Rooted images (#18)

* Root level images * Fix CI * Fix CI * Fix CI * Fix CI * Fix CI * Fix CI * Update documentation * Update README.md * Update README.md * Update README.md * Add tna-python-dev image * Lint tna-python-dev Dockerfile * Fix shellcheck issues * Update CHANGELOG.md
nationalarchives · Dec 7, 2023 · 22aa122 · 22aa122
1 parent 2935dd6
commit 22aa122
Show file tree

Hide file tree

Showing 24 changed files with 347 additions and 44 deletions.
diff --git a/.github/workflows/_docker-build-deploy.yml b/.github/workflows/_docker-build-deploy.yml
@@ -12,6 +12,13 @@ on:
       dockerfile:
         required: true
         type: string
+      base-image:
+        required: false
+        type: string
+      user-image:
+        required: false
+        type: string
+        default: appuser
       publish:
         required: true
         type: boolean
@@ -36,7 +43,7 @@ jobs:
         ignore: SC1091,${{ inputs.ignore-linting-rules }}
     - name: ShellCheck
       run: |
-        cd docker/${{ inputs.image-name }}
+        cd ${{ inputs.docker-context }}
         [ -d "./bin" ] && shellcheck --external-sources --exclude=SC1091 ./bin/*
         shellcheck --external-sources --exclude=SC2148 ./Dockerfile
     - name: Log in to registry
@@ -65,9 +72,11 @@ jobs:
         labels: |
           runnumber=${{ github.run_id }}
         build-args: |
+          BASE_IMAGE=${{ inputs.base-image }}
           BASE_IMAGE_TAG=${{ env.TAG }}
           TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
           TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url	}}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/${{ inputs.dockerfile }}
+          USER_IMAGE=${{ inputs.user-image }}
         push: ${{ inputs.publish }}
         tags: ${{ env.IMAGE_ID }}:${{ env.TAG }}
         provenance: false
@@ -83,9 +92,11 @@ jobs:
         labels: |
           runnumber=${{ github.run_id }}
         build-args: |
+          BASE_IMAGE=${{ inputs.base-image }}
           BASE_IMAGE_TAG=latest
           TNA_DOCKER_IMAGE_VERSION=${{ env.TAG }}
           TNA_DOCKER_IMAGE_SOURCE=${{ github.server_url	}}/${{ github.repository }}/blob/main/${{ inputs.docker-context }}/${{ inputs.dockerfile }}
+          USER_IMAGE=${{ inputs.user-image }}
         push: true
         tags: ${{ env.IMAGE_ID }}:latest
         provenance: false

diff --git a/.github/workflows/branch-cleanup.yml b/.github/workflows/branch-cleanup.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        image-name: [tna-python, tna-python-django]
+        image-name: [tna-python, tna-python-root, tna-python-django, tna-python-django-root, tna-python-dev]
     steps:
       - name: Prepare image tag
         run: |

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -22,35 +22,50 @@ jobs:
       docker-context: docker/tna-python
       dockerfile: Dockerfile
       publish: true
+      ignore-linting-rules: DL3002,DL3006
 
   python-root:
     name: Python (root)
-    needs: python
     uses: ./.github/workflows/_docker-build-deploy.yml
     with:
       image-name: tna-python-root
-      docker-context: docker/tna-python-root
+      docker-context: docker/tna-python
+      user-image: root
       dockerfile: Dockerfile
       publish: true
-      ignore-linting-rules: DL3002
+      ignore-linting-rules: DL3002,DL3006
 
   python-django:
     name: Python Django
     needs: python
     uses: ./.github/workflows/_docker-build-deploy.yml
     with:
       image-name: tna-python-django
+      base-image: ghcr.io/nationalarchives/tna-python
       docker-context: docker/tna-python-django
       dockerfile: Dockerfile
       publish: true
 
   python-django-root:
     name: Python Django (root)
-    needs: python-django
+    needs: python-root
     uses: ./.github/workflows/_docker-build-deploy.yml
     with:
       image-name: tna-python-django-root
-      docker-context: docker/tna-python-django-root
+      base-image: ghcr.io/nationalarchives/tna-python-root
+      docker-context: docker/tna-python-django
       dockerfile: Dockerfile
       publish: true
       ignore-linting-rules: DL3002
+
+  python-dev:
+    name: Python Dev
+    needs: python-root
+    uses: ./.github/workflows/_docker-build-deploy.yml
+    with:
+      image-name: tna-python-dev
+      base-image: ghcr.io/nationalarchives/tna-python-root
+      docker-context: docker/tna-python-dev
+      dockerfile: Dockerfile
+      publish: true
+      ignore-linting-rules: DL3002,DL3008
diff --git a/.github/workflows/remove-untagged.yml b/.github/workflows/remove-untagged.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        image-name: [tna-python, tna-python-root, tna-python-django, tna-python-django-root]
+        image-name: [tna-python, tna-python-root, tna-python-django, tna-python-django-root, tna-python-dev]
     env:
       PER_PAGE: 100
     steps:

