From 1b145dac27907c9b60831e00b03cd11a96f7121e Mon Sep 17 00:00:00 2001 From: rui Date: Wed, 2 Mar 2022 20:01:28 -0500 Subject: [PATCH] fix(docker): fix docker runtime issue (#2106) * debug setup * Revert "fix(docker): download Terraform and conftest versions maching image architecture (#2101)" This reverts commit 579e583740a5854a60cc19992189a3200611af38. * Revert "fix(docker): fix installation of git-lfs in armv7 image (#2100)" This reverts commit 8af78838b640fc0b4be386bf9e86b77907a7f1a4. * Revert "fix(docker): fix base image for multi-platform build (#2099)" This reverts commit 571543fdfb45b94db4fee88ca47f970d2a4c1fe5. * Revert "debug setup" This reverts commit 274501ab6e4e366c5548f1b3c98e5b940e3a9cc1. --- Dockerfile | 32 ++++++++------------------ docker-base/Dockerfile | 51 +++++++++++++----------------------------- 2 files changed, 24 insertions(+), 59 deletions(-) diff --git a/Dockerfile b/Dockerfile index fe705f07ef..77cd0bf02f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,27 +9,19 @@ RUN CGO_ENABLED=0 go build -trimpath -ldflags "-s -w" -v -o atlantis . # The runatlantis/atlantis-base is created by docker-base/Dockerfile. FROM ghcr.io/runatlantis/atlantis-base:2022.03.02 AS base -# Get the architecture the image is being built for -ARG TARGETPLATFORM - # install terraform binaries ENV DEFAULT_TERRAFORM_VERSION=1.1.6 # In the official Atlantis image we only have the latest of each Terraform version. -RUN AVAILABLE_TERRAFORM_VERSIONS="0.11.15 0.12.31 0.13.7 0.14.11 0.15.5 1.0.11 ${DEFAULT_TERRAFORM_VERSION}" && \ - case ${TARGETPLATFORM} in \ - "linux/amd64") TERRAFORM_ARCH=amd64 ;; \ - "linux/arm64") TERRAFORM_ARCH=arm64 ;; \ - "linux/arm/v7") TERRAFORM_ARCH=arm ;; \ - esac && \ +RUN AVAILABLE_TERRAFORM_VERSIONS="0.8.8 0.9.11 0.10.8 0.11.15 0.12.31 0.13.7 0.14.11 0.15.5 1.0.11 ${DEFAULT_TERRAFORM_VERSION}" && \ for VERSION in ${AVAILABLE_TERRAFORM_VERSIONS}; do \ - curl -LOs https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_${TERRAFORM_ARCH}.zip && \ + curl -LOs https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_linux_amd64.zip && \ curl -LOs https://releases.hashicorp.com/terraform/${VERSION}/terraform_${VERSION}_SHA256SUMS && \ - sed -n "/terraform_${VERSION}_linux_${TERRAFORM_ARCH}.zip/p" terraform_${VERSION}_SHA256SUMS | sha256sum -c && \ + sed -n "/terraform_${VERSION}_linux_amd64.zip/p" terraform_${VERSION}_SHA256SUMS | sha256sum -c && \ mkdir -p /usr/local/bin/tf/versions/${VERSION} && \ - unzip terraform_${VERSION}_linux_${TERRAFORM_ARCH}.zip -d /usr/local/bin/tf/versions/${VERSION} && \ + unzip terraform_${VERSION}_linux_amd64.zip -d /usr/local/bin/tf/versions/${VERSION} && \ ln -s /usr/local/bin/tf/versions/${VERSION}/terraform /usr/local/bin/terraform${VERSION} && \ - rm terraform_${VERSION}_linux_${TERRAFORM_ARCH}.zip && \ + rm terraform_${VERSION}_linux_amd64.zip && \ rm terraform_${VERSION}_SHA256SUMS; \ done && \ ln -s /usr/local/bin/tf/versions/${DEFAULT_TERRAFORM_VERSION}/terraform /usr/local/bin/terraform @@ -37,20 +29,14 @@ RUN AVAILABLE_TERRAFORM_VERSIONS="0.11.15 0.12.31 0.13.7 0.14.11 0.15.5 1.0.11 $ ENV DEFAULT_CONFTEST_VERSION=0.30.0 RUN AVAILABLE_CONFTEST_VERSIONS="${DEFAULT_CONFTEST_VERSION}" && \ - case ${TARGETPLATFORM} in \ - "linux/amd64") CONFTEST_ARCH=x86_64 ;; \ - "linux/arm64") CONFTEST_ARCH=arm64 ;; \ - # There is currently no compiled version of conftest for armv7 - "linux/arm/v7") CONFTEST_ARCH=x86_64 ;; \ - esac && \ for VERSION in ${AVAILABLE_CONFTEST_VERSIONS}; do \ - curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${VERSION}/conftest_${VERSION}_Linux_${CONFTEST_ARCH}.tar.gz && \ + curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${VERSION}/conftest_${VERSION}_Linux_x86_64.tar.gz && \ curl -LOs https://github.com/open-policy-agent/conftest/releases/download/v${VERSION}/checksums.txt && \ - sed -n "/conftest_${VERSION}_Linux_${CONFTEST_ARCH}.tar.gz/p" checksums.txt | sha256sum -c && \ + sed -n "/conftest_${VERSION}_Linux_x86_64.tar.gz/p" checksums.txt | sha256sum -c && \ mkdir -p /usr/local/bin/cft/versions/${VERSION} && \ - tar -C /usr/local/bin/cft/versions/${VERSION} -xzf conftest_${VERSION}_Linux_${CONFTEST_ARCH}.tar.gz && \ + tar -C /usr/local/bin/cft/versions/${VERSION} -xzf conftest_${VERSION}_Linux_x86_64.tar.gz && \ ln -s /usr/local/bin/cft/versions/${VERSION}/conftest /usr/local/bin/conftest${VERSION} && \ - rm conftest_${VERSION}_Linux_${CONFTEST_ARCH}.tar.gz && \ + rm conftest_${VERSION}_Linux_x86_64.tar.gz && \ rm checksums.txt; \ done diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index 1e05829296..f05cb3f9a2 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -17,40 +17,21 @@ RUN addgroup atlantis && \ chmod g=u /home/atlantis/ && \ chmod g=u /etc/passwd -# Install gosu and git-lfs. +# Install dumb-init, gosu and git-lfs. +ENV DUMB_INIT_VERSION=1.2.5 ENV GOSU_VERSION=1.14 ENV GIT_LFS_VERSION=3.1.2 - -# Automatically populated with the architecture the image is being built for. -ARG TARGETPLATFORM - -# Install packages needed for running Atlantis. -RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap dumb-init && \ - # Install packages needed for building dependencies. - apk add --no-cache --virtual .build-deps gnupg openssl && \ +RUN apk add --no-cache ca-certificates gnupg curl git unzip bash openssh libcap openssl && \ + curl -L -s --output /bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64" && \ + chmod +x /bin/dumb-init && \ mkdir -p /tmp/build && \ cd /tmp/build && \ - - # git-lfs - case ${TARGETPLATFORM} in \ - "linux/amd64") GIT_LFS_ARCH=amd64 ;; \ - "linux/arm64") GIT_LFS_ARCH=arm64 ;; \ - "linux/arm/v7") GIT_LFS_ARCH=arm ;; \ - esac && \ - curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-${GIT_LFS_ARCH}-v${GIT_LFS_VERSION}.tar.gz" && \ + curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-amd64-v${GIT_LFS_VERSION}.tar.gz" && \ tar -xf git-lfs.tar.gz && \ chmod +x git-lfs && \ mv git-lfs /usr/bin/git-lfs && \ - git-lfs --version && \ - - # gosu - case ${TARGETPLATFORM} in \ - "linux/amd64") GOSU_ARCH=amd64 ;; \ - "linux/arm64") GOSU_ARCH=arm64 ;; \ - "linux/arm/v7") GOSU_ARCH=armhf ;; \ - esac && \ - curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCH}" && \ - curl -L -s --output gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCH}.asc" && \ + curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64" && \ + curl -L -s --output gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64.asc" && \ for server in $(shuf -e ipv4.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ keyserver.ubuntu.com \ @@ -61,15 +42,13 @@ RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap dumb-i gpg --batch --verify gosu.asc gosu && \ chmod +x gosu && \ cp gosu /bin && \ - gosu --version && \ - - # Cleanup - cd /tmp && \ - rm -rf /tmp/build && \ - gpgconf --kill dirmngr && \ - gpgconf --kill gpg-agent && \ - apk del .build-deps && \ - rm -rf /root/.gnupg + cd /tmp && \ + rm -rf /tmp/build && \ + gpgconf --kill dirmngr && \ + gpgconf --kill gpg-agent && \ + apk del gnupg openssl && \ + rm -rf /root/.gnupg && \ + rm -rf /var/cache/apk/* # Set up nsswitch.conf for Go's "netgo" implementation # - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275