From 4d5cfd586ba24803132a1c9aef972f04b75c1bcb Mon Sep 17 00:00:00 2001 From: Mladen Date: Tue, 31 Jan 2023 14:35:05 +0100 Subject: [PATCH] Fix devcontainer features installation (#13) --- .github/actions/pre-commit-action/action.yml | 35 +++++++++++++ .github/workflows/build-base-images.yml | 48 +++++++++--------- .pre-commit-config.yaml | 11 +++++ .../{Cpp => cpp/.devcontainer}/Dockerfile | 49 ++++++++++--------- .../cpp/.devcontainer/devcontainer.json | 11 +++++ .../.devcontainer}/Dockerfile | 18 ++++--- .../python/.devcontainer/devcontainer.json | 11 +++++ NOTICE-3RD-PARTY-CONTENT.md | 4 +- bin/.gitattributes | 2 - common/install-k3d-prerequisites.sh | 2 +- common/install-velocitas-cli.sh | 2 +- 11 files changed, 131 insertions(+), 62 deletions(-) create mode 100644 .github/actions/pre-commit-action/action.yml create mode 100644 .pre-commit-config.yaml rename Dockerfiles/{Cpp => cpp/.devcontainer}/Dockerfile (66%) create mode 100644 Dockerfiles/cpp/.devcontainer/devcontainer.json rename Dockerfiles/{Python => python/.devcontainer}/Dockerfile (82%) create mode 100644 Dockerfiles/python/.devcontainer/devcontainer.json delete mode 100644 bin/.gitattributes diff --git a/.github/actions/pre-commit-action/action.yml b/.github/actions/pre-commit-action/action.yml new file mode 100644 index 0000000..e91e5b1 --- /dev/null +++ b/.github/actions/pre-commit-action/action.yml @@ -0,0 +1,35 @@ +# This file is maintained by velocitas CLI, do not modify manually. Change settings in .velocitas.json +# Copyright (c) 2022 Robert Bosch GmbH and Microsoft Corporation +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +name: pre-commit +description: run pre-commit +inputs: + extra_args: + description: Options to pass to pre-commit run + required: false + default: "--all-files" +runs: + using: composite + steps: + - run: python -m pip install pre-commit + shell: bash + - run: python -m pip freeze --local + shell: bash + - uses: actions/cache@v3 + with: + path: ~/.cache/pre-commit + key: pre-commit-3|${{ env.pythonLocation }}|${{ hashFiles('.pre-commit-config.yaml') }} + - run: pre-commit run --show-diff-on-failure --color=always ${{ inputs.extra_args }} + shell: bash diff --git a/.github/workflows/build-base-images.yml b/.github/workflows/build-base-images.yml index 61e14de..5825926 100644 --- a/.github/workflows/build-base-images.yml +++ b/.github/workflows/build-base-images.yml @@ -33,7 +33,7 @@ jobs: build-image: strategy: matrix: - language: [Python, Cpp] + language: [python, cpp] name: "Building image" runs-on: ubuntu-latest @@ -41,14 +41,24 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v3 - with: - lfs: true - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 + - name: Run Linters + uses: ./.github/actions/pre-commit-action - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 + with: + version: v0.9.0 + + - name: Get image tag + id: get-tag + shell: bash + run: | + TAG=${{ github.sha }} + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + TAG=latest + fi + echo "tag=${TAG}" >> $GITHUB_OUTPUT - name: Login to GitHub Container Registry uses: docker/login-action@v2 @@ -57,26 +67,12 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v4 - with: - images: | - ghcr.io/${{ github.repository }}/${{ matrix.language }} - tags: | - type=sha - type=ref,event=tag - type=semver,pattern={{version}} - type=edge - type=raw,value=latest,enable={{is_default_branch}} - - - name: "Build image" + - name: Build image and push id: image_build - uses: docker/build-push-action@v3 + uses: devcontainers/ci@v0.2 with: - push: true - context: "." - file: ./Dockerfiles/${{ matrix.language }}/Dockerfile - platforms: linux/amd64, linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file + imageName: ghcr.io/${{ github.repository }}/${{ matrix.language }} + imageTag: ${{ steps.get-tag.outputs.tag }} + push: always + platform: linux/amd64,linux/arm64 + subFolder: ./Dockerfiles/${{ matrix.language }}/ diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..d9020f0 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,11 @@ +# See https://pre-commit.com for more information +# See https://pre-commit.com/hooks.html for more hooks +repos: +- repo: https://github.com/pre-commit/pre-commit-hooks + rev: v3.2.