From cb6ff59d7ef48fe49d92d7823cffec0aa25a88a3 Mon Sep 17 00:00:00 2001 From: Jeppe Fihl-Pearson Date: Wed, 2 Mar 2022 10:02:38 +0000 Subject: [PATCH 1/8] Correct indentation of run commands --- docker-base/Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index f05cb3f9a2..8b5c08eb85 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -42,13 +42,13 @@ RUN apk add --no-cache ca-certificates gnupg curl git unzip bash openssh libcap gpg --batch --verify gosu.asc gosu && \ chmod +x gosu && \ cp gosu /bin && \ - cd /tmp && \ - rm -rf /tmp/build && \ - gpgconf --kill dirmngr && \ - gpgconf --kill gpg-agent && \ - apk del gnupg openssl && \ - rm -rf /root/.gnupg && \ - rm -rf /var/cache/apk/* + cd /tmp && \ + rm -rf /tmp/build && \ + gpgconf --kill dirmngr && \ + gpgconf --kill gpg-agent && \ + apk del gnupg openssl && \ + rm -rf /root/.gnupg && \ + rm -rf /var/cache/apk/* # Set up nsswitch.conf for Go's "netgo" implementation # - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275 From 4fe7817693581efee82a8a5ed3b196a2a4a896fb Mon Sep 17 00:00:00 2001 From: Jeppe Fihl-Pearson Date: Wed, 2 Mar 2022 10:58:19 +0000 Subject: [PATCH 2/8] Split installation of packages into the ones needed at run time and build time This allows us to now repeat the packages which need to be uninstalled again by making use of a virtual package, which - when removed - removes the packages installed as a dependency of it. --- docker-base/Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index 8b5c08eb85..8c7f14d1ad 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -21,7 +21,11 @@ RUN addgroup atlantis && \ ENV DUMB_INIT_VERSION=1.2.5 ENV GOSU_VERSION=1.14 ENV GIT_LFS_VERSION=3.1.2 -RUN apk add --no-cache ca-certificates gnupg curl git unzip bash openssh libcap openssl && \ + +# Install packages needed for running Atlantis. +RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap && \ + # Install packages needed for building dependencies. + apk add --no-cache --virtual .build-deps gnupg openssl && \ curl -L -s --output /bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64" && \ chmod +x /bin/dumb-init && \ mkdir -p /tmp/build && \ @@ -46,7 +50,7 @@ RUN apk add --no-cache ca-certificates gnupg curl git unzip bash openssh libcap rm -rf /tmp/build && \ gpgconf --kill dirmngr && \ gpgconf --kill gpg-agent && \ - apk del gnupg openssl && \ + apk del .build-deps && \ rm -rf /root/.gnupg && \ rm -rf /var/cache/apk/* From d0438a2cc770f79a876e937c261c3f0d458d5ef3 Mon Sep 17 00:00:00 2001 From: Jeppe Fihl-Pearson Date: Wed, 2 Mar 2022 11:00:21 +0000 Subject: [PATCH 3/8] Remove unnecessary `rm -rf /var/cache/apk/*` command It's no needed when `apt add` is run with the `--no-cache` option. --- docker-base/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index 8c7f14d1ad..4a45062a06 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -51,8 +51,7 @@ RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap && \ gpgconf --kill dirmngr && \ gpgconf --kill gpg-agent && \ apk del .build-deps && \ - rm -rf /root/.gnupg && \ - rm -rf /var/cache/apk/* + rm -rf /root/.gnupg # Set up nsswitch.conf for Go's "netgo" implementation # - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275 From cfe4ae132ef10574b65a14a2bd7673ed72b38f26 Mon Sep 17 00:00:00 2001 From: Jeppe Fihl-Pearson Date: Wed, 2 Mar 2022 11:03:41 +0000 Subject: [PATCH 4/8] Add vertical spacing so it's clearer what is happening when --- docker-base/Dockerfile | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index 4a45062a06..c4aced243b 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -26,14 +26,20 @@ ENV GIT_LFS_VERSION=3.1.2 RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap && \ # Install packages needed for building dependencies. apk add --no-cache --virtual .build-deps gnupg openssl && \ - curl -L -s --output /bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64" && \ - chmod +x /bin/dumb-init && \ mkdir -p /tmp/build && \ cd /tmp/build && \ + + # dumb-init + curl -L -s --output /bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64" && \ + chmod +x /bin/dumb-init && \ + + # git-lfs curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-amd64-v${GIT_LFS_VERSION}.tar.gz" && \ tar -xf git-lfs.tar.gz && \ chmod +x git-lfs && \ mv git-lfs /usr/bin/git-lfs && \ + + # gosu curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64" && \ curl -L -s --output gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64.asc" && \ for server in $(shuf -e ipv4.pool.sks-keyservers.net \ @@ -46,6 +52,8 @@ RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap && \ gpg --batch --verify gosu.asc gosu && \ chmod +x gosu && \ cp gosu /bin && \ + + # Cleanup cd /tmp && \ rm -rf /tmp/build && \ gpgconf --kill dirmngr && \ From d517f72d83dc8123666aa66a3bccd41952ff8727 Mon Sep 17 00:00:00 2001 From: Jeppe Fihl-Pearson Date: Wed, 2 Mar 2022 11:16:34 +0000 Subject: [PATCH 5/8] Test the downloaded binaries to make sure they work on the platform This can help find issues where binaries are