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -19,35 +19,50 @@ jobs:
       docker-context: docker/tna-python
       dockerfile: Dockerfile
       publish: false
+      ignore-linting-rules: DL3002,DL3006
 
   python-root:
     name: Python (root)
-    needs: python
     uses: ./.github/workflows/_docker-build-deploy.yml
     with:
       image-name: tna-python-root
-      docker-context: docker/tna-python-root
+      docker-context: docker/tna-python
+      user-image: root
       dockerfile: Dockerfile
       publish: false
-      ignore-linting-rules: DL3002
+      ignore-linting-rules: DL3002,DL3006
 
-      python-django:
+  python-django:
     name: Python Django
     needs: python
     uses: ./.github/workflows/_docker-build-deploy.yml
     with:
       image-name: tna-python-django
+      base-image: ghcr.io/nationalarchives/tna-python
       docker-context: docker/tna-python-django
       dockerfile: Dockerfile
       publish: false
 
   python-django-root:
     name: Python Django (root)
-    needs: python-django
+    needs: python-root
     uses: ./.github/workflows/_docker-build-deploy.yml
     with:
       image-name: tna-python-django-root
-      docker-context: docker/tna-python-django-root
+      base-image: ghcr.io/nationalarchives/tna-python-root
+      docker-context: docker/tna-python-django
       dockerfile: Dockerfile
       publish: false
       ignore-linting-rules: DL3002
+
+  python-dev:
+    name: Python Dev
+    needs: python-root
+    uses: ./.github/workflows/_docker-build-deploy.yml
+    with:
+      image-name: tna-python-dev
+      base-image: ghcr.io/nationalarchives/tna-python-root
+      docker-context: docker/tna-python-dev
+      dockerfile: Dockerfile
+      publish: false
+      ignore-linting-rules: DL3002,DL3008
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Initial release of `tna-python-flask` Docker image
+- Initial release of `tna-python-dev` Docker image
 
 ### Changed
 

diff --git a/README.md b/README.md
@@ -8,12 +8,24 @@
 
 The National Archives base Docker images are designed to serve as a starting point for all containerised applications in The National Archives.
 
-## Base Python image
+## Base images
 
-- [About tna-python](./docker/tna-python)
-- [Example application](./tests/example-python-application)
+| Image                                           | Dockerfile                                                            | Base image        | User   |
+| ----------------------------------------------- | --------------------------------------------------------------------- | ----------------- | ------ |
+| [`tna-python`](docker/tna-python)               | [`tna-python/DockerFile`](docker/tna-python/DockerFile)               | `python`          | `app`  |
+| `tna-python-root`                               | [`tna-python/DockerFile`](docker/tna-python/DockerFile)               | `python`          | `root` |
+| [`tna-python-django`](docker/tna-python-django) | [`tna-python-django/DockerFile`](docker/tna-python-django/DockerFile) | `tna-python`      | `app`  |
+| `tna-python-django-root`                        | [`tna-python-django/DockerFile`](docker/tna-python-django/DockerFile) | `tna-python-root` | `root` |
+| [`tna-python-dev`](docker/tna-python-dev)       | [`tna-python-dev/DockerFile`](docker/tna-python-dev/DockerFile)       | `tna-python-root` | `root` |
 
