From 5650a66fc6f9a9e128fc70f723e2a5802c1acc69 Mon Sep 17 00:00:00 2001 From: mpmcroy Date: Sat, 30 May 2020 13:55:38 -0400 Subject: [PATCH] Pre-pulls shadowbox container base image before 'docker build' (#669) * gitignore * Pre-pulls shadowbox container base image before 'docker build' * Addresses review comments --- src/shadowbox/docker/Dockerfile | 8 +++----- src/shadowbox/docker/build_action.sh | 15 ++++++++++++--- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/src/shadowbox/docker/Dockerfile b/src/shadowbox/docker/Dockerfile index 64caab75b..c095d5555 100644 --- a/src/shadowbox/docker/Dockerfile +++ b/src/shadowbox/docker/Dockerfile @@ -12,13 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Newer node images have no valid content trust data. -# Pin the image node:12.16.3-alpine (linux/amd64) by hash. -# See versions at https://hub.docker.com/_/node?tab=tags&name=alpine +ARG NODE_IMAGE # Multi-stage build: use a build image to prevent bloating the shadowbox image with dependencies. # Run `yarn` and build inside the container to package the right dependencies for the image. -FROM node@sha256:12b2154fb459fa5f42c54771524609db041e7ef3465935d0ca82940d2d72669d AS build +FROM ${NODE_IMAGE} AS build RUN apk add --no-cache --upgrade bash WORKDIR / @@ -35,7 +33,7 @@ COPY tsconfig.json ./ RUN ROOT_DIR=/ yarn do shadowbox/server/build # shadowbox image -FROM node@sha256:12b2154fb459fa5f42c54771524609db041e7ef3465935d0ca82940d2d72669d +FROM ${NODE_IMAGE} # Versions can be found at https://github.com/Jigsaw-Code/outline-ss-server/releases ARG SS_VERSION=1.1.4 diff --git a/src/shadowbox/docker/build_action.sh b/src/shadowbox/docker/build_action.sh index 8e80806dd..d322fcd46 100755 --- a/src/shadowbox/docker/build_action.sh +++ b/src/shadowbox/docker/build_action.sh @@ -16,6 +16,15 @@ export DOCKER_CONTENT_TRUST=${DOCKER_CONTENT_TRUST:-1} # Enable Docker BuildKit (https://docs.docker.com/develop/develop-images/build_enhancements) -# TODO(fortuna): Re-enable after we figure out how to make it work on Travis: https://github.com/moby/buildkit/issues/606 -# export DOCKER_BUILDKIT=1 -docker build --force-rm --build-arg GITHUB_RELEASE="${TRAVIS_TAG:-none}" -t ${SB_IMAGE:-outline/shadowbox} $ROOT_DIR -f src/shadowbox/docker/Dockerfile +export DOCKER_BUILDKIT=1 + +# Newer node images have no valid content trust data. +# Pin the image node:12.16.3-alpine (linux/amd64) by hash. +# See versions at https://hub.docker.com/_/node?tab=tags&name=alpine +readonly NODE_IMAGE="node@sha256:12b2154fb459fa5f42c54771524609db041e7ef3465935d0ca82940d2d72669d" + +# Doing an explicit `docker pull` of the container base image to work around an issue where +# Travis fails to pull the base image when using BuildKit. Seems to be related to: +# https://github.com/moby/buildkit/issues/606 and https://github.com/moby/buildkit/issues/1397 +docker pull "${NODE_IMAGE}" +docker build --force-rm --build-arg NODE_IMAGE="${NODE_IMAGE}" --build-arg GITHUB_RELEASE="${TRAVIS_TAG:-none}" -t ${SB_IMAGE:-outline/shadowbox} $ROOT_DIR -f src/shadowbox/docker/Dockerfile