Skip to content

Build docker images for graviton instances #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mdesouky merged 4 commits into from
May 27, 2025
Merged

Build docker images for graviton instances #132

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7350fca
feat(.github/workflows): Build docker images for graviton instances
mdesouky May 23, 2025
d2ae1e3
chore(Dockerfile): Fix Dockerfile
mdesouky May 23, 2025
3467b48
chore(dockerfile): Use existing TARGETPLATFORM arg
mdesouky May 27, 2025
9bcdc72
chore(dockerfile): Use existing TARGETARCH arg
mdesouky May 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .github/workflows/release-please.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,5 @@ jobs:
docker-context: "."
docker-tag: "${{ needs.release-please.outputs.server-version }}"
docker-tag-latest: true
docker-image-platforms: linux/amd64
docker-repository: "610829907584.dkr.ecr.ap-southeast-2.amazonaws.com/gitops"
command: echo $SECRET_ENV | base64 -d > cluster.key
1 change: 0 additions & 1 deletion .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,5 @@ jobs:
docker-context: "."
docker-prefix: test
docker-tag-latest: false
docker-image-platforms: linux/amd64
docker-repository: "610829907584.dkr.ecr.ap-southeast-2.amazonaws.com/gitops"
command: echo $SECRET_ENV | base64 -d > cluster.key
43 changes: 26 additions & 17 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,32 +3,42 @@
##
## Install kubectl and dependencies.
##
# RUN apk add -U openssl curl tar gzip bash ca-certificates && \
# wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub && \
# wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.23-r3/glibc-2.23-r3.apk && \
# apk add glibc-2.23-r3.apk && \
# rm glibc-2.23-r3.apk
# RUN curl -L -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.8.0/bin/linux/amd64/kubectl && \
# chmod +x /usr/bin/kubectl && \
# kubectl version --client
ENV KUBE_LATEST_VERSION="v1.21.3"
ENV HELM_VERSION="v3.6.2" \
VIRTUAL_ENV="/app/.venv" \
PATH="/app/.venv/bin:$PATH"
RUN apt-get update
RUN apt-get install wget ca-certificates bash git git-crypt -y --no-install-recommends \
&& wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBE_LATEST_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl \
ENV TARGETARCH=""
Copy link
Collaborator

@uptickmetachu uptickmetachu May 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this correct?

#14 [linux/amd64 stage-0 2/10] RUN apt-get update && apt-get install wget ca-certificates bash git git-crypt -y --no-install-recommends && case "$(dpkg --print-architecture)" in amd64) export TARGETARCH="amd64" ;; arm64) export TARGETARCH="arm64" ;; ) echo "Unsupported architecture: $(dpkg --print-architecture)"; exit 1 ;; esac && wget -q https://storage.googleapis.com/kubernetes-release/release/v1.21.3/bin/linux//kubectl -O /usr/local/bin/kubectl && chmod +x /usr/local/bin/kubectl && wget -q https://get.helm.sh/helm-v3.6.2-linux-.tar.gz -O - | tar -xzO linux-/helm > /usr/local/bin/helm && chmod +x /usr/local/bin/helm && helm plugin install https://github.com/jkroepke/helm-secrets --version v4.2.2 && wget -q https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux. -O /usr/local/bin/sops && chmod +x /usr/local/bin/sops && apt-get clean && apt-get -y autoremove && rm -rf /var/lib/apt/lists/ && rm -rf /var/cache/apt/
From the logs in the build.

You are clearing TargetAch whereas we just want to drop that line and let it naturally exist.

Copy link
Collaborator

@uptickmetachu uptickmetachu May 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

There must be a better way to do it instead of the case statement.

Copy link
Collaborator

@uptickmetachu uptickmetachu May 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://docs.docker.com/build/building/multi-platform/#:~:text=Cross%2Dcompilation,-Depending%20on%20your&text=Special%20build%20arguments%2C%20such%20as,prevent%20emulation%20from%20kicking%20in.

I think you just want to set ARG TARGETARCH (not env)

Copy link
Contributor Author

@mdesouky mdesouky May 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@uptickmetachu OK fixed I used the existing TARGETARCH arg


RUN apt-get update \
&& apt-get install wget ca-certificates bash git git-crypt -y --no-install-recommends \
# Determine target architecture and set TARGETARCH accordingly
&& case "$(dpkg --print-architecture)" in \
amd64) export TARGETARCH="amd64" ;; \
arm64) export TARGETARCH="arm64" ;; \
*) echo "Unsupported architecture: $(dpkg --print-architecture)"; exit 1 ;; \
esac \
\
# Download kubectl
&& wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBE_LATEST_VERSION}/bin/linux/${TARGETARCH}/kubectl -O /usr/local/bin/kubectl \
&& chmod +x /usr/local/bin/kubectl \
&& wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm \
\
# Download helm
&& wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz -O - | tar -xzO linux-${TARGETARCH}/helm > /usr/local/bin/helm \
&& chmod +x /usr/local/bin/helm \
\
# Install helm-secrets plugin
&& helm plugin install https://github.com/jkroepke/helm-secrets --version v4.2.2 \
&& wget -q https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.amd64 -O /usr/local/bin/sops \
\
# Download sops
&& wget -q https://github.com/mozilla/sops/releases/download/v3.7.3/sops-v3.7.3.linux.${TARGETARCH} -O /usr/local/bin/sops \
&& chmod +x /usr/local/bin/sops \
\
&& apt-get clean \
&& apt-get -y autoremove \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /var/cache/apt/ \
ENV SHELL=/bin/bash
&& rm -rf /var/cache/apt/

ENV SHELL=/bin/bash

##
## Install dependencies and copy GitOps server.
Expand All @@ -45,9 +55,8 @@
COPY gitops /app/gitops/
COPY gitops_server /app/gitops_server

ENV GIT_CRYPT_KEY_FILE=/app/cluster.key

Check warning on line 58 in Dockerfile

View workflow job for this annotation

GitHub Actions / Build and Push Docker Image / ci

Sensitive data should not be used in the ARG or ENV commands 

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "GIT_CRYPT_KEY_FILE")
More info: https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/
ENV PYTHONPATH="$PYTHONPATH:/app"

Check warning on line 59 in Dockerfile

View workflow job for this annotation

GitHub Actions / Build and Push Docker Image / ci

Variables should be defined before their use 

UndefinedVar: Usage of undefined variable '$PYTHONPATH'
More info: https://docs.docker.com/go/dockerfile/rule/undefined-var/
ENV ACCESS_LOG=""


CMD ["uvicorn", "--host", "0.0.0.0", "--port", "8000", "gitops_server.main:app"]
CMD ["uvicorn", "--host", "0.0.0.0", "--port", "8000", "gitops_server.main:app"]