#228 WIP - Dockerfile: install WaiverDB app from source
Closed 2 years ago by rayson. Opened 2 years ago by rayson.

file modified
+24 -16
@@ -1,26 +1,36 @@ 

  FROM fedora:28

  LABEL \

-     name="WaiverDB application" \

+     name="waiverdb" \

+     description="WaiverDB application" \

      vendor="WaiverDB developers" \

      license="GPLv2+" \

      build-date=""

  

- # The caller should build a waiverdb RPM package using ./rpmbuild.sh and then pass it in this arg.

- ARG waiverdb_rpm

- ARG waiverdb_common_rpm

+ ARG WAIVERDB_GIT_REPO=https://pagure.io/waiverdb.git

+ ARG WAIVERDB_GIT_REF=master

+ ARG WAIVERDB_VERSION=

+ ENV WAIVERDB_VERSION=$WAIVERDB_VERSION

+ 

  # The caller can optionally provide a cacert url

  ARG cacert_url=undefined

  

- COPY $waiverdb_rpm /tmp

- COPY $waiverdb_common_rpm /tmp

- 

- RUN dnf -y install \

-     --enablerepo=updates-testing \

-     python3-gunicorn \

-     /tmp/$(basename $waiverdb_rpm) \

-     /tmp/$(basename $waiverdb_common_rpm) \

-     && dnf -y clean all \

-     && rm -f /tmp/*

+ # Installing WaiverDB

+ RUN dnf -y install python3-pip git \

+       findutils # for xargs \

+       rpm-build # for querying runtime dependencies in a spec file \

+   && dnf -y install python3-gunicorn \

+   && mkdir -p /usr/local/src \

+   && git clone "$WAIVERDB_GIT_REPO" /usr/local/src/waiverdb \

+   && pushd /usr/local/src/waiverdb \

+   && git fetch origin "$WAIVERDB_GIT_REF" && git checkout -f "$WAIVERDB_GIT_REF" \

+   && rpm --query --requires --specfile ./waiverdb.spec | xargs -d '\n' dnf install \

+   && pip3 install --no-deps . \

+   && mkdir -p /etc/waiverdb \

+   && cp conf/settings.py.example /etc/waiverdb/settings.py \

+   && cp conf/client.conf.example /etc/waiverdb/client.conf \

+   && dnf -y remove git python3-pip findutils rpm-build \

+   && dnf -y clean all \

+   && popd && rm -rf /usr/local/src/waiverdb

  

  RUN if [ "$cacert_url" != "undefined" ]; then \

          cd /etc/pki/ca-trust/source/anchors \
@@ -32,5 +42,3 @@ 

  EXPOSE 8080

  

  CMD ["/usr/bin/gunicorn-3", "--bind", "0.0.0.0:8080", "--access-logfile", "-", "--enable-stdio-inheritance", "waiverdb.wsgi:app"]

- 

- 

file modified
+3 -3
@@ -144,7 +144,7 @@ 

              /* Note that the docker.build step has some magic to guess the

               * Dockerfile used, which will break if the build directory (here ".")

               * is not the final argument in the string. */

-             def image = docker.build "factory2/waiverdb:internal-${appversion}", "--build-arg waiverdb_rpm=$f28_rpm --build-arg waiverdb_common_rpm=$waiverdb_common --build-arg cacert_url=https://password.corp.redhat.com/RH-IT-Root-CA.crt ."

+             def image = docker.build "factory2/waiverdb:internal-${appversion}", "--build-arg WAIVERDB_GIT_REF=${scmVars.GIT_COMMIT} --build-arg cacert_url=https://password.corp.redhat.com/RH-IT-Root-CA.crt ."

              /* Pushes to the internal registry can sometimes randomly fail

               * with "unknown blob" due to a known issue with the registry

               * storage configuration. So we retry up to 3 times. */
@@ -155,7 +155,7 @@ 

          docker.withRegistry(

                  'https://quay.io/',

                  'quay-io-factory2-builder-sa-credentials') {

-             def image = docker.build "factory2/waiverdb:${appversion}", "--build-arg waiverdb_rpm=$f28_rpm --build-arg waiverdb_common_rpm=$waiverdb_common ."

