New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add denoland/deno:bin
image
#159
Conversation
This seems like two independent changes:
This seems more complicated to me. Creates an additional dependency that didn't exist before. Also worth noting the binary won't work with (vanilla) alpine / some other base images. I think buildx pattern might make more sense when the build is more complex than a single "download via curl" step.
There has been some discussion of this in the past but I don't recall a compelling argument being made (also, there was a competing deno docker image which used that but it was less popular). Perhaps I am missing something... |
Indeed, having to call
|
Oh, I just used it in the |
My recommendation is to publish something on docker hub to play with... That way the community can play with it - and give some feedback. Personally I don't feel qualified/confident in best practices here... and would just go with the simpler solution. 🤷 (Note: I am not a maintainer anymore so not up to me.) RE the deno PR, similar advice, I suspect they'll be some push back against a new top-level file (let alone several), also - more importantly - deno is already a very complex build matrix (and carefully optimised/cached for performance). My suspicion is a better way could be to create a new repo which includes deno as a submodule and build from that.... In that way you could create version binaries (or daily, similar to how daily deno binaries were built by the community)... this could be a route to something like that being included in mainline deno (as happened with daily deno binaries). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I played around a bit with this PR: Something that I find interesting is that it does shelves off a few megabytes (at least on Ubuntu). The reason being that while we do remove the packages installed by apt
required to download the executable, there are some artifacts left on the filesystem. For example, the ca-certificates
package installs a /etc/ca-certificates.conf
file that isn't removed from the filesystem when removing the package.
This could easily be solved by using a multi-stage build to isolate the download phase and avoid carrying over these artifacts left over by package managers, but this approach has the nice added advantage of leaving a single point where we have to download the artifact as opposed to the current approach where each Dockerfile installs the packages needed to do that step.
I was also worried about Alpine, but having tested it locally it does seem to work properly since the Alpine image is still based off of frolvlad/alpine-glibc
. @hayd if you have some tests that you used to use locally with known issues on Alpine I'd interested, just to make sure that it is indeed correct.
Beyond that there's a few comments that I dropped, in addition to those I'd say I would prefer calling this image scratch
instead of bin
-- I think that's more in line with the Docker terminology. Also, the bin image uses Alpine to download the binary -- I would feel more confident if it was based on Debian, Ubuntu or Centos as they're distros that I (and probably the rest of the team) am more familiar with and can get better support for; Since the final image is based off of scratch
it shouldn't change the final output.
&& adduser --uid 1000 --disabled-password deno --ingroup deno \ | ||
&& mkdir /deno-dir/ \ | ||
&& chown deno:deno /deno-dir/ | ||
&& adduser --uid 1000 --disabled-password deno --ingroup deno \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but now the indents don't match 😭
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hayd I thought it was a mistake. Do you want me to revert to 1 space?
Sorry, that was related to the README instruction to include the binary in your own image. I think that may lead to confused users. |
If we do that, we could have FROM scratch as last stage (that just copies the binary from the top layer). |
Regarding the name of the image, the only example that I found was There could be more images in the future which also use |
I think Andy was saying that the |
Yes! Oops. Sorry |
So I thought a bit more about this change over the day; I'm in favor of adding this bare Docker layer and even publish it as a
|
@wperron Great, I will work on these points. |
@wperron Done.
|
https://github.com/felipecrs/deno_docker/actions/runs/1164191039 @wperron CI is passing finally. I switch from |
Please do; they run much faster than the regular runner. I agree it's a bit of a bummer when developing on a fork only, but it works as soon as you have a PR open. You can always open PRs as draft in the future, they usually stay unreviewed when in that state. |
I just did, @wperron. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, Thanks a lot for the contribution! 🚀
This simplifies the build process, and also users who want to install
deno
in their own base images. This pattern is also followed by the Docker Buildx: https://hub.docker.com/r/docker/buildx-binFor now, some additional complexities were added to the
ci.yaml
(the entirebuild-ci
) stage. But I plan to also propose a simplification in another PR using the Docker Bake Action and Docker Metadata Action, thus allowing we to build everything in a single job.Plus, some additional changes were made:
Dockerfile
s to use 2 spaces as indent delimiterci.yaml
with vscode-yaml