Skip to content

Commit

Permalink
enable nix and devbox (#13)
Browse files Browse the repository at this point in the history 
* use prebuilt ghcr.io container by default

* add submodule update instruction

* test uid remapping for gha runner bug

* revert uid remapping

* add submodule update cmd to devcontainer

* add submodule update cmd to devcontainer

* re-test nix + devbox install in GHA buildx pipeline

* disable nix+devbox install on qemu arm64 buildx builds and refactor layers for future simplification

* change bash shell syntax to work in sh shell

* reverse ternary

* fix ternary operator

* tidy

* tidy

* normalize curl pipe scripted installs
  • Loading branch information
@usrbinkat
usrbinkat authored Nov 13, 2023
1 parent 42e84dd commit 11e56dc
Showing 1 changed file with 148 additions and 92 deletions.
240 changes: 148 additions & 92 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,36 +9,6 @@

FROM mcr.microsoft.com/devcontainers/base:ubuntu-22.04

ARG PIP_PKGS="\
setuptools \
"

ARG APT_PKGS="\
gh \
git \
vim \
curl \
tmux \
gnupg \
python3 \
python3-pip \
dotnet-sdk-7.0 \
ca-certificates \
build-essential \
dotnet-runtime-7.0 \
# golang-go \ # default go 1.18 package version is not new enough
"

ARG GO_PKGS="\
golang.org/x/tools/gopls@latest \
github.com/josharian/impl@latest \
github.com/fatih/gomodifytags@latest \
github.com/cweill/gotests/gotests@latest \
github.com/go-delve/delve/cmd/dlv@latest \
honnef.co/go/tools/cmd/staticcheck@latest \
github.com/haya14busa/goplay/cmd/goplay@latest \
"

# Append rootfs directory tree into container to copy
# additional files into the container's directory tree
ADD rootfs /
Expand All @@ -48,18 +18,24 @@ ENV TZ=UTC
# Disable package manager prompts
ENV DEBIAN_FRONTEND=noninteractive
# Add go and nix to path
ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/go/bin:/nix/var/nix/profiles/default/bin"
ENV PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go/bin:/nix/var/nix/profiles/default/bin"
# Default to MS FROM image builtin user
USER vscode

# Install apt & pip packages
# Install apt packages
ARG APT_PKGS="\
gh \
git \
curl \
gnupg \
build-essential \
ca-certificates \
tmux \
vim \
"
RUN set -ex \
&& sudo apt-get update \
&& sudo apt-get install ${APT_PKGS} \
&& sudo update-alternatives --install \
/usr/bin/python python \
/usr/bin/python3 1 \
&& sudo python3 -m pip install ${PIP_PKGS} \
&& sudo apt-get clean \
&& sudo apt-get autoremove -y \
&& sudo apt-get purge -y --auto-remove \
Expand All @@ -72,52 +48,6 @@ RUN set -ex \
/tmp/* \
&& true

# Install golang from upstream
RUN set -ex \
&& export arch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64" || $1 == "arm64") print "arm64"; else print "unknown" }') \
&& export goversion="$(curl -s https://go.dev/dl/?mode=json | awk -F'[":go]' '/ "version"/{print $8}' | head -n1)" \
&& curl -L https://go.dev/dl/go${goversion}.linux-${arch}.tar.gz | sudo tar -C /usr/local/ -xzvf - \
&& which go \
&& go version \
&& for pkg in ${GO_PKGS}; do go install ${pkg}; echo "Installed: ${pkg}"; done \
&& true
# Install nodejs npm yarn
RUN set -ex \
&& export NODE_MAJOR=20 \
&& curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \
| sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
&& echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" \
| sudo tee /etc/apt/sources.list.d/nodesource.list \
&& sudo apt-get update \
&& sudo apt-get install nodejs \
&& sudo apt-get clean \
&& sudo apt-get autoremove -y \
&& sudo apt-get purge -y --auto-remove \
&& sudo rm -rf \
/var/lib/{apt,dpkg,cache,log} \
/usr/share/{doc,man,locale} \
/var/cache/apt \
/root/.cache \
/var/tmp/* \
/tmp/* \
&& node --version \
&& npm --version \
&& sudo npm install --global yarn \
&& yarn --version \
&& true
# TODO: fix qemu buildx github action multi-arch arm64 nix install failure
## Install Nix
#ENV PATH="${PATH}"
#RUN set -ex \
# && curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix \
# | sh -s -- install linux \
# --extra-conf "sandbox = false" \
# --init none \
# --no-confirm \
# && true
# Install pulumi
RUN set -ex \
&& export arch=$(uname -m | awk '{ if ($1 == "x86_64") print "x64"; else if ($1 == "aarch64" || $1 == "arm64") print "arm64"; else print "unknown" }') \
Expand All @@ -127,13 +57,14 @@ RUN set -ex \
&& export urlPulumiBin="pulumi-v${urlPulumiVersion}-linux-${arch}.tar.gz" \
&& export urlPulumi="${urlPulumiBase}/v${urlPulumiVersion}/${urlPulumiBin}" \
&& curl -L ${urlPulumi} | tar xzvf - --directory /tmp \
&& chmod +x /tmp/pulumi/* \
&& sudo mv /tmp/pulumi/* /usr/local/bin/ \
&& rm -rf /tmp/pulumi \
&& which pulumi \
&& pulumi version \
&& rm -rf /tmp/* \
&& true