-### Base Python Django image
+### Image inheritance
 
-- [About tna-python-django](./docker/tna-python-django)
-- [Example Django application](./tests/example-python-django-application)
+```mermaid
+graph TD;
+    debian --> python;
+    python --> tna-python;
+    python --> tna-python-root;
+    tna-python --> tna-python-django;
+    tna-python-root --> tna-python-django-root;
+    tna-python-root --> tna-python-dev;
+```
diff --git a/docker/tna-python-dev/Dockerfile b/docker/tna-python-dev/Dockerfile
@@ -0,0 +1,26 @@
+ARG BASE_IMAGE=ghcr.io/nationalarchives/tna-python-root
+ARG BASE_IMAGE_TAG=latest
+
+FROM "$BASE_IMAGE":"$BASE_IMAGE_TAG"
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update; \
+  apt-get install -y --no-install-recommends ca-certificates curl gnupg; \
+  install -m 0755 -d /etc/apt/keyrings; \
+  curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg; \
+  chmod a+r /etc/apt/keyrings/docker.gpg; \
+  echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null; \
+  apt-get update; \
+  apt-get install -y --no-install-recommends docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin; \
+  apt-get clean; \
+  apt-get autoremove -y --purge; \
+	rm -rfv /var/lib/apt/lists/*
+
+COPY --chown=app bin /home/app/.local/bin/dev
+RUN chmod +x -fR /home/app/.local/bin/dev
+ENV PATH="/home/app/.local/bin/dev:$PATH"
+
+COPY --chown=app lib/* /home/app/
+
+CMD ["dev"]
diff --git a/docker/tna-python-dev/README.md b/docker/tna-python-dev/README.md
@@ -0,0 +1,32 @@
+# tna-python-dev
+
+This image extends `tna-python` but adds:
+
+- `docker` - for managing other containers
+- `black`, `flake8` and `isort` - for formatting Python code
+- `prettier`, `eslint` and `stylelint` - for formatting JavaScript and CSS
+
+## Environment variables
+
+All environment variables defined in [tna-python](../tna-python/README.md).
+
+## Commands for the Dockerfile
+
+Run `help` from within the container to see a list of available commands.
+
+### `format`
+
+1. Run `isort`
+1. Run `black`
+1. Run `flake8`
+1. Apply prettier to all files in the `/app` directory
+1. Run `stylelint` against all SCSS files in the `/app` directory
+1. Run `eslint` against all JavaScript files in the `/app` directory
+
+### `secret-key`
+
+Generate a string that can be used as the environment variable `SECRET_KEY`:
+
+- https://docs.python.org/3/library/secrets.html
+- https://docs.djangoproject.com/en/dev/ref/settings/#secret-key
+- https://flask.palletsprojects.com/en/2.3.x/config/#SECRET_KEY
diff --git a/docker/tna-python-dev/bin/dev b/docker/tna-python-dev/bin/dev
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+python -m pip install --quiet black==23.7.0 flake8==6.1.0 isort==5.12.0
+
+cd /app || return
+
+. "$HOME/.nvm/nvm.sh"
+if [ -f "/app/.nvmrc" ]
+then
+  nvm install
+else
+  nvm use lts/iron
+fi
+npm install -g [email protected] [email protected] [email protected] [email protected] [email protected]
+
+welcome
diff --git a/docker/tna-python-dev/bin/format b/docker/tna-python-dev/bin/format
@@ -0,0 +1,49 @@
+#!/bin/bash
+
+cd /app || return
+
+echo "Running isort..."
+isort --settings-file /home/app/.isort.cfg /app --overwrite-in-place
+echo
+
+echo "Running black..."
+black -t py38 -t py39 -t py310 -t py311 -t py312 --line-length 80 --verbose /app
+echo
+
+echo "Running flake8..."
+flake8 --config=/home/app/.flake8 /app
+echo
+
+. "$HOME/.nvm/nvm.sh"
+if [ -f "/app/.nvmrc" ]
+then
+  nvm install
+else
+  nvm use lts/iron
+fi
+
+echo "Running prettier..."
+prettier --write /app
+echo
+
+echo "Running stylelint..."
+if [ -f "/app/.stylelintrc" ]
+then
+  echo "Using app config"
+  stylelint --fix "/app/**/*.{css,scss}"
+else
+  echo "Using default config"
+  stylelint --config /home/app/.stylelintrc --fix "/app/**/*.{css,scss}"
+fi
+echo
+
+echo "Running eslint..."
+if [ -f "/app/.eslintrc.js" ]
+then
+  echo "Using app config"
+  eslint --fix "/app"
+else
+  echo "Using default config"
+  eslint -c /home/app/.eslintrc.js --fix "/app"
+fi
+echo
diff --git a/docker/tna-python-dev/bin/help b/docker/tna-python-dev/bin/help
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+echo "=========================================="
+echo "TNA Python Dev"
+echo "------------------------------------------"
+echo ""
+echo "help"
+echo "  Display all commands (this file)"
+echo ""
+echo "format"
+echo "  Run isort, black and flake8 against the project Python files and prettier against the JavaScript and CSS"
+echo ""
+echo "upgrade"
+echo "  Update the Poetry and Node dependencies"
+echo ""
+echo "tna-build"
+echo "  Run the TNA build process"
+echo ""
+echo "tna-run"
+echo "  Run the TNA run process"
+echo ""
+echo "tna-node"
+echo "  Run a Node command from your package.json"
+echo ""
+echo "secret-key"
+echo "  Generate a string that can be used as the environment variable SECRET_KEY"
+echo ""
+echo "=========================================="
diff --git a/docker/tna-python-dev/bin/secret-key b/docker/tna-python-dev/bin/secret-key
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+python -c 'import secrets; print(secrets.token_hex())'
diff --git a/docker/tna-python-dev/bin/upgrade b/docker/tna-python-dev/bin/upgrade
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+cd /app || return
+
+poetry update
+
+. "$HOME/.nvm/nvm.sh"
+if [ -f "/app/.nvmrc" ]
+then
+  nvm install
+else
+  nvm use lts/iron
+fi
+npm update
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/bash

		python -c 'import secrets; print(secrets.token_hex())'