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: check-added-large-files + - id: check-json diff --git a/Dockerfiles/Cpp/Dockerfile b/Dockerfiles/cpp/.devcontainer/Dockerfile similarity index 66% rename from Dockerfiles/Cpp/Dockerfile rename to Dockerfiles/cpp/.devcontainer/Dockerfile index d2245fa..9bbd748 100644 --- a/Dockerfiles/Cpp/Dockerfile +++ b/Dockerfiles/cpp/.devcontainer/Dockerfile @@ -22,7 +22,7 @@ RUN apt-get update && apt-get upgrade -y && \ apt-get install -y apt-utils openssh-client gnupg2 dirmngr iproute2 \ procps lsof htop net-tools psmisc manpages manpages-dev \ curl wget ca-certificates unzip init-system-helpers \ - bzip2 zip git zsh pigz \ + bzip2 zip git zsh pigz jq \ apt-transport-https dialog libkrb5-3 \ libgssapi-krb5-2 libicu[0-9][0-9] liblttng-ust[0-9] \ locales sudo ncdu cmake \ @@ -31,28 +31,25 @@ RUN apt-get update && apt-get upgrade -y && \ gcc-x86-64-linux-gnu g++-x86-64-linux-gnu binutils-x86-64-linux-gnu && \ apt-get autoremove -y && apt-get clean -y && rm -rf /var/lib/apt/lists/* - -ADD https://raw.githubusercontent.com/devcontainers/features/7fa90110d762797cc0b1c2fe8fcc028c9b813d56/src/common-utils/install.sh /container/scripts/install-common.sh -RUN UID="4000" bash /container/scripts/install-common.sh - -ADD --chown=4000 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/conanfile.py /container/cpp/ +ADD --chmod=444 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/conanfile.py /container/cpp/ # Get all profiles from the SDK -ADD --chown=4000 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/.conan/profiles/linux_aarch64_release /container/cpp/.conan/profiles/ -ADD --chown=4000 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/.conan/profiles/linux_x86_64_release /container/cpp/.conan/profiles/ -ADD --chown=4000 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/.scripts/common.sh /container/cpp/.scripts/ -ADD --chown=4000 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/install_dependencies.sh /container/cpp/ -ADD --chown=4000 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/requirements.txt /container/cpp/ +ADD --chmod=444 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/.conan/profiles/linux_aarch64_release /container/cpp/.conan/profiles/ +ADD --chmod=444 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/.conan/profiles/linux_x86_64_release /container/cpp/.conan/profiles/ +ADD --chmod=744 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/.scripts/common.sh /container/cpp/.scripts/ +ADD --chmod=744 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/install_dependencies.sh /container/cpp/ +ADD --chmod=444 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/requirements.txt /container/cpp/ + +COPY ./common /scripts -COPY ./common/ /scripts/ +WORKDIR /conan +ENV CONAN_USER_HOME /conan # Install conan WORKDIR /scripts RUN ./install-python.sh && pip3 install -r /container/cpp/requirements.txt -# Build dependencies for target architecture -WORKDIR /container/cpp -USER 4000 +# Build dependencies for target architecture WORKDIR /container/cpp/build WORKDIR /container/cpp ARG TARGETARCH @@ -84,13 +81,19 @@ RUN apt-get --fix-missing update && apt-get upgrade -y && \ update-alternatives --install /usr/bin/clang-format clang-format /usr/bin/clang-format-14 100 && \ update-alternatives --install /usr/bin/clang-tidy clang-tidy /usr/bin/clang-tidy-14 100 -# Install devcontainer features -ADD https://raw.githubusercontent.com/devcontainers/features/7fa90110d762797cc0b1c2fe8fcc028c9b813d56/src/common-utils/install.sh /container/scripts/install-common.sh -RUN UID="4000" bash /container/scripts/install-common.sh -ADD https://raw.githubusercontent.com/devcontainers/features/7fa90110d762797cc0b1c2fe8fcc028c9b813d56/src/docker-in-docker/install.sh /container/scripts/install-dind.sh -RUN VERSION="latest" bash /container/scripts/install-dind.sh +# Create non-root user +ARG USERNAME=vscode +ARG USER_UID=4000 +ARG USER_GID=$USER_UID + +RUN groupadd --gid $USER_GID $USERNAME \ + && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \ + && apt-get update \ + && apt-get install -y sudo \ + && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + && chmod 0440 /etc/sudoers.d/$USERNAME -COPY ./common/ /scripts/ +COPY ./common /scripts ARG TARGETARCH WORKDIR /scripts @@ -103,10 +106,10 @@ RUN ./install-k3d-tooling.sh ADD --chown=4000 https://raw.githubusercontent.com/eclipse-velocitas/vehicle-app-cpp-sdk/main/requirements.txt /container/requirements.txt # Install Python requirements as vscode user and clean up -RUN pip3 install -r /container/requirements.txt && sudo rm /container/requirements.txt +RUN pip3 install -r /container/requirements.txt # We need to set the USER back to root at the end, otherwise we get errors when using this in our repo. USER root # Obtain pre-build dependencies -COPY --from=builder /home/vscode/.conan /home/vscode/.conan +COPY --chown=4000 --from=builder /conan/.conan /home/vscode/.conan diff --git a/Dockerfiles/cpp/.devcontainer/devcontainer.json b/Dockerfiles/cpp/.devcontainer/devcontainer.json new file mode 100644 index 0000000..112aa44 --- /dev/null +++ b/Dockerfiles/cpp/.devcontainer/devcontainer.json @@ -0,0 +1,11 @@ +{ + "name": "Base Container", + "build": { + "dockerfile": "Dockerfile", + "context": "../../.." + }, + "features": { + "ghcr.io/devcontainers/features/common-utils:2": {}, + "ghcr.io/devcontainers/features/docker-in-docker:2": {} + } +} diff --git a/Dockerfiles/Python/Dockerfile b/Dockerfiles/python/.devcontainer/Dockerfile similarity index 82% rename from Dockerfiles/Python/Dockerfile rename to Dockerfiles/python/.devcontainer/Dockerfile index 110156c..45f7dd1 100644 --- a/Dockerfiles/Python/Dockerfile +++ b/Dockerfiles/python/.devcontainer/Dockerfile @@ -24,13 +24,19 @@ RUN apt-get update && apt-get upgrade -y && \ libstdc++6 zlib1g locales sudo ncdu man-db strace gnupg2 \ build-essential python3-dev -# Install devcontainer features -ADD https://raw.githubusercontent.com/devcontainers/features/7fa90110d762797cc0b1c2fe8fcc028c9b813d56/src/common-utils/install.sh /tmp/scripts/install-common.sh -RUN UID="4000" bash /tmp/scripts/install-common.sh -ADD https://raw.githubusercontent.com/devcontainers/features/7fa90110d762797cc0b1c2fe8fcc028c9b813d56/src/docker-in-docker/install.sh /tmp/scripts/install-dind.sh -RUN VERSION="latest" bash /tmp/scripts/install-dind.sh +# Create non-root user +ARG USERNAME=vscode +ARG USER_UID=4000 +ARG USER_GID=$USER_UID -COPY ./common/ /scripts/ +RUN groupadd --gid $USER_GID $USERNAME \ + && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME \ + && apt-get update \ + && apt-get install -y sudo \ + && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \ + && chmod 0440 /etc/sudoers.d/$USERNAME + +COPY ./common /scripts ARG TARGETARCH WORKDIR /scripts diff --git a/Dockerfiles/python/.devcontainer/devcontainer.json b/Dockerfiles/python/.devcontainer/devcontainer.json new file mode 100644 index 0000000..112aa44 --- /dev/null +++ b/Dockerfiles/python/.devcontainer/devcontainer.json @@ -0,0 +1,11 @@ +{ + "name": "Base Container", + "build": { + "dockerfile": "Dockerfile", + "context": "../../.." + }, + "features": { + "ghcr.io/devcontainers/features/common-utils:2": {}, + "ghcr.io/devcontainers/features/docker-in-docker:2": {} + } +} diff --git a/NOTICE-3RD-PARTY-CONTENT.md b/NOTICE-3RD-PARTY-CONTENT.md index bdcb883..8c265c1 100644 --- a/NOTICE-3RD-PARTY-CONTENT.md +++ b/NOTICE-3RD-PARTY-CONTENT.md @@ -4,8 +4,6 @@ | Dependency | Version | License | |:-----------|:-------:|--------:| |actions/checkout|v3|MIT License| -|docker/build-push-action|v3|Apache License 2.0| +|devcontainers/ci|v0.2|MIT License| |docker/login-action|v2|Apache License 2.0| -|docker/metadata-action|v4|Apache License 2.0| |docker/setup-buildx-action|v2|Apache License 2.0| -|docker/setup-qemu-action|v2|Apache License 2.0| diff --git a/bin/.gitattributes b/bin/.gitattributes deleted file mode 100644 index c9b8cc8..0000000 --- a/bin/.gitattributes +++ /dev/null @@ -1,2 +0,0 @@ -velocitas-cli-amd64 filter=lfs diff=lfs merge=lfs -text -velocitas-cli-arm64 filter=lfs diff=lfs merge=lfs -text diff --git a/common/install-k3d-prerequisites.sh b/common/install-k3d-prerequisites.sh index dac1314..4488af8 100755 --- a/common/install-k3d-prerequisites.sh +++ b/common/install-k3d-prerequisites.sh @@ -30,4 +30,4 @@ then echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubectl -fi \ No newline at end of file +fi diff --git a/common/install-velocitas-cli.sh b/common/install-velocitas-cli.sh index 0860c73..4509047 100755 --- a/common/install-velocitas-cli.sh +++ b/common/install-velocitas-cli.sh @@ -27,4 +27,4 @@ chmod +x "${CLI_INSTALL_PATH}" CLI_VERSION=$( "${CLI_INSTALL_PATH}" --version ) -echo "Installed CLI version: ${CLI_VERSION}" +echo "Installed CLI version: ${CLI_VERSION}"