist/*.tar.gz "package/archlinux" && \
cd "package/archlinux" && \
runuser -u build -- makepkg --noconfirm --skipchecksums && \
cd / && rm -r "/home/build/ahriman"
# main image
FROM archlinux:base AS ahriman
# image configuration # image configuration
ENV AHRIMAN_ARCHITECTURE="x86_64" ENV AHRIMAN_ARCHITECTURE="x86_64"
@ -23,73 +96,45 @@ ENV AHRIMAN_VALIDATE_CONFIGURATION="yes"
## update pacman.conf with multilib ## update pacman.conf with multilib
RUN echo "[multilib]" >> "/etc/pacman.conf" && \ RUN echo "[multilib]" >> "/etc/pacman.conf" && \
echo "Include = /etc/pacman.d/mirrorlist" >> "/etc/pacman.conf" echo "Include = /etc/pacman.d/mirrorlist" >> "/etc/pacman.conf"
## refresh packages, install sudo and install packages for building ## copy built packages from build image and setup repository
RUN pacman -Syu --noconfirm sudo && \ COPY --from=build "/tmp/pkg" "/var/cache/pacman/pkg"
pacman -S --noconfirm --asdeps fakeroot python-tox RUN repo-add "/var/cache/pacman/pkg/core.db.tar.zst" "/var/cache/pacman/pkg/"*.pkg.tar.zst && \
## create build user repo-add "/var/cache/pacman/pkg/extra.db.tar.zst" && \
RUN useradd -m -d "/home/build" -s "/usr/bin/nologin" build && \ repo-add "/var/cache/pacman/pkg/multilib.db.tar.zst"
echo "build ALL=(ALL) NOPASSWD: ALL" > "/etc/sudoers.d/build" ## set local directory to use as repository and refresh database
COPY "docker/install-aur-package.sh" "/usr/local/bin/install-aur-package" RUN cp "/etc/pacman.d/mirrorlist" "/etc/pacman.d/mirrorlist.orig" && \
## install package dependencies echo "Server = file:///var/cache/pacman/pkg" > "/etc/pacman.d/mirrorlist" && \
cp "/etc/pacman.conf" "/etc/pacman.conf.orig" && \
sed -i "s/SigLevel *=.*/SigLevel = Optional/g" "/etc/pacman.conf" && \
pacman -Sy
## install package and its optional dependencies
RUN pacman -S --noconfirm \
--assume-installed python-aiohttp-apispec=3.0.0 \
ahriman
RUN pacman -S --noconfirm --asdeps \ RUN pacman -S --noconfirm --asdeps \
devtools \ python-aioauth-client \
git \ python-aiohttp-apispec-git \
pyalpm \ python-aiohttp-security \
python-bcrypt \ python-aiohttp-session \
python-inflection \
python-pyelftools \
python-requests \
&& \
pacman -S --noconfirm --asdeps \
base-devel \
python-build \
python-flit \
python-installer \
python-wheel \
&& \
pacman -S --noconfirm --asdeps \
git \
python-aiohttp \
python-boto3 \ python-boto3 \
python-cerberus \ python-cerberus \
python-cryptography \ python-cryptography \
python-jinja \
python-systemd \ python-systemd \
python-requests-unixsocket2 \
rsync \ rsync \
&& \ sudo
runuser -u build -- install-aur-package \
python-aioauth-client \
python-sphinx-typlog-theme \
python-webargs \
python-aiohttp-apispec-git \
python-aiohttp-cors \
python-aiohttp-jinja2 \
python-aiohttp-session \
python-aiohttp-security \
python-requests-unixsocket2
## FIXME since 1.0.4 devtools requires dbus to be run, which doesn't work now in container ## clear cache and restore system
COPY "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn" RUN find "/var/cache/pacman/pkg" "/var/lib/pacman/sync" -type "f,l" -delete && \
cp "/etc/pacman.d/mirrorlist.orig" "/etc/pacman.d/mirrorlist" && \
# install ahriman cp "/etc/pacman.conf.orig" "/etc/pacman.conf"
## copy tree
COPY --chown=build . "/home/build/ahriman"
## create package archive and install it
RUN cd "/home/build/ahriman" && \
tox -e archive && \
cp ./dist/*.tar.gz "package/archlinux" && \
cd "package/archlinux" && \
runuser -u build -- makepkg --noconfirm --skipchecksums && \
runuser -u build -- makepkg --packagelist | grep -v -- -debug- | pacman -U --noconfirm --nodeps - && \
cd / && rm -r "/home/build/ahriman"
# cleanup unused
RUN find "/var/cache/pacman/pkg" -type f -delete
RUN pacman -Qdtq | pacman -Rscn --noconfirm -
VOLUME ["/var/lib/ahriman"] VOLUME ["/var/lib/ahriman"]
# minimal runtime ahriman setup # minimal runtime ahriman setup
## FIXME since 1.0.4 devtools requires dbus to be run, which doesn't work now in container
COPY "docker/systemd-nspawn.sh" "/usr/local/bin/systemd-nspawn"
## entrypoint setup
COPY "docker/entrypoint.sh" "/usr/local/bin/entrypoint" COPY "docker/entrypoint.sh" "/usr/local/bin/entrypoint"
ENTRYPOINT ["entrypoint"] ENTRYPOINT ["entrypoint"]
# default command # default command

4
docker/install-aur-package.sh
View File

@ -4,8 +4,12 @@ set -e
for PACKAGE in "$@"; do for PACKAGE in "$@"; do
BUILD_DIR="$(mktemp -d)" BUILD_DIR="$(mktemp -d)"
# clone the remote source
git clone https://aur.archlinux.org/"$PACKAGE".git "$BUILD_DIR" git clone https://aur.archlinux.org/"$PACKAGE".git "$BUILD_DIR"
cd "$BUILD_DIR" cd "$BUILD_DIR"
# checkout to the image date
git checkout "$(git rev-list -1 --before="$(stat -c "%y" "/var/lib/pacman" | cut -d " " -f 1)" master)"
# build and install the package
makepkg --nocheck --noconfirm --install --rmdeps --syncdeps makepkg --nocheck --noconfirm --install --rmdeps --syncdeps
cd / cd /
rm -r "$BUILD_DIR" rm -r "$BUILD_DIR"