Skip to content

Dockerfile and docker build improvements #167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Jun 10, 2023
Merged

Dockerfile and docker build improvements #167

merged 7 commits into from
Jun 10, 2023

Conversation

lopopolo
Copy link
Member

I did some pair programming with ChatGPT here: https://chat.openai.com/c/b88a7262-4fb5-4062-8c32-eed75b809f43.

Improvements

  • Use a UID and GID that is within the typical bounds of a Linux distribution. The previous IDs (the Unicode scalar value for 💎 in base 10) were too big.
  • Add more comments to the different sections of the Dockerfiles.
  • Remove the empty.txt hack for the optional THIRDPARTY file, preferring to use a build ARG.
  • Add .dockerignore file.
  • Add missing opencontainers image labels and fixup some incorrectly set ones.

lopopolo added 5 commits June 10, 2023 15:49
@lopopolo
Use valid UID and GIDs for non-root user
3783057 
The `128142` UID and GID previously used corresponded to the decimal
encoding of the gem emoji ('💎') Unicode character.

In conversations with ChatGPT, this ID is outside the typical range on
most Linux distributions:

> In most Linux distributions, the valid range for UIDs and GIDs is from
> 0 to 65535 (inclusive). However, there are reserved ranges and conventions
> that dictate the allocation of UIDs and GIDs. For example, UIDs below 1000
> are often reserved for system users and groups, while UIDs above 1000 are
> typically used for regular users.
>
> In the case of UID/GID 128142, it falls outside the typical valid range of
> UIDs and GIDs on Linux systems. Therefore, it may not be considered a valid
> UID/GID.

Use `1888` for UID and GID of the `artichoke` user, which adheres to
these guidelines.
@lopopolo
Add more comments to dockerfiles
11a1ad3
@lopopolo
Remove empty.txt hack for optional THIRDPARTY file
2955b87 
Pass `THIRDPARTY` file as a build arg.
@lopopolo
Add .dockerignore file
20b36d4
@lopopolo
Add missing opencontainers image labels, fix errors in label values
b5ba34b
@lopopolo lopopolo added C-bug Category: This is a bug. C-quality Category: Refactoring, cleanup, and quality improvements. A-dockerfile Area: Dockerfile builds. labels Jun 10, 2023
@lopopolo lopopolo force-pushed the lopopolo/docker-improvements branch from f95b466 to 720707d Compare June 10, 2023 23:20
@lopopolo
Copy link
Member Author

Here's a code review from ChatGPT:

The code you provided is a Dockerfile that builds a multi-stage Docker image for the Artichoke Ruby interpreter. Here's a review of the code:

  1. The Dockerfile starts with a build stage defined by FROM --platform=$BUILDPLATFORM debian:bullseye-slim AS build. It sets the platform for the build and uses Debian Bullseye as the base image.
  2. The shell options are configured using SHELL ["/bin/bash", "-o", "pipefail", "-c"]. This sets the shell to Bash and enables pipefail, which makes the pipeline return a non-zero status if any command in the pipeline fails.
  3. The build dependencies are installed using apt-get. Various packages are installed, including compilers, libraries, and tools needed for the build process.
  4. Rust setup is performed next. It sets the Rust version, defines environment variables, and installs Rust using rustup-init. It adds necessary target architectures and sets linker and cargo options.
  5. Artichoke, the Ruby interpreter, is installed using Cargo. The target architecture is determined based on the build arguments. If ARTICHOKE_NIGHTLY_REVISION is set to "latest," it installs the latest revision from the trunk branch; otherwise, it installs the specified revision.
  6. The THIRDPARTY license manifest file is copied to the /target/ directory if it exists.
  7. The runtime stage is defined using FROM debian:bullseye-slim AS runtime. This stage will be the final image used to run the Artichoke interpreter.
  8. Various build arguments and labels are set to provide information about the image.
  9. The Artichoke binaries and the THIRDPARTY file from the build stage are copied to the runtime stage.
  10. A non-root user is created, and the environment variables and PATH are set.
  11. The entry point command is set to airb, which is the Artichoke REPL.

Overall, the Dockerfile looks well-structured and organized. It follows best practices for multi-stage builds, sets up the necessary dependencies, installs Rust and Artichoke, and creates a runtime stage with the required files and environment. It also uses a non-root user for improved security.

However, without knowing the specific requirements or context of your project, it's challenging to provide more specific feedback. If you have any specific concerns or questions about certain parts of the code, please let me know, and I'll be glad to assist you further.

@lopopolo lopopolo merged commit cb1301f into trunk Jun 10, 2023
@lopopolo lopopolo deleted the lopopolo/docker-improvements branch June 10, 2023 23:44
@lopopolo
Copy link
Member Author

new labels from docker inspect docker.io/artichokeruby/artichoke:alpine3-nightly:

Screenshot 2023-06-10 at 4 50 42 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
A-dockerfile Area: Dockerfile builds. C-bug Category: This is a bug. C-quality Category: Refactoring, cleanup, and quality improvements.
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@lopopolo