Update Ibeji Dockerfiles (#81)

* Remove Containerize feature and add aarch64 targets

* Updated Dockerfiles for amd64 and arm64

* Update README's to reflect container changes

* Fix link and linting

* make optional args more concise

* remove unused comment

.cargo/config.toml

@@ -0,0 +1,3 @@
+[target.aarch64-unknown-linux-gnu]
+linker = "aarch64-linux-gnu-gcc"
+rustflags = [ "-C", "target-feature=+crt-static", "-C", "link-arg=-lgcc" ]

.github/workflows/check-spelling.yml

@@ -21,6 +21,5 @@ jobs:
           ./tools/check_spelling.sh ./core/common/README.md
           ./tools/check_spelling.sh ./dtdl-parser/README.md
           ./tools/check_spelling.sh ./docs/design/README.md
-          ./tools/check_spelling.sh ./samples/container/README.md
           ./tools/check_spelling.sh ./samples/managed_subscribe/README.md
         shell: bash

Dockerfile → Dockerfile.amd64

@@ -10,24 +10,37 @@
 # Create a stage for building the application.
 
 ARG RUST_VERSION=1.72.1
-FROM docker.io/library/rust:${RUST_VERSION}-slim-bullseye AS build
 ARG APP_NAME=invehicle-digital-twin
+ARG FEATURES=""
+ARG UID=10001
+
+FROM docker.io/library/rust:${RUST_VERSION}-slim-bullseye AS build
+ARG APP_NAME
+ARG FEATURES
 WORKDIR /sdv
 
 COPY ./ .
 
+# Check that APP_NAME argument is valid.
+RUN /sdv/container/scripts/argument_sanitizer.sh \
+    --arg-value "${APP_NAME}" \
+    --regex "^[a-zA-Z_0-9-]+$" || \
+    ( echo "Argument sanitizer failed for ARG 'APP_NAME'"; exit 1 )
+
+# Check that FEATURES argument is valid if the argument is not empty.
+# The regex checks if there is one or more features separated by a single space.
+RUN if [ -n "${FEATURES}" ]; then \
+    /sdv/container/scripts/argument_sanitizer.sh \
+    --arg-value "${FEATURES}" \
+    --regex "^[a-zA-Z_0-9-]+(?: [a-zA-Z_0-9-]+)*$" || \
+    ( echo "Argument sanitizer failed for ARG 'FEATURES'"; exit 1 ) \
+    fi
+
 # Add Build dependencies.
 RUN apt update && apt upgrade -y && apt install -y protobuf-compiler
 
-# Check that APP_NAME argument is valid.
-RUN sanitized=$(echo "${APP_NAME}" | tr -dc '^[a-zA-Z_0-9-]+$'); \
-[ "$sanitized" = "${APP_NAME}" ] || { \
-    echo "ARG 'APP_NAME' is invalid. APP_NAME='${APP_NAME}' sanitized='${sanitized}'"; \
-    exit 1; \
-}
-
-# Build the application with the 'containerize' feature.
-RUN cargo build --release -p "${APP_NAME}" --features "containerize"
+# Build the application (with features if provided).
+RUN cargo build --release -p "${APP_NAME}" --features "${FEATURES}"
 
 # Copy the built application to working directory.
 RUN cp ./target/release/"${APP_NAME}" /sdv/service
@@ -44,6 +57,16 @@ RUN cp ./target/release/"${APP_NAME}" /sdv/service
 # reproducability is important, consider using a digest
 # (e.g., debian@sha256:ac707220fbd7b67fc19b112cee8170b41a9e97f703f588b2cdbbcdcecdd8af57).
 FROM docker.io/library/debian:bullseye-slim AS final
+ARG UID
+
+# Copy container scripts.
+COPY ./container/scripts/*.sh /sdv/scripts/
+
+# Check that UID argument is valid.
+RUN /sdv/scripts/argument_sanitizer.sh \
+    --arg-value "${UID}" \
+    --regex "^[0-9]+$" || \
+    ( echo "Argument sanitizer failed for ARG 'UID'"; exit 1 )
 
 # Create a non-privileged user that the app will run under.
 # See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
@@ -56,6 +79,14 @@ RUN adduser \
     --no-create-home \
     --uid "${UID}" \
     appuser
+
+# Create and add user ownership to config directory.
+RUN mkdir -p /sdv/config
+RUN chown appuser /sdv/config
+
+# Create mnt directory to copy override configs into.
+RUN mkdir -p /mnt/config
+
 USER appuser
 
 WORKDIR /sdv
@@ -73,4 +104,4 @@ COPY --from=build /sdv/container/config/standalone/ /sdv/config
 EXPOSE 5010
 
 # What the container should run when it is started.
-CMD ["/sdv/service"]
+CMD ["/sdv/scripts/container_startup.sh"]

Dockerfile.integrated → Dockerfile.arm64

@@ -10,27 +10,44 @@
 # Create a stage for building the application.
 
 ARG RUST_VERSION=1.72.1
-FROM docker.io/library/rust:${RUST_VERSION}-slim-bullseye AS build
 ARG APP_NAME=invehicle-digital-twin
+ARG FEATURES=""
+ARG UID=10001
+
+FROM docker.io/library/rust:${RUST_VERSION}-slim-bullseye AS build
+ARG APP_NAME
+ARG FEATURES
 WORKDIR /sdv
 
 COPY ./ .
 
