From f1849a8717fa359ba9ca553e0b826b735a47057c Mon Sep 17 00:00:00 2001 From: Roman Nikitenko Date: Mon, 29 Jan 2024 12:04:09 +0200 Subject: [PATCH] feat: Support ubi9-based containers for running VS Code editor Signed-off-by: Roman Nikitenko --- devspaces-code/build/dockerfiles/Dockerfile | 145 +++++++++-- .../build/dockerfiles/brew.Dockerfile | 230 +++++++++++++++++- .../build/dockerfiles/content_sets_pulp.repo | 21 ++ .../build/scripts/entrypoint-volume.sh | 32 ++- devspaces-code/build/scripts/entrypoint.sh | 4 +- 5 files changed, 404 insertions(+), 28 deletions(-) diff --git a/devspaces-code/build/dockerfiles/Dockerfile b/devspaces-code/build/dockerfiles/Dockerfile index 5d853c989e..66e8b0782f 100644 --- a/devspaces-code/build/dockerfiles/Dockerfile +++ b/devspaces-code/build/dockerfiles/Dockerfile @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Red Hat, Inc. +# Copyright (c) 2022-2024 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -8,8 +8,17 @@ # Contributors: # Red Hat, Inc. - initial API and implementation +# https://quay.io/devspaces/machineexec-rhel8 +FROM quay.io/devspaces/machineexec-rhel8:3.12 as machine-exec + +################################################################################################################## +# +# Prepare ubi8-based assembly of VS Code +# +################################################################################################################## + # https://registry.access.redhat.com/ubi8/nodejs-18 -FROM registry.access.redhat.com/ubi8/nodejs-18:1-86 as builder +FROM registry.access.redhat.com/ubi8/nodejs-18:1-86 as linux-libc-ubi8-builder USER root @@ -17,25 +26,20 @@ USER root ARG GITHUB_TOKEN='' ENV GITHUB_TOKEN=$GITHUB_TOKEN -# Enable pulp content sets to resolve libsecret & libxkbfile as rpm -COPY ./build/dockerfiles/content_sets_pulp.repo /etc/yum.repos.d/ - # Unset GITHUB_TOKEN environment variable if it is empty. # This is needed for some tools which use this variable and will fail with 401 Unauthorized error if it is invalid. # For example, vscode ripgrep downloading is an example of such case. RUN if [ -z $GITHUB_TOKEN ]; then unset GITHUB_TOKEN; fi -RUN yum -y -q update \ - && yum install -y libsecret-devel libsecret curl make cmake gcc gcc-c++ python3.9 git git-core-doc openssh less libX11-devel libxkbfile-devel libxkbfile libxkbcommon bash tar gzip rsync patch \ +# Enable pulp content sets to resolve libsecret & libxkbfile as rpm +COPY ./build/dockerfiles/content_sets_pulp.repo /etc/yum.repos.d/ + +RUN yum install -y libsecret-devel libsecret make cmake gcc gcc-c++ python3.9 git git-core-doc openssh less libX11-devel libxkbfile-devel libxkbfile libxkbcommon bash tar gzip rsync patch \ && yum -y clean all && rm -rf /var/cache/yum \ && npm install -g yarn@1.22.17 \ && npm install -g node-gyp@9.4.1 -######################################################### -# -# Copy Che-Code to the container -# -######################################################### +# Copy VS Code to the container COPY code /checode-compilation WORKDIR /checode-compilation ENV ELECTRON_SKIP_BINARY_DOWNLOAD=1 \ @@ -59,18 +63,92 @@ RUN NODE_ARCH=$(echo "console.log(process.arch)" | node) \ && mkdir -p /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH} \ && echo "caching /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node" \ && cp /usr/bin/node /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node \ - && NODE_OPTIONS="--max_old_space_size=8500" ./node_modules/.bin/gulp --tasks \ && NODE_OPTIONS="--max_old_space_size=8500" ./node_modules/.bin/gulp vscode-reh-web-linux-${NODE_ARCH}-min \ && cp -r ../vscode-reh-web-linux-${NODE_ARCH} /checode RUN chmod a+x /checode/out/server-main.js \ && chgrp -R 0 /checode && chmod -R g+rwX /checode -######################################################### -# # Copy VS Code launcher to the container +COPY launcher /checode-launcher +WORKDIR /checode-launcher +RUN yarn \ + && mkdir /checode/launcher \ + && cp -r out/src/*.js /checode/launcher \ + && chgrp -R 0 /checode && chmod -R g+rwX /checode + +################################################################################################################## # -######################################################### +# Prepare ubi9-based assembly of VS Code +# +################################################################################################################## + +# https://registry.access.redhat.com/ubi9/nodejs-18 +FROM registry.access.redhat.com/ubi9/nodejs-18:1-84 as linux-libc-ubi9-builder + +USER root + +# Export GITHUB_TOKEN into environment variable +ARG GITHUB_TOKEN='' +ENV GITHUB_TOKEN=$GITHUB_TOKEN + +# Unset GITHUB_TOKEN environment variable if it is empty. +# This is needed for some tools which use this variable and will fail with 401 Unauthorized error if it is invalid. +# For example, vscode ripgrep downloading is an example of such case. +RUN if [ -z $GITHUB_TOKEN ]; then unset GITHUB_TOKEN; fi + +# Enable pulp content sets to resolve libsecret & libxkbfile as rpm +COPY ./build/dockerfiles/content_sets_pulp.repo /etc/yum.repos.d/ + +RUN echo "Repo list is: $(dnf repolist)" && \ + echo "Disabling rhel-8 based repos..." && \ + dnf config-manager --set-disabled 'rhel-8*' && \ + echo "Repo list after disabling rhel-8 based repos is: $(dnf repolist)" && \ + echo "$(dnf module list nodejs)" + +# Enable rhel-9 repo to resolve libsecret & libxkbfile as rpm +RUN \ + dnf install -y \ + --enablerepo=rhel-9-for-baseos-rpms-pulp \ + --enablerepo=rhel-9-for-appstream-rpms-pulp \ + --enablerepo=rhel-9-for-codeready-builder-rpms-pulp \ + nodejs-devel libsecret-devel libsecret krb5-devel make cmake gcc gcc-c++ git git-core-doc \ + openssh less libX11-devel libxkbfile-devel libxkbfile libxkbcommon bash tar gzip rsync patch npm \ + && dnf -y clean all && rm -rf /var/cache/dnf \ + && npm install -g yarn@1.22.17 \ + && npm install -g node-gyp@9.4.1 + +# Copy VS Code to the container +COPY code /checode-compilation +WORKDIR /checode-compilation +ENV ELECTRON_SKIP_BINARY_DOWNLOAD=1 \ + PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 + +# Initialize a git repository for code build tools +RUN git init . + +# change network timeout (slow using multi-arch build) +RUN yarn config set network-timeout 600000 -g + +# Install node-gyp, then yarn dependencies (force update to yarn.lock) +RUN yarn add -W -D node-gyp; yarn install --force + +RUN NODE_ARCH=$(echo "console.log(process.arch)" | node) \ + && NODE_VERSION=$(cat /checode-compilation/remote/.yarnrc | grep target | cut -d ' ' -f 2 | tr -d '"') \ + # cache node from this image to avoid to grab it from within the build + && mkdir -p /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH} \ + && echo "caching /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node" \ + && cp /usr/bin/node /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node \ + && NODE_OPTIONS="--max_old_space_size=8500" ./node_modules/.bin/gulp vscode-reh-web-linux-${NODE_ARCH}-min \ + && cp -r ../vscode-reh-web-linux-${NODE_ARCH} /checode \ + # cache libbrotli from this image to provide it to a user's container + && mkdir -p /checode/ld_libs && find /usr/lib64 -name 'libbrotli*' 2>/dev/null | xargs -I {} cp -t /checode/ld_libs {} + +RUN chmod a+x /checode/out/server-main.js \ + && chgrp -R 0 /checode && chmod -R g+rwX /checode + + +# Copy VS Code launcher to the container COPY launcher /checode-launcher WORKDIR /checode-launcher RUN yarn \ @@ -78,6 +156,39 @@ RUN yarn \ && cp -r out/src/*.js /checode/launcher \ && chgrp -R 0 /checode && chmod -R g+rwX /checode +# https://registry.access.redhat.com/ubi8/ubi +FROM registry.access.redhat.com/ubi8/ubi:8.9 AS ubi-builder + +RUN mkdir -p /mnt/rootfs +RUN yum install --installroot /mnt/rootfs brotli libstdc++ coreutils glibc-minimal-langpack --releasever 8 --setopt install_weak_deps=false --nodocs -y && yum --installroot /mnt/rootfs clean all +RUN rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.