+             def image = docker.build "factory2/waiverdb:${appversion}", "--build-arg WAIVERDB_GIT_REF=${scmVars.GIT_COMMIT} ."

              image.push()

          }

          /* Save container version for later steps (this is ugly but I can't find anything better...) */
@@ -298,4 +298,4 @@ 

                          ]

          }

      }

- } 

\ No newline at end of file

+ }

@@ -1,56 +0,0 @@ 

- FROM fedora:28

- LABEL \

-     name="waiverdb" \

-     description="WaiverDB application" \

-     vendor="WaiverDB developers" \

-     license="GPLv2+" \

-     build-date=""

- 

- # Installing WaiverDB dependencies

- RUN dnf -y install python3-gunicorn \

-     python3-flask \

-     python3-sqlalchemy \

-     python3-flask-restful \

-     python3-flask-sqlalchemy \

-     python3-psycopg2 \

-     python3-gssapi \

-     python3-mock \

-     python3-flask-oidc \

-     python3-click \

-     python3-flask-migrate \

-     python3-stomppy \

-     python3-fedmsg \

-   && dnf -y clean all

- 

- ARG WAIVERDB_GIT_REPO=https://pagure.io/waiverdb.git

- ARG WAIVERDB_GIT_REF=master

- ARG WAIVERDB_CACERT_URL=

- ARG WAIVERDB_VERSION=

- ENV WAIVERDB_VERSION=$WAIVERDB_VERSION

- 

- # Installing CA certificate

- RUN if [ -n "$WAIVERDB_CACERT_URL" ]; then \

-         cd /etc/pki/ca-trust/source/anchors \

-         && curl -O --insecure --location "$WAIVERDB_CACERT_URL" \

-         && update-ca-trust extract; \

-     fi

- 

- # Installing WaiverDB

- RUN dnf -y install git python3-pip \

-   && mkdir -p /usr/local/src \

-   && git clone "$WAIVERDB_GIT_REPO" /usr/local/src/waiverdb \

-   && cd /usr/local/src/waiverdb \

-   && git fetch origin "$WAIVERDB_GIT_REF" \

-   && git checkout -f "$WAIVERDB_GIT_REF" \

-   && pip3 install --no-deps . \

-   && mkdir -p /etc/waiverdb \

-   && cp conf/settings.py.example /etc/waiverdb/settings.py \

-   && cp conf/client.conf.example /etc/waiverdb/client.conf \

-   && dnf -y history undo last \

-   && dnf -y clean all \

-   && cd / && rm -rf /usr/local/src/waiverdb

- 

- USER 1001

- EXPOSE 8080

- 

- CMD ["/usr/bin/gunicorn-3", "--bind", "0.0.0.0:8080", "--access-logfile", "-", "--enable-stdio-inheritance", "waiverdb.wsgi:app"]

@@ -64,7 +64,7 @@ 

            value: "${WAIVERDB_GIT_REF}"

          - name: "WAIVERDB_VERSION"

            value: "${WAIVERDB_VERSION}"

-         dockerfilePath: openshift/containers/waiverdb/Dockerfile

+         dockerfilePath: Dockerfile

      resources:

        requests:

          memory: "768Mi"

This PR changes the Dockerfile at the root of the source tree to install
the app from source instead of RPMs. Dependencies still come from the
Fedora repos (see https://pagure.io/waiverdb/issue/222).

I also changes the existing Jenkinsfile to use the new docker build parameters.
The corresponding OpenShift BuildConfig Template is also changed to use
the Dockerfile at the source root while
openshift/containers/waiverdb/Dockerfile is deleted.

This shouldn't break anything in principle. If anything is missing,
please add in the comment.

Generally, I'm OK with this, but let's wait for another opinion.

One thing I don't really like, is that very busy RUN command... wondering if using S2I wouldn't make things nicer... Although that should be also hacked to make sure, that dependencies come from RPMs and not requirements.txt.

(The Jenkins results seem to be for the wrong PR.)

I don't understand the background on this, but for whatever my opinion is still worth I would be -1 on this...

The huge RUN command looks pretty nasty. It is basically just repeating all the work that is already in the spec file, but in a less organised way. I don't see how bypassing the RPM gains any benefit.

@csomh I don't know S2I for this kind of use before...Would like to have a look.
@dcallagh The intention of this change is to make it possible to build container images via OpenShift's Builds. The current Dockerfile uses external RPMs on disk, which makes it harder to leverage the Build Strategies supported by OpenShift.

If we have to install from RPMs, there are only 2 options:

  1. Building RPMs in dockerfile, install, then remove them and their build dependencies. This will make the Dockerfile more complex.
  2. Using an external process to provide built RPMs.

Building RPMs in dockerfile, install, then remove them and their build dependencies. This will make the Dockerfile more complex.

I think this could be done with multi-stage Docker build (build RPM in the first stage and pass it to the next one).

@lholecek Thanks for your information.
Multi-stage Docker build requires Docker 17.05+. I will check if UpShift supports that.

@lholecek Well, bad news: The docker used by UpShift doesn't support multi-stage builds.

Another approach could be a trick used in Content Delivery CI: Build RPMs and a temporary YUM repo in the dev pipeline, then expose the repo as an Archive on Jenkins so that docker build is able to access that repo via HTTP. The downside is that the BuildConfig cannot be used individually. You have to run the dev pipeline first to get a valid repo, then start a docker build with passing the URL of the repo thorough a build parameter.

@rayson: would you be against marking as WIP or closing this until we come up with a better solution to get building RPMs into the process?

I will mark this PR as WIP.

Pull-Request has been closed by rayson

2 years ago