+# Check that APP_NAME argument is valid.
+RUN /sdv/container/scripts/argument_sanitizer.sh \
+    --arg-value "${APP_NAME}" \
+    --regex "^[a-zA-Z_0-9-]+$" || \
+    ( echo "Argument sanitizer failed for ARG 'APP_NAME'"; exit 1 )
+
+# Check that FEATURES argument is valid if the argument is not empty.
+# The regex checks if there is one or more features separated by a single space.
+RUN if [ -n "${FEATURES}" ]; then \
+    /sdv/container/scripts/argument_sanitizer.sh \
+    --arg-value "${FEATURES}" \
+    --regex "^[a-zA-Z_0-9-]+(?: [a-zA-Z_0-9-]+)*$" || \
+    ( echo "Argument sanitizer failed for ARG 'FEATURES'"; exit 1 ) \
+    fi
+
 # Add Build dependencies.
-RUN apt update && apt upgrade -y && apt install -y protobuf-compiler
+RUN apt update && apt upgrade -y && apt install -y \
+    protobuf-compiler \
+    gcc-aarch64-linux-gnu
 
-# Check that APP_NAME argument is valid.
-RUN sanitized=$(echo "${APP_NAME}" | tr -dc '^[a-zA-Z_0-9-]+$'); \
-[ "$sanitized" = "${APP_NAME}" ] || { \
-    echo "ARG 'APP_NAME' is invalid. APP_NAME='${APP_NAME}' sanitized='${sanitized}'"; \
-    exit 1; \
-}
+RUN rustup target add aarch64-unknown-linux-gnu
 
-# Build the application with the 'containerize' feature.
-RUN cargo build --release -p "${APP_NAME}" --features "containerize managed_subscribe"
+# Build the application (with features if provided).
+RUN cargo build --release --target=aarch64-unknown-linux-gnu -p "${APP_NAME}" --features "${FEATURES}"
 
 # Copy the built application to working directory.
-RUN cp ./target/release/"${APP_NAME}" /sdv/service
+RUN cp ./target/aarch64-unknown-linux-gnu/release/"${APP_NAME}" /sdv/service
 
 ################################################################################
 # Create a new stage for running the application that contains the minimal
@@ -43,7 +60,17 @@ RUN cp ./target/release/"${APP_NAME}" /sdv/service
 # most recent version of that tag when you build your Dockerfile. If
 # reproducability is important, consider using a digest
 # (e.g., debian@sha256:ac707220fbd7b67fc19b112cee8170b41a9e97f703f588b2cdbbcdcecdd8af57).
-FROM docker.io/library/debian:bullseye-slim AS final
+FROM docker.io/arm64v8/debian:bullseye-slim AS final
+ARG UID
+
+# Copy container scripts.
+COPY ./container/scripts/*.sh /sdv/scripts/
+
+# Check that UID argument is valid.
+RUN /sdv/scripts/argument_sanitizer.sh \
+    --arg-value "${UID}" \
+    --regex "^[0-9]+$" || \
+    ( echo "Argument sanitizer failed for ARG 'UID'"; exit 1 )
 
 # Create a non-privileged user that the app will run under.
 # See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
@@ -56,6 +83,14 @@ RUN adduser \
     --no-create-home \
     --uid "${UID}" \
     appuser
+
+# Create and add user ownership to config directory.
+RUN mkdir -p /sdv/config
+RUN chown appuser /sdv/config
+
+# Create mnt directory to copy override configs into.
+RUN mkdir -p /mnt/config
+
 USER appuser
 
 WORKDIR /sdv
@@ -67,10 +102,10 @@ ENV IBEJI_HOME=/sdv/config
 COPY --from=build /sdv/service /sdv/
 
 # Copy configuration for service.
-COPY --from=build /sdv/container/config/integrated/ /sdv/config
+COPY --from=build /sdv/container/config/standalone/ /sdv/config
 
 # Expose the port that the application listens on.
 EXPOSE 5010
 
 # What the container should run when it is started.
-CMD ["/sdv/service"]
+CMD ["/sdv/scripts/container_startup.sh"]

README.md

@@ -310,9 +310,8 @@ rather than having it statically provided in their respective config file, then
 
 ## <a name="running-in-a-container">Running in a Container</a>
 
-To run the In-Vehicle Digital Twin Service in a container, please refer to [Ibeji Containerization](./container/README.md).
-
-To run the samples in a container, please refer to [Samples Containerization](./samples/container/README.md).
+Please refer to [Ibeji Containers](./container/README.md#ibeji-containers) for information on how
+build and run the In-Vehicle Digital Twin Service or the Sample Applications in a container.
 
 ## <a name="trademarks">Trademarks</a>
 

container/.accepted_words.txt

@@ -1,5 +1,9 @@
+aarch
 Agemo
 agemo
+amd
+APP
+arg
 br
 build
 cargo
@@ -54,6 +58,7 @@ loopback
 md
 microsoft
 minimalistic
+mnt
 mosquitto
 Mosquitto
 mqtt