Merge pull request #54 from voxpupuli/multistage

feat: do multi stage build
voxpupuli · Sep 27, 2024 · 4dd1a41 · 4dd1a41
2 parents 60bd6ff + 52e8c6e
commit 4dd1a41
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 17 deletions.
diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml
@@ -45,6 +45,9 @@ jobs:
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_RUBOCOP_PERFORMANCE=${{ matrix.rubygem_rubocop_performance }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
+            APK_JQ=${{ matrix.apk_jq }}
+            APK_YAMLLINT=${{ matrix.apk_yamllint }}
+            APK_GIT=${{ matrix.apk_git }}
           build_arch: linux/amd64,linux/arm64
           docker_username: voxpupulibot
           docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -50,6 +50,9 @@ jobs:
             RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }}
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
+            APK_JQ=${{ matrix.apk_jq }}
+            APK_YAMLLINT=${{ matrix.apk_yamllint }}
+            APK_GIT=${{ matrix.apk_git }}
 
       - name: Clone voxpupuli/puppet-example repository
         uses: actions/checkout@v4

diff --git a/.github/workflows/security_scanning.yml b/.github/workflows/security_scanning.yml
@@ -51,6 +51,9 @@ jobs:
             RUBYGEM_OVERCOMMIT=${{ matrix.rubygem_overcommit }}
             RUBYGEM_MODULESYNC=${{ matrix.rubygem_modulesync }}
             RUBYGEM_BUNDLER=${{ matrix.rubygem_bundler }}
+            APK_JQ=${{ matrix.apk_jq }}
+            APK_YAMLLINT=${{ matrix.apk_yamllint }}
+            APK_GIT=${{ matrix.apk_git }}
 
       - name: Scan image with Anchore Grype
         uses: anchore/scan-action@v4

diff --git a/Dockerfile b/Dockerfile
@@ -1,18 +1,9 @@
 ARG BASE_IMAGE=docker.io/ruby:3.2.5-alpine3.20
 
-FROM $BASE_IMAGE
-
-LABEL org.label-schema.maintainer="Voxpupuli Team <[email protected]>" \
-      org.label-schema.vendor="Voxpupuli" \
-      org.label-schema.url="https://github.com/voxpupuli/container-voxbox" \
-      org.label-schema.name="Vox Pupuli Test Box" \
-      org.label-schema.license="AGPL-3.0-or-later" \
-      org.label-schema.vcs-url="https://github.com/voxpupuli/container-voxbox" \
-      org.label-schema.schema-version="1.0" \
-      org.label-schema.dockerfile="/Dockerfile"
+FROM $BASE_IMAGE AS builder
 
 ARG RUBYGEM_PUPPET
-ENV RUBYGEM_PUPPET=${RUBYGEM_PUPPET:-8.8.1}
+ENV RUBYGEM_PUPPET ${RUBYGEM_PUPPET:-8.8.1}
 
 ARG RUBYGEM_FACTER
 ENV RUBYGEM_FACTER=${RUBYGEM_FACTER:-4.8.0}
@@ -45,14 +36,10 @@ ARG RUBYGEM_BUNDLER
 ENV RUBYGEM_BUNDLER=${RUBYGEM_BUNDLER:-2.5.18}
 
 COPY voxbox/Gemfile /
-COPY voxbox/Rakefile /
-COPY Dockerfile /
 
 RUN apk update \
     && apk upgrade \
     && apk add --no-cache --update alpine-sdk \
-    && apk add --no-cache --update yamllint \
-    && apk add --no-cache --update jq \
     && rm -rf /usr/local/lib/ruby/gems/*/gems/bundler-* \
     && rm -rf /usr/local/lib/ruby/gems/*/specifications/default/bundler-*.gemspec \
     && gem install bundler -v ${RUBYGEM_BUNDLER} \
@@ -71,6 +58,34 @@ RUN apk update \
     && rm -rf /usr/local/lib/ruby/gems/*/gems/rexml-* \
     && rm -rf /usr/local/lib/ruby/gems/*/specifications/rexml-*.gemspec
 
+###############################################################################
+
+FROM $BASE_IMAGE AS final
+
+LABEL org.label-schema.maintainer="Voxpupuli Team <[email protected]>" \
+      org.label-schema.vendor="Voxpupuli" \
+      org.label-schema.url="https://github.com/voxpupuli/container-voxbox" \
+      org.label-schema.name="Vox Pupuli Test Box" \
+      org.label-schema.license="AGPL-3.0-or-later" \
+      org.label-schema.vcs-url="https://github.com/voxpupuli/container-voxbox" \
+      org.label-schema.schema-version="1.0" \
+      org.label-schema.dockerfile="/Dockerfile"
+
+ARG APK_JQ=1.7.1-r0
+ARG APK_YAMLLINT=1.35.1-r1
+ARG APK_GIT=2.45.2-r0
+
+RUN apk update \
+    && apk upgrade \
+    && apk add jq=${APK_JQ} \
+    && apk add yamllint=${APK_YAMLLINT} \
+    && apk add git=${APK_GIT} \
+    && rm -rf /var/cache/apk/*
+
+COPY --from=builder /usr/local/bundle /usr/local/bundle
+COPY Dockerfile /
+COPY voxbox/Rakefile /
+
 WORKDIR /repo
 
 ENTRYPOINT [ "rake" ]

diff --git a/build_versions.json b/build_versions.json
@@ -14,7 +14,10 @@
       "rubygem_r10k": "4.1.0",
       "rubygem_ra10ke": "3.1.0",
       "rubygem_rubocop_performance": "1.21.1",
-      "rubygem_bundler": "2.4.22"
+      "rubygem_bundler": "2.4.22",
+      "apk_jq": "1.6-r1",
+      "apk_yamllint": "1.26.3-r1",
+      "apk_git": "2.36.6-r0"
     },
     {
       "puppet_release": 8,
@@ -30,7 +33,10 @@
       "rubygem_r10k": "4.1.0",
       "rubygem_ra10ke": "3.1.0",
       "rubygem_rubocop_performance": "1.21.1",
-      "rubygem_bundler": "2.5.18"
+      "rubygem_bundler": "2.5.18",
+      "apk_jq": "1.7.1-r0",
+      "apk_yamllint": "1.35.1-r1",
+      "apk_git": "2.45.2-r0"
     }
   ]
 }