From bb342752b4267428635dfb2cb0c2464ba73c5d37 Mon Sep 17 00:00:00 2001 From: Sebastian Schildt Date: Fri, 6 Oct 2023 16:00:26 +0200 Subject: [PATCH 1/2] Simplify kuksa-client docker build and reducing resulting image size Signed-off-by: Sebastian Schildt --- kuksa-client/Dockerfile | 42 +++++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/kuksa-client/Dockerfile b/kuksa-client/Dockerfile index 5b86139fb..d44eb4248 100644 --- a/kuksa-client/Dockerfile +++ b/kuksa-client/Dockerfile @@ -8,23 +8,41 @@ # Note: This dockerfile needs to be executed one level above in the root folder -FROM python:3.10-alpine as build -RUN apk update && apk add git alpine-sdk linux-headers -RUN pip install --upgrade pip build + +FROM python:3.10-slim-bookworm as build +# binutils is required by pyinstaller to strip any .so libs that are collected +# git is used to determine & embed version information during build time +RUN apt update && apt -yy install binutils git +RUN pip install --upgrade pip build pyinstaller + # We must copy the whole repository otherwise version lookup by tag would not work COPY . /kuksa.val/ WORKDIR /kuksa.val/kuksa-client -RUN rm -rf dist + RUN python3 -m build -RUN mkdir /kuksa-client -RUN pip install --target /kuksa-client --no-cache-dir dist/*.whl +# We install globally on build container, so pyinstaller can easily gather all files +RUN pip install --no-cache-dir dist/*.whl + +WORKDIR / +RUN rm -rf dist +# Letting pyinstaller collect everything that is required +RUN pyinstaller --collect-data kuksa_certificates --collect-data kuksa_client --clean -s /usr/local/bin/kuksa-client + + +# Debian 12 is bookworm, so the glibc version matches. Distroless is a lot smaller than +# Debian slim versions +# For development add :debug like this +# FROM gcr.io/distroless/base-debian12:debug to get a busybox shell as well +FROM gcr.io/distroless/base-debian12 -FROM python:3.10-alpine +COPY --from=build /dist/kuksa-client /kuksa-client + +# pyinstaller doesn't pick up transient libz dependency, so copying it manually +COPY --from=build /usr/lib/*-linux-gnu/libz.so.1 /lib/ +# stty is required by cmd2 +COPY --from=build /usr/bin/stty /bin/ -RUN apk add --no-cache libstdc++ -COPY --from=build /kuksa-client /kuksa-client ENV PYTHONUNBUFFERED=yes -ENV GRPC_ENABLE_FORK_SUPPORT=false -ENV PYTHONPATH=/kuksa-client + WORKDIR /kuksa-client -ENTRYPOINT ["bin/kuksa-client"] +ENTRYPOINT ["/kuksa-client/kuksa-client"] From 988d523d0b30bb0f996e95351d0a4f7c349e2993 Mon Sep 17 00:00:00 2001 From: Sebastian Schildt Date: Fri, 6 Oct 2023 16:07:18 +0200 Subject: [PATCH 2/2] kuksa-client, reenabling ttl.sh push Signed-off-by: Sebastian Schildt --- .github/workflows/kuksa-client.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/kuksa-client.yml b/.github/workflows/kuksa-client.yml index 58e02e1c7..f75371fa4 100644 --- a/.github/workflows/kuksa-client.yml +++ b/.github/workflows/kuksa-client.yml @@ -100,10 +100,14 @@ jobs: linux/arm64 context: . file: kuksa-client/Dockerfile - push: false + push: true tags: "ttl.sh/kuksa.val/kuksa-client-${{github.sha}}" labels: ${{ steps.meta.outputs.labels }} + - name: Posting temporary container location + uses: ./.github/actions/post-container-location + with: + image: ttl.sh/kuksa.val/kuksa-client-${{github.sha}} kuksa-client-test: runs-on: ubuntu-latest