# Install Pulumi ESC
# Install pulumi esc
RUN set -ex \
&& export arch=$(uname -m | awk '{ if ($1 == "x86_64") print "x64"; else if ($1 == "aarch64" || $1 == "arm64") print "arm64"; else print "unknown" }') \
&& export urlPulumiRelease="https://api.github.com/repos/pulumi/esc/releases/latest" \
Expand All @@ -142,10 +73,11 @@ RUN set -ex \
&& export urlPulumiBin="esc-v${urlPulumiVersion}-linux-${arch}.tar.gz" \
&& export urlPulumi="${urlPulumiBase}/v${urlPulumiVersion}/${urlPulumiBin}" \
&& curl -L ${urlPulumi} | tar xzvf - --directory /tmp \
&& chmod +x /tmp/esc/esc \
&& sudo mv /tmp/esc/esc /usr/local/bin/esc \
&& rm -rf /tmp/esc \
&& which esc \
&& esc version \
&& rm -rf /tmp/* \
&& true

# Install pulumictl
Expand All @@ -157,13 +89,137 @@ RUN set -ex \
&& export urlPulumiBin="pulumictl-v${urlPulumiVersion}-linux-${arch}.tar.gz" \
&& export urlPulumi="${urlPulumiBase}/v${urlPulumiVersion}/${urlPulumiBin}" \
&& curl -L ${urlPulumi} | tar xzvf - --directory /tmp \
&& chmod +x /tmp/pulumictl \
&& sudo mv /tmp/pulumictl /usr/local/bin/ \
&& rm -rf /tmp/* \
&& which pulumictl \
&& pulumictl version \
&& rm -rf /tmp/* \
&& true

# Install nix
# BUG: fix qemu buildx github action multi-arch arm64 nix install failure
RUN set -ex \
&& export urlNix="https://install.determinate.systems/nix" \
&& export arch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64" || $1 == "arm64") print "arm64"; else print "unknown" }') \
&& [ ${arch} = "arm64" ] || curl --proto '=https' --tlsv1.2 -sSf -L ${urlNix} --output /tmp/install.sh \
&& [ ${arch} = "arm64" ] || chmod +x /tmp/install.sh \
&& [ ${arch} = "arm64" ] || /tmp/install.sh install linux --extra-conf "sandbox = false" --init none --no-confirm \
&& [ ${arch} = "arm64" ] || sh -c "nix --version" \
&& [ ${arch} = "arm64" ] || rm -rf /tmp/* \
&& true

# Install devbox
# BUG: depends on Nix installer qemu buildx gha arm64 bug resolution
# TODO: add devbox version test
RUN set -ex \
&& export urlDevbox="https://get.jetpack.io/devbox" \
&& export arch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64" || $1 == "arm64") print "arm64"; else print "unknown" }') \
&& [ ${arch} = "arm64" ] || curl --proto '=https' --tlsv1.2 -sSf -L ${urlDevbox} --output /tmp/install.sh \
&& [ ${arch} = "arm64" ] || chmod +x /tmp/install.sh \
&& [ ${arch} = "arm64" ] || /tmp/install.sh -f \
&& [ ${arch} = "arm64" ] || devbox version \
&& [ ${arch} = "arm64" ] || rm -rf /tmp/* \
&& true

