Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: building of docker images is more flexible #154

Open
wants to merge 1 commit into
base: scip
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/scip-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ on:
pull_request:
paths:
- '.github/workflows/**'
- 'Dockerfile.autoindex'
- 'Dockerfile'

jobs:
build-image:
Expand Down Expand Up @@ -41,7 +41,7 @@ jobs:
id: docker_build_autoindex
uses: docker/build-push-action@v4
with:
file: Dockerfile.autoindex
file: Dockerfile
push: false
tags: |
sourcegraph/scip-python:test
107 changes: 85 additions & 22 deletions .github/workflows/scip-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,33 +5,96 @@ on:
tags:
- v*

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
release-image:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: docker/setup-buildx-action@v2
- uses: actions/setup-node@v2
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '16'
registry-url: 'https://registry.npmjs.org'
- run: npm install
- run: cd ./packages/pyright-scip/ && npm install && npm run build
- run: cd ./packages/pyright-scip/ && npm publish --access public
cache: npm
cache-dependency-path: '**/package-lock.json'
node-version: 16
registry-url: https://registry.npmjs.org

- run: npm ci
- run: npm ci && npm run build
working-directory: ./packages/pyright-scip/

- if: ${{ env.NODE_AUTH_TOKEN }}
run: npm publish --access public
working-directory: ./packages/pyright-scip/
env:
NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
- name: Login to DockerHub
uses: docker/login-action@v2
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

docker:
needs: publish
strategy:
fail-fast: false
matrix:
version_debian: [bookworm]
version_python: ['3.10']
version_node: ['16']

runs-on: ubuntu-latest
permissions:
contents: read
packages: write

# Permissions used for artifact attestation.
attestations: write
id-token: write

steps:
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push
id: docker_build_autoindex
uses: docker/build-push-action@v4
registry: ${{ vars.REGISTRY || 'docker.io' }}
username: ${{ secrets.DOCKER_USERNAME || github.actor }}
password: ${{ secrets.DOCKER_PASSWORD || secrets.GITHUB_TOKEN }}

# Use QEMU and Buildx so we can build for multiple platforms.
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3

- name: Generate image tags
id: meta
uses: docker/metadata-action@v5
with:
file: Dockerfile.autoindex
push: true
images: ${{ vars.REGISTRY || 'docker.io' }}/${{ github.repository }}
flavor: |
latest=true
# NOTE: The autoindex tag seems to be legacy and overlaps fully with latest, dropping it might be breaking change.
tags: |
sourcegraph/scip-python:autoindex
sourcegraph/scip-python:latest
sourcegraph/scip-python:${{ github.ref_name }}
type=sha,
type=schedule
type=raw,value=autoindex
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}

- name: Build and release image
id: push
uses: docker/build-push-action@v5
with:
cache-from: type=gha,scope=docker-${{ matrix.version_debian}}-${{ matrix.version_python}}-${{ matrix.version_node }}
cache-to: type=gha,mode=max,scope=docker-${{ matrix.version_debian}}-${{ matrix.version_python}}-${{ matrix.version_node }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
build-args: |-
VERSION_DEBIAN=${{ matrix.version_debian }}
VERSION_PYTHON=${{ matrix.version_python }}
VERSION_NODE=${{ matrix.version_node }}
VERSION_SCIP_PYTHON=${{ github.ref_name }}

- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ${{ vars.REGISTRY || 'docker.io' }}/${{ github.repository }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true
2 changes: 1 addition & 1 deletion .vscode/settings.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"editor.formatOnSave": true
},
"editor.codeActionsOnSave": {
"source.fixAll.eslint": true
"source.fixAll.eslint": "explicit"
},
"typescript.tsdk": "node_modules/typescript/lib"
}
44 changes: 44 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
ARG VERSION_DEBIAN=bookworm

ARG VERSION_NODE=16
ARG VERSION_PYTHON=3.10

ARG VERSION_SCIP_PYTHON=v0.6.0

FROM node:$VERSION_NODE-$VERSION_DEBIAN-slim as technology-node
FROM python:$VERSION_PYTHON-slim-$VERSION_DEBIAN as technology-python

FROM buildpack-deps:$VERSION_DEBIAN as base

COPY --link --from=technology-node /usr/local /usr/local
COPY --link --from=technology-python /usr/local /usr/local

# NOTE: ldconfig is needed for Python to understand where shared libraries are.
RUN ldconfig \
# We remove pre-installed yarn and enable corepack.
&& rm -rf /usr/local/bin/yarn* \
&& corepack enable \
# NOTE: Smoke tests while having as little side effects as possible.
&& node --version \
&& yarn --version \
&& npm --logs-max=0 --version \
&& PYTHONDONTWRITEBYTECODE=1 python3 --version \
&& pip --version

FROM base AS release

ARG VERSION_SCIP_PYTHON

# Install dependencies
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
--mount=type=cache,target=/var/lib/apt,sharing=locked \
apt-get update && apt-get install -y --no-install-recommends \
git \
bash \
curl \
&& rm -rf /var/lib/apt/lists/*

# Install packages
RUN npm install -g @sourcegraph/scip-python@$VERSION_SCIP_PYTHON @sourcegraph/src

ENTRYPOINT [ "scip-python" ]
6 changes: 0 additions & 6 deletions Dockerfile.autoindex

This file was deleted.

2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ $ # Install scip-python
$ npm install -g @sourcegraph/scip-python
```

scip-python requires Node v16 or newer. See the [Dockerfile](https://github.com/sourcegraph/scip-python/blob/scip/Dockerfile.autoindex) for an exact SHA that is tested.
scip-python requires Node v16 or newer. See the [Dockerfile](https://github.com/sourcegraph/scip-python/blob/scip/Dockerfile) for an exact SHA that is tested.

scip-python uses `pip` to attempt to determine the versions and names of the packages available in your environment. If you do not use pip to install the packages, you can instead use the `--environment` flag to supply a list of packages to use as the environment. This will skip any calls out to pip to determine the state of your env. See [Environment](##-environment) for more information.

Expand Down