Skip to content

Commit

Permalink
Build and tag Dangerzone images
Browse files Browse the repository at this point in the history
Build Dangerzone images and tag them with a unique ID that stems from
the Git reop. Note that using tags as image IDs instead of regular image
IDs breaks the current Dangerzone expectations, but this will be
addressed in subsequent commits.
  • Loading branch information
apyrgio committed Dec 2, 2024
1 parent bb4c47b commit e659d61
Showing 1 changed file with 33 additions and 19 deletions.
52 changes: 33 additions & 19 deletions install/common/build-image.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@
import gzip
import os
import platform
import secrets
import subprocess
import sys
from pathlib import Path

BUILD_CONTEXT = "dangerzone/"
TAG = "dangerzone.rocks/dangerzone:latest"
IMAGE_NAME = "dangerzone.rocks/dangerzone"
REQUIREMENTS_TXT = "container-pip-requirements.txt"
if platform.system() in ["Darwin", "Windows"]:
CONTAINER_RUNTIME = "docker"
Expand Down Expand Up @@ -44,8 +45,31 @@ def main():
)
args = parser.parse_args()

tarball_path = Path("share") / "container.tar.gz"
image_id_path = Path("share") / "image-id.txt"

print(f"Building for architecture '{ARCH}'")

# Designate a unique tag for this image, depending on the Git commit it was created
# from:
# 1. If created from a Git tag (e.g., 0.8.0), the image tag will be `0.8.0`.
# 2. If created from a commit, it will be something like `0.8.0-31-g6bdaa7a`.
# 3. If the contents of the Git repo are dirty, we will append a unique identifier
# for this run, something like `0.8.0-31-g6bdaa7a-fdcb` or `0.8.0-fdcb`.
dirty_ident = secrets.token_hex(2)
tag = (
subprocess.check_output(
["git", "describe", "--first-parent", f"--dirty=-{dirty_ident}"],
)
.decode()
.strip()[1:] # remove the "v" prefix of the tag.
)
image_name_tagged = IMAGE_NAME + ":" + tag

print(f"Will tag the container image as '{image_name_tagged}'")
with open(image_id_path, "w") as f:
f.write(tag)

print("Exporting container pip dependencies")
with ContainerPipDependencies():
if not args.use_cache:
Expand All @@ -59,8 +83,11 @@ def main():
check=True,
)

# Build the container image, and tag it with two tags; the one we calculated
# above, and the "latest" tag.
print("Building container image")
cache_args = [] if args.use_cache else ["--no-cache"]
image_name_latest = IMAGE_NAME + ":latest"
subprocess.run(
[
args.runtime,
Expand All @@ -74,7 +101,9 @@ def main():
"-f",
"Dockerfile",
"--tag",
TAG,
image_name_latest,
"--tag",
image_name_tagged,
],
check=True,
)
Expand All @@ -85,15 +114,15 @@ def main():
[
CONTAINER_RUNTIME,
"save",
TAG,
image_name_tagged,
],
stdout=subprocess.PIPE,
)

print("Compressing container image")
chunk_size = 4 << 20
with gzip.open(
"share/container.tar.gz",
tarball_path,
"wb",
compresslevel=args.compress_level,
) as gzip_f:
Expand All @@ -105,21 +134,6 @@ def main():
break
cmd.wait(5)

print("Looking up the image id")
image_id = subprocess.check_output(
[
args.runtime,
"image",
"list",
"--format",
"{{.ID}}",
TAG,
],
text=True,
)
with open("share/image-id.txt", "w") as f:
f.write(image_id)


class ContainerPipDependencies:
"""Generates PIP dependencies within container"""
Expand Down

0 comments on commit e659d61

Please sign in to comment.