downloaded for the wrong platform compared to the architecture the Docker image is built for. --- docker-base/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index c4aced243b..c29456b666 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -32,12 +32,14 @@ RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap && \ # dumb-init curl -L -s --output /bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64" && \ chmod +x /bin/dumb-init && \ + dumb-init --version && \ # git-lfs curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-amd64-v${GIT_LFS_VERSION}.tar.gz" && \ tar -xf git-lfs.tar.gz && \ chmod +x git-lfs && \ mv git-lfs /usr/bin/git-lfs && \ + git-lfs --version && \ # gosu curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64" && \ @@ -52,6 +54,7 @@ RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap && \ gpg --batch --verify gosu.asc gosu && \ chmod +x gosu && \ cp gosu /bin && \ + gosu --version && \ # Cleanup cd /tmp && \ From 3b30c40313492c70c3963c4f222f55d050c90e00 Mon Sep 17 00:00:00 2001 From: Jeppe Fihl-Pearson Date: Wed, 2 Mar 2022 11:19:33 +0000 Subject: [PATCH 6/8] Install dumb-init via apk It's available as a package for Alpine Linux in version 1.2.5 as well, which makes it easier to handle for the different architectures. --- docker-base/Dockerfile | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index c29456b666..1c6ac315ac 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -17,23 +17,17 @@ RUN addgroup atlantis && \ chmod g=u /home/atlantis/ && \ chmod g=u /etc/passwd -# Install dumb-init, gosu and git-lfs. -ENV DUMB_INIT_VERSION=1.2.5 +# Install gosu and git-lfs. ENV GOSU_VERSION=1.14 ENV GIT_LFS_VERSION=3.1.2 # Install packages needed for running Atlantis. -RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap && \ +RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap dumb-init && \ # Install packages needed for building dependencies. apk add --no-cache --virtual .build-deps gnupg openssl && \ mkdir -p /tmp/build && \ cd /tmp/build && \ - # dumb-init - curl -L -s --output /bin/dumb-init "https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64" && \ - chmod +x /bin/dumb-init && \ - dumb-init --version && \ - # git-lfs curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-amd64-v${GIT_LFS_VERSION}.tar.gz" && \ tar -xf git-lfs.tar.gz && \ From 77f6719f43cba755ba3c1c4938d43d4fb882c35c Mon Sep 17 00:00:00 2001 From: Jeppe Fihl-Pearson Date: Wed, 2 Mar 2022 11:31:24 +0000 Subject: [PATCH 7/8] Get git-lfs binaries in the right architecture for the Docker image This makes use of the `TARGETPLATFORM` argument which automatically is populated by Docker BuildKit with a string such as "linux/amd64" when the image is being build for an x86_64 architecture. --- docker-base/Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index 1c6ac315ac..c094d54c50 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -21,6 +21,9 @@ RUN addgroup atlantis && \ ENV GOSU_VERSION=1.14 ENV GIT_LFS_VERSION=3.1.2 +# Automatically populated with the architecture the image is being built for. +ARG TARGETPLATFORM + # Install packages needed for running Atlantis. RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap dumb-init && \ # Install packages needed for building dependencies. @@ -29,7 +32,7 @@ RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap dumb-i cd /tmp/build && \ # git-lfs - curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-amd64-v${GIT_LFS_VERSION}.tar.gz" && \ + curl -L -s --output git-lfs.tar.gz "https://github.com/git-lfs/git-lfs/releases/download/v${GIT_LFS_VERSION}/git-lfs-linux-${TARGETPLATFORM##*/}-v${GIT_LFS_VERSION}.tar.gz" && \ tar -xf git-lfs.tar.gz && \ chmod +x git-lfs && \ mv git-lfs /usr/bin/git-lfs && \ From d94d281419b76bb67b01f8af8dff7ee9a6c7e304 Mon Sep 17 00:00:00 2001 From: Jeppe Fihl-Pearson Date: Wed, 2 Mar 2022 11:45:37 +0000 Subject: [PATCH 8/8] Install gosu for the right architecture The `case` statement was taken from https://github.com/BretFisher/multi-platform-docker-build as a way of translating the platform name into what we needed for downloading gosu. --- docker-base/Dockerfile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index c094d54c50..e9c0f4394f 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -39,8 +39,13 @@ RUN apk add --no-cache ca-certificates curl git unzip bash openssh libcap dumb-i git-lfs --version && \ # gosu - curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64" && \ - curl -L -s --output gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64.asc" && \ + case ${TARGETPLATFORM} in \ + "linux/amd64") GOSU_ARCH=amd64 ;; \ + "linux/arm64") GOSU_ARCH=arm64 ;; \ + "linux/arm/v7") GOSU_ARCH=armhf ;; \ + esac && \ + curl -L -s --output gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCH}" && \ + curl -L -s --output gosu.asc "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${GOSU_ARCH}.asc" && \ for server in $(shuf -e ipv4.pool.sks-keyservers.net \ hkp://p80.pool.sks-keyservers.net:80 \ keyserver.ubuntu.com \