-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: add lockfile generation support #318
Conversation
The changes in this PR are born out of the research spike to find the best way to add lockfile generation support to the `phylum-ci` image. Each [required tool](https://docs.phylum.io/docs/lockfile_generation) was examined, to find out how much overhead it would add to the image in each of the various ways it could be installed. The results of which are documented in the comment trails of this private story: phylum-dev/roadmap#380 The actions taken here include: * Update the existing `Dockerfile` to install lockfile generation tools * Retain the previous functionality with a new `Dockerfile.slim` file * Switch base image from `python:3.11-slim-bullseye` to `-bookworm` * Format and refactor throughout * Be DRY about the version of `poetry` * Ensure `RUN` command contents adhere to `shellcheck` QA findings BREAKING CHANGE: The `phylum-ci` docker image created from the default `Dockerfile` is much larger, containing *all* the required tools for lockfile generation across all supported ecosystems. To retain the previous functionality, a new `slim` tag is offered for those instances where *no* manifest files are present and/or *only* lockfiles are used.
* Create `tests/docker_tests.sh` script to provide a basic set of tests * Confirm each of the expected tools is present within the image * The path and version of the tool is shown * Sometimes additional data is provided, like help or info output * Update the `Test` workflow * Turn the `docker` job into a true matrix job * Add different dockerfile inputs * Add build inputs to allow for building from a wheel or source * Test each built image with the new `docker_tests.sh` script * Simplify the logic in the `test-rollup` job
* Update `Docker` and `Release` workflows * Build with both the default and slim dockerfiles * Test with the new `docker_tests.sh` script * Create specific docker tags that include the `-slim` suffix * Create `slim` docker tags mirroring the `latest` slim image * Adhere to `actionlint` and `shellcheck` QA tools
* Update the `README.md` with information about the `slim` tag options * Update the dockerfiles with information about how to perform testing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Didn't have time to read through all of the documentation, but the rest looks good.
What's the image size difference between "fat" and slim? |
The "slim" image is 125MB compressed and 340MB uncompressed. The full details on the new, "fat" image can be found in this comment, with the direct answer to the question repeated here since that is in a private repo: Some basic features of the new image:
|
The changes in this PR are born out of the research spike to find the
best way to add lockfile generation support to the
phylum-ci
image.Each required tool
was examined, to find out how much overhead it would add to the image in
each of the various ways it could be installed. The results of which are
documented in the comment trails of this private story:
https://github.com/phylum-dev/roadmap/issues/380
The actions taken here include:
Dockerfile
to install lockfile generation toolsDockerfile.slim
filepython:3.11-slim-bullseye
to-bookworm
poetry
RUN
command contents adhere toshellcheck
QA findingsscripts/docker_tests.sh
to provide a basic set of testsTest
workflowdocker
job into a true matrix jobdocker_tests.sh
scripttest-rollup
jobDocker
andRelease
workflowsdocker_tests.sh
script-slim
suffixslim
docker tags mirroring thelatest
slim imageactionlint
andshellcheck
QA toolsREADME.md
with information about theslim
tag optionsCloses #317
BREAKING CHANGE: The
phylum-ci
docker image created from the defaultDockerfile
is much larger, containing all the required tools forlockfile generation across all supported ecosystems. To retain the
previous functionality, a new
slim
tag is offered for those instanceswhere no manifest files are present and/or only lockfiles are used.
Checklist
closes #<issueNum>
in description above)?Testing
Tags for the images created with the updated/new dockerfiles in this PR can be found on Docker Hub for my account:
manifest_support
tag is built withDockerfile
slim
is built withDockerfile.slim