* + +WORKDIR /mnt/rootfs + +COPY --from=linux-libc-ubi8-builder --chown=0:0 /checode /mnt/rootfs/checode-linux-libc/ubi8 +COPY --from=linux-libc-ubi9-builder --chown=0:0 /checode /mnt/rootfs/checode-linux-libc/ubi9 + +RUN mkdir -p /mnt/rootfs/projects && mkdir -p /mnt/rootfs/home/che && mkdir -p /mnt/rootfs/bin/ +RUN cat /mnt/rootfs/etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/bash#g > /mnt/rootfs/home/che/.passwd.template \ + && cat /mnt/rootfs/etc/group | sed s#root:x:0:#root:x:0:0,\${USER_ID}:#g > /mnt/rootfs/home/che/.group.template +RUN for f in "/mnt/rootfs/bin/" "/mnt/rootfs/home/che" "/mnt/rootfs/etc/passwd" "/mnt/rootfs/etc/group" "/mnt/rootfs/projects" ; do\ + chgrp -R 0 ${f} && \ + chmod -R g+rwX ${f}; \ + done + +COPY --from=machine-exec --chown=0:0 /go/bin/che-machine-exec /mnt/rootfs/bin/machine-exec +COPY --chmod=755 /build/scripts/*.sh /mnt/rootfs/ +COPY --chmod=755 /build/remote-config /mnt/rootfs/remote/data/Machine/ + +################################################################################################################## +# +# Create all-in-one image +# +################################################################################################################## + # https://registry.access.redhat.com/ubi8-minimal FROM registry.access.redhat.com/ubi8-minimal:8.9-1108 -COPY --from=builder --chown=0:0 /checode /checode-linux-libc +COPY --from=ubi-builder /mnt/rootfs/ / +ENV HOME=/home/che +USER 1001 +ENTRYPOINT /entrypoint.sh diff --git a/devspaces-code/build/dockerfiles/brew.Dockerfile b/devspaces-code/build/dockerfiles/brew.Dockerfile index 72fa51616e..850b01f1ad 100644 --- a/devspaces-code/build/dockerfiles/brew.Dockerfile +++ b/devspaces-code/build/dockerfiles/brew.Dockerfile @@ -12,11 +12,11 @@ # project sources and yarn dependencies, and performing an offline build with them ######################################################################### -############################# BUILD 1: libc ############################# +############################# BUILD 1: libc-ubi8 ######################## ######################################################################### # https://registry.access.redhat.com/ubi8/nodejs-18 -FROM ubi8/nodejs-18:1-86 as checode-linux-libc-builder +FROM ubi8/nodejs-18:1-86 as checode-linux-libc-ubi8-builder # hadolint ignore=DL3002 USER root @@ -218,7 +218,224 @@ RUN yarn \ && chgrp -R 0 /checode && chmod -R g+rwX /checode ######################################################################### -############################# BUILD 2: machineexec####################### +############################# BUILD 2: libc-ubi9 ######################## +######################################################################### + +# https://registry.access.redhat.com/ubi9/nodejs-18 +FROM ubi9/nodejs-18:1-88 as checode-linux-libc-ubi9-builder +# hadolint ignore=DL3002 +USER root + +WORKDIR $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code +ENV ELECTRON_SKIP_BINARY_DOWNLOAD=1 \ + PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1 \ + NPM_CONFIG_NODEDIR=/usr + +# cachito:yarn step 1: copy cachito sources where we can use them; source env vars; set working dir +COPY $REMOTE_SOURCES $REMOTE_SOURCES_DIR + +# Enable pulp content sets to resolve libsecret & libxkbfile as rpm +COPY $REMOTE_SOURCES/devspaces-images-code/app/devspaces-code/build/dockerfiles/content_sets_pulp.repo /etc/yum.repos.d/ + +RUN echo "Repo list is: $(dnf repolist)" && \ + echo "Disabling rhel-8 based repos..." && \ + dnf config-manager --set-disabled 'rhel-8*' && \ + echo "Repo list after disabling rhel-8 based repos is: $(dnf repolist)" && \ + echo "$(dnf module list nodejs)" + +# node-gyp 10 requires python 3.7 - 3.10 +# hadolint ignore=DL3040,DL3041 +RUN \ + dnf install -y \ + --enablerepo=rhel-9-for-baseos-rpms-pulp \ + --enablerepo=rhel-9-for-appstream-rpms-pulp \ + --enablerepo=rhel-9-for-codeready-builder-rpms-pulp \ + nodejs-devel libsecret-devel libsecret krb5-devel make gcc gcc-c++ \ + git git-core-doc openssh ca-certificates \ + less libX11-devel libxkbcommon libxkbfile-devel libxkbfile bash tar gzip rsync patch tree + +# hadolint ignore=SC2086 +RUN source $REMOTE_SOURCES_DIR/devspaces-images-code/cachito.env; \ + cat $REMOTE_SOURCES_DIR/devspaces-images-code/cachito.env + +# cachito:yarn step 2: workaround for yarn not being installed in an executable path +# hadolint ignore=SC2086 +RUN ln -s $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-dashboard/.yarn/releases/yarn-*.js /usr/local/bin/yarn + + +# VS Code depends on @vscode/ripgrep that downloads the required ripgrep binary from microsoft/ripgrep-prebuilt +# during 'yarn install' phase. That doen't work in OSBS due to offline mode. +# So, we upload the required binaries to download.devel to be able to download them in OSBS environment (see fetch-artifacts-url.yaml). +# Before trying to fetch the binary from GitHub, @vscode/ripgrep looks for it in the local cache folder. +# See the cache folder name pattern in https://github.com/microsoft/vscode-ripgrep/blob/a85a6872107d616942511ea4421f438608b6579a/lib/download.js#L15 +# +# For each @vscode/ripgrep version VS Code currently depends on +# create a cache folder with the required binary version. +COPY artifacts/ripgrep-*.tar.gz /tmp/vscode-ripgrep-cache-1.15.9/ + +# See the required binary version in https://github.com/microsoft/vscode-ripgrep/blob/main/lib/postinstall.js#L21 + +RUN echo "######################################################## /tmp/vscode-ripgrep-cache"; \ + find /tmp -name '*.tar.gz'; + + +# There're a few VS Code built-in extensions that are not in the VS Code repository, but hosted on GitHub. +# https://github.com/redhat-developer/devspaces-images/blob/devspaces-3-rhel-8/devspaces-code/code/product.json#L35 +# By default, VS Code downloads them from GitHub during the build. That doen't work in OSBS due to offline mode. +# We rebuild these VS Code built-ins with uploading vsix to download.devel to download them in OSBS environment (see fetch-artifacts-url.yaml). +# Before trying to fetch the vsix from GitHub, VS Code looks for it in the local cache folder. +# +# Unpack the vsix files to '.build/builtInExtensions/ext_publisher.ext_name'. +# +# For the details, see 'build/lib/builtInExtensions.ts'. +COPY artifacts/ms-vscode.*.vsix /tmp/builtInExtensions/ +RUN for vsixfile in /tmp/builtInExtensions/*; do \ + # get the file name without the path + basename="${vsixfile##*/}"; \ + # get the file name without the extension + filename="${basename%.*}"; \ + # create the cache folder where gulp build checks for the pre-downloaded extensions + mkdir -p .build/builtInExtensions; \ + # unzip the 'extension' sub-folder only + ext_folder=.build/builtInExtensions/$filename; \ + unzip $vsixfile extension/* -d $ext_folder; \ + mv $ext_folder/extension/* $ext_folder; \ + done; + + +# Initialize a git repository for code build tools +RUN git init .; \ + # change network timeout (slow using multi-arch build) + yarn config set network-timeout 600000 -g; \ + + # cachito:yarn step 3: configure yarn & install deps + # see https://docs.engineering.redhat.com/pages/viewpage.action?pageId=228017926#UpstreamSources(Cachito,ContainerFirst)-CachitoIntegrationfornpm + yarn config set nodedir /usr; yarn config set unsafe-perm true; + + +# Normally, we call 'yarn' on VS Code to install the dependencies: +# - for the root package; +# - for the sub-packages (extensions), by triggerring the `build/npm/postinstall.js`. +# The problem here is that the script can't fetch the dependencies from the Cachito's Nexus registry. +# It responds "401 Unauthorized" when yarn tries to fetch a dependency for any VS Code's sub-package. +# However, it works well for the root package. +# +# The workaround is to disable the 'yarn install' call for the sub-packages ... +RUN sed -i -r -e '/function yarnInstall/ !s|^[^#]*yarnInstal|//&|' build/npm/postinstall.js +# ... and run the dependencies installation manually for each sub-package listed in the 'code/build/npm/dirs.js' (except the 'test' folder). + +# install node-gyp - workaround for `yarn global add node-gyp`, since installing it +# globally it tries to fetch it from outside. So, we install locally the module +# that has node-gyp dependency, and then put it's node_modules to yarns global modules +RUN cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/cachito \ + && yarn \ + && mkdir -p $(yarn global dir) && cp -r $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/cachito/node_modules/. $(yarn global dir)/node_modules \ + && mkdir -p $(yarn global bin) && ln -s $(yarn global dir)/node_modules/.bin/node-gyp $(yarn global bin)/node-gyp \ + && ls -l $(yarn global bin) \ + && ls -l $(yarn global dir)/node_modules/.bin \ + && which node-gyp \ + && node-gyp version + +# Cachito clears all project's '.yarnrc' files, To make sure yarn is configured to the local Nexus. +# To avoid any possible issues, like failure of build because of missing 'ms_build_id', or 'target' properties, +# or @parcel/watcher skipping compilation because of missing 'build_from_source' flag. +# We need to restore some of the fields before running the build. +# https://github.com/microsoft/vscode/blob/bceaaf84a27c3a95a0cdfc79287e3215b56b951c/build/gulpfile.reh.js#L128 +RUN echo 'target "19.1.8"' > $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/.yarnrc; \ + echo 'ms_build_id "23084831"' >> $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/.yarnrc; \ + echo 'build_from_source "true"' >> $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/.yarnrc; \ + echo 'target "18.16.1"' > $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/remote/.yarnrc; \ + echo 'ms_build_id "223745"' >> $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/remote/.yarnrc; + +# begin of module list generated by sync.sh +RUN cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/ && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/build && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/che-activity-tracker && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/che-api && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/che-commands && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/che-port && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/che-remote && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/che-resource-monitor && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/che-terminal && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/che-github-authentication && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/configuration-editing && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/css-language-features && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/css-language-features/server && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/debug-auto-launch && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/debug-server-ready && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/emmet && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/extension-editing && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/git && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/git-base && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/github && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/github-authentication && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/grunt && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/gulp && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/html-language-features && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/html-language-features/server && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/ipynb && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/jake && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/json-language-features && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/json-language-features/server && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/markdown-language-features/server && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/markdown-language-features && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/markdown-math && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/media-preview && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/merge-conflict && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/microsoft-authentication && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/notebook-renderers && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/npm && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/php-language-features && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/references-view && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/search-result && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/simple-browser && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/tunnel-forwarding && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/typescript-language-features && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/vscode-api-tests && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/vscode-colorize-tests && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/extensions/vscode-test-resolver && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/remote && yarn \ + && cd $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/remote/web && yarn +# end of module list generated by sync.sh + +# hadolint ignore=SC3045 +RUN echo "$(ulimit -a)" + +# Compile +# hadolint ignore=SC2086,DL4006 +RUN set -x; \ + NODE_ARCH=$(echo "console.log(process.arch)" | node) \ + && NODE_VERSION=$(cat $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/remote/.yarnrc | grep target | cut -d ' ' -f 2 | tr -d '"') \ + && echo "#####>> Arch & Version: $NODE_ARCH; $NODE_VERSION <<#####" \ + # cache node from this image to avoid to grab it from within the build + && mkdir -p $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH} \ + && echo "caching $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node"; \ + cp /usr/bin/node $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node; \ + + echo "########################################################path"; \ + # add bin folder to path to resolve gulp and other binaries + export PATH=${PATH}:$REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/code/node_modules/.bin; \ + echo $PATH; \ + + NODE_OPTIONS="--max_old_space_size=8500" ./node_modules/.bin/gulp vscode-reh-web-linux-${NODE_ARCH}-min -LLLL \ + && cp -r ../vscode-reh-web-linux-${NODE_ARCH} /checode \ + # cache libbrotli from this image to provide it to a user's container + && mkdir -p /checode/ld_libs && find /usr/lib64 -name 'libbrotli*' 2>/dev/null | xargs -I {} cp -t /checode/ld_libs {} + +RUN chmod a+x /checode/out/server-main.js \ + && chgrp -R 0 /checode && chmod -R g+rwX /checode + +### Che Code Launcher +WORKDIR $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-code/launcher/ +RUN yarn \ + && mkdir /checode/launcher \ + && cp -r out/src/*.js /checode/launcher \ + && chgrp -R 0 /checode && chmod -R g+rwX /checode + + +######################################################################### +############################# BUILD 3: machineexec####################### ######################################################################### # NOTE: can't use scatch images in OSBS, because unable to start container process: exec: \"/bin/sh\": stat /bin/sh: no such file or directory @@ -238,7 +455,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod=vendor -a -ldflags '-w -s' -a -instal mkdir -p /rootfs/go/bin && cp -rf $REMOTE_SOURCES_DIR/devspaces-images-code/app/devspaces-machineexec/che-machine-exec /rootfs/go/bin ######################################################################### -############################# BUILD 3: rootfs assembly ################## +############################# BUILD 4: rootfs assembly ################## ######################################################################### # https://registry.access.redhat.com/ubi8 @@ -256,7 +473,8 @@ RUN cat /mnt/rootfs/etc/passwd | sed 's#root:x.*#root:x:\${USER_ID}:\${GROUP_ID} && cat /mnt/rootfs/etc/group | sed 's#root:x:0:#root:x:0:0,\${USER_ID}:#g' > /mnt/rootfs/home/che/.group.template COPY /build/scripts/entrypoint*.sh /mnt/rootfs/ -COPY --from=checode-linux-libc-builder --chown=0:0 /checode /mnt/rootfs/checode-linux-libc +COPY --from=checode-linux-libc-ubi8-builder --chown=0:0 /checode /mnt/rootfs/checode-linux-libc/ubi8 +COPY --from=checode-linux-libc-ubi9-builder --chown=0:0 /checode /mnt/rootfs/checode-linux-libc/ubi9 COPY --from=machineexec-builder --chown=0:0 /rootfs/go/bin/che-machine-exec /mnt/rootfs/bin/machine-exec # hadolint ignore=SC2086 @@ -268,7 +486,7 @@ RUN for f in "/mnt/rootfs/bin/" "/mnt/rootfs/home/che" "/mnt/rootfs/etc/passwd" RUN rm /mnt/rootfs/etc/hosts ######################################################################### -############################# BUILD 