Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Support ubi9-based containers for running VS Code editor #547

Merged
merged 2 commits into from
Feb 12, 2024
Merged

feat: Support ubi9-based containers for running VS Code editor #547

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e439efe
feat: Support ubi9-based containers for running VS Code editor
RomanNikitenko Jan 29, 2024
b59d3c7
Fix vsix filter in dockerfile
RomanNikitenko Feb 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
145 changes: 128 additions & 17 deletions devspaces-code/build/dockerfiles/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright (c) 2022-2023 Red Hat, Inc.
# Copyright (c) 2022-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
Expand All @@ -8,34 +8,38 @@
# Contributors:
# Red Hat, Inc. - initial API and implementation

# https://quay.io/devspaces/machineexec-rhel8
FROM quay.io/devspaces/machineexec-rhel8:3.12 as machine-exec

##################################################################################################################
#
# Prepare ubi8-based assembly of VS Code
#
##################################################################################################################

# https://registry.access.redhat.com/ubi8/nodejs-18
FROM registry.access.redhat.com/ubi8/nodejs-18:1-86 as builder
FROM registry.access.redhat.com/ubi8/nodejs-18:1-86 as linux-libc-ubi8-builder

USER root

# Export GITHUB_TOKEN into environment variable
ARG GITHUB_TOKEN=''
ENV GITHUB_TOKEN=$GITHUB_TOKEN

# Enable pulp content sets to resolve libsecret & libxkbfile as rpm
COPY ./build/dockerfiles/content_sets_pulp.repo /etc/yum.repos.d/

# Unset GITHUB_TOKEN environment variable if it is empty.
# This is needed for some tools which use this variable and will fail with 401 Unauthorized error if it is invalid.
# For example, vscode ripgrep downloading is an example of such case.
RUN if [ -z $GITHUB_TOKEN ]; then unset GITHUB_TOKEN; fi

RUN yum -y -q update \
&& yum install -y libsecret-devel libsecret curl make cmake gcc gcc-c++ python3.9 git git-core-doc openssh less libX11-devel libxkbfile-devel libxkbfile libxkbcommon bash tar gzip rsync patch \
# Enable pulp content sets to resolve libsecret & libxkbfile as rpm
COPY ./build/dockerfiles/content_sets_pulp.repo /etc/yum.repos.d/

RUN yum install -y libsecret-devel libsecret make cmake gcc gcc-c++ python3.9 git git-core-doc openssh less libX11-devel libxkbfile-devel libxkbfile libxkbcommon bash tar gzip rsync patch \
&& yum -y clean all && rm -rf /var/cache/yum \
&& npm install -g [email protected] \
&& npm install -g [email protected]

#########################################################
#
# Copy Che-Code to the container
#
#########################################################
# Copy VS Code to the container
COPY code /checode-compilation
WORKDIR /checode-compilation
ENV ELECTRON_SKIP_BINARY_DOWNLOAD=1 \
Expand All @@ -59,25 +63,132 @@ RUN NODE_ARCH=$(echo "console.log(process.arch)" | node) \
&& mkdir -p /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH} \
&& echo "caching /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node" \
&& cp /usr/bin/node /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node \
&& NODE_OPTIONS="--max_old_space_size=8500" ./node_modules/.bin/gulp --tasks \
&& NODE_OPTIONS="--max_old_space_size=8500" ./node_modules/.bin/gulp vscode-reh-web-linux-${NODE_ARCH}-min \
&& cp -r ../vscode-reh-web-linux-${NODE_ARCH} /checode

RUN chmod a+x /checode/out/server-main.js \
&& chgrp -R 0 /checode && chmod -R g+rwX /checode

#########################################################
#
# Copy VS Code launcher to the container
COPY launcher /checode-launcher
WORKDIR /checode-launcher
RUN yarn \
&& mkdir /checode/launcher \
&& cp -r out/src/*.js /checode/launcher \
&& chgrp -R 0 /checode && chmod -R g+rwX /checode

##################################################################################################################
#
#########################################################
# Prepare ubi9-based assembly of VS Code
#
##################################################################################################################

# https://registry.access.redhat.com/ubi9/nodejs-18
FROM registry.access.redhat.com/ubi9/nodejs-18:1-84 as linux-libc-ubi9-builder

USER root

# Export GITHUB_TOKEN into environment variable
ARG GITHUB_TOKEN=''
ENV GITHUB_TOKEN=$GITHUB_TOKEN

# Unset GITHUB_TOKEN environment variable if it is empty.
# This is needed for some tools which use this variable and will fail with 401 Unauthorized error if it is invalid.
# For example, vscode ripgrep downloading is an example of such case.
RUN if [ -z $GITHUB_TOKEN ]; then unset GITHUB_TOKEN; fi

# Enable pulp content sets to resolve libsecret & libxkbfile as rpm
COPY ./build/dockerfiles/content_sets_pulp.repo /etc/yum.repos.d/

RUN echo "Repo list is: $(dnf repolist)" && \
echo "Disabling rhel-8 based repos..." && \
dnf config-manager --set-disabled 'rhel-8*' && \
echo "Repo list after disabling rhel-8 based repos is: $(dnf repolist)" && \
echo "$(dnf module list nodejs)"