# Install golang
# TODO: relocate install to devbox
ARG GO_PKGS="\
golang.org/x/tools/gopls@latest \
github.com/josharian/impl@latest \
github.com/fatih/gomodifytags@latest \
github.com/cweill/gotests/gotests@latest \
github.com/go-delve/delve/cmd/dlv@latest \
honnef.co/go/tools/cmd/staticcheck@latest \
github.com/haya14busa/goplay/cmd/goplay@latest \
"
RUN set -ex \
&& export arch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64" || $1 == "arm64") print "arm64"; else print "unknown" }') \
&& export goversion="$(curl -s https://go.dev/dl/?mode=json | awk -F'[":go]' '/ "version"/{print $8}' | head -n1)" \
&& curl -L https://go.dev/dl/go${goversion}.linux-${arch}.tar.gz | sudo tar -C /usr/local/ -xzvf - \
&& which go \
&& go version \
&& for pkg in ${GO_PKGS}; do go install ${pkg}; echo "Installed: ${pkg}"; done \
&& true
# Install kind (Kubernetes-in-Docker)
# Install python
# TODO: relocate install to devbox
ARG APT_PKGS="\
python3 \
python3-pip \
dotnet-sdk-7.0 \
dotnet-runtime-7.0 \
"
ARG PIP_PKGS="\
setuptools \
"
RUN set -ex \
&& sudo apt-get update \
&& sudo apt-get install ${APT_PKGS} \
&& sudo update-alternatives --install \
/usr/bin/python python \
/usr/bin/python3 1 \
&& sudo python3 -m pip install ${PIP_PKGS} \
&& sudo apt-get clean \
&& sudo apt-get autoremove -y \
&& sudo apt-get purge -y --auto-remove \
&& sudo rm -rf \
/var/lib/{apt,dpkg,cache,log} \
/usr/share/{doc,man,locale} \
/var/cache/apt \
/root/.cache \
/var/tmp/* \
/tmp/* \
&& true
# Install dotnet
# TODO: relocate install to devbox
ARG APT_PKGS="\
dotnet-sdk-7.0 \
dotnet-runtime-7.0 \
"
RUN set -ex \
&& sudo apt-get update \
&& sudo apt-get install ${APT_PKGS} \
&& sudo apt-get clean \
&& sudo apt-get autoremove -y \
&& sudo apt-get purge -y --auto-remove \
&& sudo rm -rf \
/var/lib/{apt,dpkg,cache,log} \
/usr/share/{doc,man,locale} \
/var/cache/apt \
/root/.cache \
/var/tmp/* \
/tmp/* \
&& true
# Install nodejs npm yarn
# TODO: relocate install to devbox
RUN set -ex \
&& export NODE_MAJOR=20 \
&& curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \
| sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
&& echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" \
| sudo tee /etc/apt/sources.list.d/nodesource.list \
&& sudo apt-get update \
&& sudo apt-get install nodejs \
&& sudo apt-get clean \
&& sudo apt-get autoremove -y \
&& sudo apt-get purge -y --auto-remove \
&& sudo rm -rf \
/var/lib/{apt,dpkg,cache,log} \
/usr/share/{doc,man,locale} \
/var/cache/apt \
/root/.cache \
/var/tmp/* \
/tmp/* \
&& node --version \
&& npm --version \
&& sudo npm install --global yarn \
&& yarn --version \
&& true
# Install kind (kubernetes-in-docker)
# TODO: relocate install to devcontainer.json
RUN set -ex \
&& export arch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64" || $1 == "arm64") print "arm64"; else print "unknown" }') \
&& export urlKindRelease="https://api.github.com/repos/kubernetes-sigs/kind/releases/latest" \
Expand All @@ -178,24 +234,26 @@ RUN set -ex \
&& true
# Install kubectl
# TODO: relocate install to devcontainer.json
RUN set -ex \
&& export arch=$(uname -m | awk '{ if ($1 == "x86_64") print "amd64"; else if ($1 == "aarch64" || $1 == "arm64") print "arm64"; else print "unknown" }') \
&& export varKubectlVersion="$(curl --silent -L https://storage.googleapis.com/kubernetes-release/release/stable.txt | sed 's/v//g')" \
&& export varKubectlUrl="https://storage.googleapis.com/kubernetes-release/release/v${varKubectlVersion}/bin/linux/${arch}/kubectl" \
&& sudo curl -L ${varKubectlUrl} --output /usr/local/bin/kubectl \
&& sudo chmod +x /usr/local/bin/kubectl \
&& kubectl version --client || exit 1 \
&& kubectl version --client || true \
&& true
# Install helm
# TODO: relocate install to devcontainer.json
RUN set -ex \
&& export varVerHelm="$(curl -s https://api.github.com/repos/helm/helm/releases/latest | awk -F '[\"v,]' '/tag_name/{print $5}')" \
&& export varUrlHelm="https://get.helm.sh/helm-v${varVerHelm}-linux-amd64.tar.gz" \
&& curl -L ${varUrlHelm} | tar xzvf - --directory /tmp linux-amd64/helm \
&& chmod +x /tmp/linux-amd64/helm \
&& sudo mv /tmp/linux-amd64/helm /usr/local/bin/helm \
&& sudo chmod +x /usr/local/bin/helm \
&& rm -rf /tmp/linux-amd64 \
&& helm version \
&& rm -rf /tmp/linux-amd64 \
&& true
WORKDIR /workspaces
Expand All @@ -209,8 +267,6 @@ LABEL org.opencontainers.image.description="A containerized environment for deve
# General Labels
ARG VERSION
ARG BUILD_DATE
ARG PULUMICTL
ARG PULUMI
LABEL \
org.opencontainers.image.version=$VERSION \
org.opencontainers.image.created=$BUILD_DATE \
Expand Down

0 comments on commit 11e56dc

Please sign in to comment.