4: minimal final image ############## +############################# BUILD 5: minimal final image ############## ######################################################################### # https://registry.access.redhat.com/ubi8-minimal diff --git a/devspaces-code/build/dockerfiles/content_sets_pulp.repo b/devspaces-code/build/dockerfiles/content_sets_pulp.repo index 8275785bb0..33b926f20b 100644 --- a/devspaces-code/build/dockerfiles/content_sets_pulp.repo +++ b/devspaces-code/build/dockerfiles/content_sets_pulp.repo @@ -18,3 +18,24 @@ baseurl=https://rhsm-pulp.corp.redhat.com/content/dist/rhel8/8/$basearch/coderea enabled=1 gpgcheck=0 sslverify=0 + +[rhel-9-for-appstream-rpms-pulp] +name=rhel-9-for-appstream-rpms-pulp +baseurl=https://rhsm-pulp.corp.redhat.com/content/dist/rhel9/9/$basearch/appstream/os +enabled=0 +gpgcheck=0 +sslverify=0 + +[rhel-9-for-baseos-rpms-pulp] +name=rhel-9-for-baseos-rpms-pulp +baseurl=https://rhsm-pulp.corp.redhat.com/content/dist/rhel9/9/$basearch/baseos/os +enabled=0 +gpgcheck=0 +sslverify=0 + +[rhel-9-for-codeready-builder-rpms-pulp] +name=rhel-9-codeready-builder-rpms-pulp +baseurl=https://rhsm-pulp.corp.redhat.com/content/dist/rhel9/9/$basearch/codeready-builder/os/ +enabled=0 +gpgcheck=0 +sslverify=0 \ No newline at end of file diff --git a/devspaces-code/build/scripts/entrypoint-volume.sh b/devspaces-code/build/scripts/entrypoint-volume.sh index 8524d7b70b..c5c2d04b2c 100755 --- a/devspaces-code/build/scripts/entrypoint-volume.sh +++ b/devspaces-code/build/scripts/entrypoint-volume.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright (c) 2021 Red Hat, Inc. +# Copyright (c) 2021-2024 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -31,9 +31,35 @@ nohup /checode/bin/machine-exec --url "0.0.0.0:${MACHINE_EXEC_PORT}" & # detect if we're using alpine/musl libc=$(ldd /bin/ls | grep 'musl' | head -1 | cut -d ' ' -f1) if [ -n "$libc" ]; then - cd /checode/checode-linux-musl || exit + echo "Using linux-musl assembly..." + cd /checode/checode-linux-musl || exit else - cd /checode/checode-linux-libc || exit + + # detect openssl version + openssl_major_version="" + if command -v openssl &> /dev/null; then + echo "OpenSSL command is available, the version is: $(openssl version -v)" + openssl_major_version=$(openssl version -v | cut -d' ' -f2 | cut -d'.' -f1) + else + echo "OpenSSL command is not available, trying to detect OpenSSL version..." + openssl_major_version=$(rpm -qa | grep openssl-libs | cut -d'-' -f3 | cut -d'.' -f1) + fi + + # ubi8- or ubi9-based assembly is used depending on the openssl version + echo "OpenSSL major version is $openssl_major_version." + if [ "$openssl_major_version" = "1" ]; then + echo "Using linux-libc ubi8-based assembly..." + cd /checode/checode-linux-libc/ubi8 || exit + elif [ "$openssl_major_version" = "3" ]; then + export LD_LIBRARY_PATH="/checode/checode-linux-libc/ubi9/ld_libs:$LD_LIBRARY_PATH" + echo "LD_LIBRARY_PATH is: $LD_LIBRARY_PATH" + + echo "Using linux-libc ubi9-based assembly..." + cd /checode/checode-linux-libc/ubi9 || exit + else + echo "WARNING: Unsupported OpenSSL major version $openssl_major_version, linux-libc ubi8-based assembly will be used by default..." + cd /checode/checode-linux-libc/ubi8 || exit + fi fi # Set the default path to the serverDataFolderName diff --git a/devspaces-code/build/scripts/entrypoint.sh b/devspaces-code/build/scripts/entrypoint.sh index 6a632aca21..4349db6ea2 100755 --- a/devspaces-code/build/scripts/entrypoint.sh +++ b/devspaces-code/build/scripts/entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2021 Red Hat, Inc. +# Copyright (c) 2021-2024 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -37,5 +37,5 @@ libc=$(ldd /bin/ls | grep 'musl' | head -1 | cut -d ' ' -f1) if [ -n "$libc" ]; then /checode-linux-musl/node /checode-linux-musl/out/server-main.js --host "${CODE_HOST}" --port 3100 else - /checode-linux-libc/node /checode-linux-libc/out/server-main.js --host "${CODE_HOST}" --port 3100 + /checode-linux-libc/ubi8/node /checode-linux-libc/ubi8/out/server-main.js --host "${CODE_HOST}" --port 3100 fi