# Enable rhel-9 repo to resolve libsecret & libxkbfile as rpm
RUN \
dnf install -y \
--enablerepo=rhel-9-for-baseos-rpms-pulp \
--enablerepo=rhel-9-for-appstream-rpms-pulp \
--enablerepo=rhel-9-for-codeready-builder-rpms-pulp \
nodejs-devel libsecret-devel libsecret krb5-devel make cmake gcc gcc-c++ git git-core-doc \
openssh less libX11-devel libxkbfile-devel libxkbfile libxkbcommon bash tar gzip rsync patch npm \
&& dnf -y clean all && rm -rf /var/cache/dnf \
&& npm install -g [email protected] \
&& npm install -g [email protected]

# Copy VS Code to the container
COPY code /checode-compilation
WORKDIR /checode-compilation
ENV ELECTRON_SKIP_BINARY_DOWNLOAD=1 \
PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1

# Initialize a git repository for code build tools
RUN git init .

# change network timeout (slow using multi-arch build)
RUN yarn config set network-timeout 600000 -g

# Install node-gyp, then yarn dependencies (force update to yarn.lock)
RUN yarn add -W -D node-gyp; yarn install --force

RUN NODE_ARCH=$(echo "console.log(process.arch)" | node) \
&& NODE_VERSION=$(cat /checode-compilation/remote/.yarnrc | grep target | cut -d ' ' -f 2 | tr -d '"') \
# cache node from this image to avoid to grab it from within the build
&& mkdir -p /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH} \
&& echo "caching /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node" \
&& cp /usr/bin/node /checode-compilation/.build/node/v${NODE_VERSION}/linux-${NODE_ARCH}/node \
&& NODE_OPTIONS="--max_old_space_size=8500" ./node_modules/.bin/gulp vscode-reh-web-linux-${NODE_ARCH}-min \
&& cp -r ../vscode-reh-web-linux-${NODE_ARCH} /checode \
# cache libbrotli from this image to provide it to a user's container
&& mkdir -p /checode/ld_libs && find /usr/lib64 -name 'libbrotli*' 2>/dev/null | xargs -I {} cp -t /checode/ld_libs {}

RUN chmod a+x /checode/out/server-main.js \
&& chgrp -R 0 /checode && chmod -R g+rwX /checode


# Copy VS Code launcher to the container
COPY launcher /checode-launcher
WORKDIR /checode-launcher
RUN yarn \
&& mkdir /checode/launcher \
&& cp -r out/src/*.js /checode/launcher \
&& chgrp -R 0 /checode && chmod -R g+rwX /checode

# https://registry.access.redhat.com/ubi8/ubi
FROM registry.access.redhat.com/ubi8/ubi:8.9 AS ubi-builder

RUN mkdir -p /mnt/rootfs
RUN yum install --installroot /mnt/rootfs brotli libstdc++ coreutils glibc-minimal-langpack --releasever 8 --setopt install_weak_deps=false --nodocs -y && yum --installroot /mnt/rootfs clean all
RUN rm -rf /mnt/rootfs/var/cache/* /mnt/rootfs/var/log/dnf* /mnt/rootfs/var/log/yum.*

WORKDIR /mnt/rootfs

COPY --from=linux-libc-ubi8-builder --chown=0:0 /checode /mnt/rootfs/checode-linux-libc/ubi8
COPY --from=linux-libc-ubi9-builder --chown=0:0 /checode /mnt/rootfs/checode-linux-libc/ubi9

RUN mkdir -p /mnt/rootfs/projects && mkdir -p /mnt/rootfs/home/che && mkdir -p /mnt/rootfs/bin/
RUN cat /mnt/rootfs/etc/passwd | sed s#root:x.*#root:x:\${USER_ID}:\${GROUP_ID}::\${HOME}:/bin/bash#g > /mnt/rootfs/home/che/.passwd.template \
&& cat /mnt/rootfs/etc/group | sed s#root:x:0:#root:x:0:0,\${USER_ID}:#g > /mnt/rootfs/home/che/.group.template
RUN for f in "/mnt/rootfs/bin/" "/mnt/rootfs/home/che" "/mnt/rootfs/etc/passwd" "/mnt/rootfs/etc/group" "/mnt/rootfs/projects" ; do\
chgrp -R 0 ${f} && \
chmod -R g+rwX ${f}; \
done

COPY --from=machine-exec --chown=0:0 /go/bin/che-machine-exec /mnt/rootfs/bin/machine-exec
COPY --chmod=755 /build/scripts/*.sh /mnt/rootfs/
COPY --chmod=755 /build/remote-config /mnt/rootfs/remote/data/Machine/

##################################################################################################################
#
# Create all-in-one image
#
##################################################################################################################

# https://registry.access.redhat.com/ubi8-minimal
FROM registry.access.redhat.com/ubi8-minimal:8.9-1108
COPY --from=builder --chown=0:0 /checode /checode-linux-libc
COPY --from=ubi-builder /mnt/rootfs/ /
ENV HOME=/home/che
USER 1001
ENTRYPOINT /entrypoint.sh
Loading