diff --git a/.github/workflows/kuksa-client.yml b/.github/workflows/kuksa-client.yml index 58e02e1c..f75371fa 100644 --- a/.github/workflows/kuksa-client.yml +++ b/.github/workflows/kuksa-client.yml @@ -100,10 +100,14 @@ jobs: linux/arm64 context: . file: kuksa-client/Dockerfile - push: false + push: true tags: "ttl.sh/kuksa.val/kuksa-client-${{github.sha}}" labels: ${{ steps.meta.outputs.labels }} + - name: Posting temporary container location + uses: ./.github/actions/post-container-location + with: + image: ttl.sh/kuksa.val/kuksa-client-${{github.sha}} kuksa-client-test: runs-on: ubuntu-latest diff --git a/kuksa-client/Dockerfile b/kuksa-client/Dockerfile index 5b86139f..d44eb424 100644 --- a/kuksa-client/Dockerfile +++ b/kuksa-client/Dockerfile @@ -8,23 +8,41 @@ # Note: This dockerfile needs to be executed one level above in the root folder -FROM python:3.10-alpine as build -RUN apk update && apk add git alpine-sdk linux-headers -RUN pip install --upgrade pip build + +FROM python:3.10-slim-bookworm as build +# binutils is required by pyinstaller to strip any .so libs that are collected +# git is used to determine & embed version information during build time +RUN apt update && apt -yy install binutils git +RUN pip install --upgrade pip build pyinstaller + # We must copy the whole repository otherwise version lookup by tag would not work COPY . /kuksa.val/ WORKDIR /kuksa.val/kuksa-client -RUN rm -rf dist + RUN python3 -m build -RUN mkdir /kuksa-client -RUN pip install --target /kuksa-client --no-cache-dir dist/*.whl +# We install globally on build container, so pyinstaller can easily gather all files +RUN pip install --no-cache-dir dist/*.whl + +WORKDIR / +RUN rm -rf dist +# Letting pyinstaller collect everything that is required +RUN pyinstaller --collect-data kuksa_certificates --collect-data kuksa_client --clean -s /usr/local/bin/kuksa-client + + +# Debian 12 is bookworm, so the glibc version matches. Distroless is a lot smaller than +# Debian slim versions +# For development add :debug like this +# FROM gcr.io/distroless/base-debian12:debug to get a busybox shell as well +FROM gcr.io/distroless/base-debian12 -FROM python:3.10-alpine +COPY --from=build /dist/kuksa-client /kuksa-client + +# pyinstaller doesn't pick up transient libz dependency, so copying it manually +COPY --from=build /usr/lib/*-linux-gnu/libz.so.1 /lib/ +# stty is required by cmd2 +COPY --from=build /usr/bin/stty /bin/ -RUN apk add --no-cache libstdc++ -COPY --from=build /kuksa-client /kuksa-client ENV PYTHONUNBUFFERED=yes -ENV GRPC_ENABLE_FORK_SUPPORT=false -ENV PYTHONPATH=/kuksa-client + WORKDIR /kuksa-client -ENTRYPOINT ["bin/kuksa-client"] +ENTRYPOINT ["/kuksa-client/kuksa-client"]