diff --git a/.editorconfig b/.editorconfig index f6fb9f98d9..c5d100a733 100644 --- a/.editorconfig +++ b/.editorconfig @@ -6,4 +6,9 @@ indent_size = 4 charset = utf-8 trim_trailing_whitespace = true insert_final_newline = false -end_of_line = lf \ No newline at end of file +end_of_line = lf + +[*.{yml,yaml}] +indent_size = 2 +charset = utf-8 +insert_final_newline = true \ No newline at end of file diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000000..e84cefd3ab --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,98 @@ +name: Publish consumable Docker images + +on: + push: + tags: ['*.*.*'] + +jobs: + compile: + runs-on: ubuntu-latest + strategy: + matrix: + arch: + - x86_64-unknown-linux-musl + - x86_64-unknown-linux-gnu + steps: + - uses: actions/checkout@v1 + - run: cargo install cross + - name: compile for specific target + env: { arch: '${{ matrix.arch }}' } + run: | + cross build --target ${{ matrix.arch }} --release + # leave only the executable file + rm -rd target/${{ matrix.arch }}/release/{*/*,*.d,*.rlib,.fingerprint} + find . -empty -delete + - uses: actions/upload-artifact@master + with: + name: ${{ matrix.arch }} + path: target/${{ matrix.arch }}/release + + docker: + name: Build and publish docker images + needs: compile + runs-on: ubuntu-latest + strategy: + matrix: + tag: + - alpine + - slim + - debian + - glibc-busybox + - musl-busybox + - musl-distroless + - glibc-distroless + - glibc + - musl + include: + - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true } + - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true } + - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true } + - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, use-patch: true } + - { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, } + - { tag: musl-distroless, base-image: 'gcr.io/distroless/static', arch: x86_64-unknown-linux-musl, } + - { tag: glibc-distroless, base-image: 'gcr.io/distroless/cc', arch: x86_64-unknown-linux-gnu, use-patch: true } + - { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, } + - { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, } + steps: + - uses: actions/checkout@v1 + - uses: actions/download-artifact@master + with: { name: '${{ matrix.arch }}', path: target/release } + - name: Build and publish exact version + run: | + REGISTRY=${REGISTRY,,}; export TAG=${GITHUB_REF##*/}-${{ matrix.tag }}; + export NU_BINS=target/release/$( [ ${{ matrix.plugin }} = true ] && echo nu* || echo nu ) + export PATCH=$([ ${{ matrix.use-patch }} = true ] && echo .${{ matrix.tag }} || echo '') + chmod +x $NU_BINS + + echo ${{ secrets.DOCKER_REGISTRY }} | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin + docker-compose --file docker/docker-compose.package.yml build + docker-compose --file docker/docker-compose.package.yml push # exact version + env: + BASE_IMAGE: ${{ matrix.base-image }} + REGISTRY: docker.pkg.github.com/${{ github.repository }} + + #region semantics tagging + - name: Retag and push without suffixing version + run: | + VERSION=${GITHUB_REF##*/} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${{ matrix.tag }} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION%%.*}-${{ matrix.tag }} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION%.*}-${{ matrix.tag }} + docker push ${REGISTRY,,}/nu:${VERSION%.*}-${{ matrix.tag }} # latest patch + docker push ${REGISTRY,,}/nu:${VERSION%%.*}-${{ matrix.tag }} # latest features + docker push ${REGISTRY,,}/nu:${{ matrix.tag }} # latest version + env: { REGISTRY: 'docker.pkg.github.com/${{ github.repository }}' } + - name: Retag and push debian as latest + if: matrix.tag == 'debian' + run: | + VERSION=${GITHUB_REF##*/} + docker tag ${REGISTRY,,}/nu:${{ matrix.tag }} ${REGISTRY,,}/nu:latest + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION%.*} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION%%.*} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION} + docker push ${REGISTRY,,}/nu:${VERSION} # exact version + docker push ${REGISTRY,,}/nu:${VERSION%%.*} # latest features + docker push ${REGISTRY,,}/nu:${VERSION%.*} # latest patch + docker push ${REGISTRY,,}/nu:latest # latest version + env: { REGISTRY: 'docker.pkg.github.com/${{ github.repository }}' } + #endregion semantics tagging diff --git a/docker/Package.Dockerfile b/docker/Package.Dockerfile new file mode 100644 index 0000000000..a9040d2900 --- /dev/null +++ b/docker/Package.Dockerfile @@ -0,0 +1,7 @@ +ARG base +FROM ${base} + +ARG artifact +COPY ${artifact} /bin/ + +ENTRYPOINT ["/bin/nu"] \ No newline at end of file diff --git a/docker/Package.glibc-busybox.Dockerfile b/docker/Package.glibc-busybox.Dockerfile new file mode 100644 index 0000000000..6191b5f04c --- /dev/null +++ b/docker/Package.glibc-busybox.Dockerfile @@ -0,0 +1,15 @@ +ARG base +FROM debian:stable-slim AS patch +FROM ${base} + +ARG artifact +COPY ${artifact} /bin/ + +COPY --from=patch \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /lib/x86_64-linux-gnu/libdl.so.2 \ + /lib/x86_64-linux-gnu/librt.so.1 \ + /lib/x86_64-linux-gnu/libgcc_s.so.1 \ + /lib/x86_64-linux-gnu/ + +ENTRYPOINT ["/bin/nu"] \ No newline at end of file diff --git a/docker/Package.glibc-distroless.Dockerfile b/docker/Package.glibc-distroless.Dockerfile new file mode 100644 index 0000000000..42768fc08c --- /dev/null +++ b/docker/Package.glibc-distroless.Dockerfile @@ -0,0 +1,12 @@ +ARG base +FROM debian:stable-slim AS patch +FROM ${base} + +ARG artifact +COPY ${artifact} /bin/ + +COPY --from=patch \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /lib/x86_64-linux-gnu/ + +ENTRYPOINT ["/bin/nu"] \ No newline at end of file diff --git a/docker/docker-compose.package.yml b/docker/docker-compose.package.yml new file mode 100644 index 0000000000..9be36544eb --- /dev/null +++ b/docker/docker-compose.package.yml @@ -0,0 +1,11 @@ +version: '3' + +services: + nushell: + image: ${REGISTRY}/nu:${TAG} + build: + context: .. + dockerfile: docker/Package${PATCH}.Dockerfile + args: + base: ${BASE_IMAGE} + artifact: ${NU_BINS} diff --git a/docs/docker.md b/docs/docker.md new file mode 100644 index 0000000000..b51f4e0cd0 --- /dev/null +++ b/docs/docker.md @@ -0,0 +1,124 @@ +# Docker Guide + +| tag | base image | plugins | package manager | libs & bins | size | +| ------------------ | -------------------- | ------- | --------------- | ---------------------------------------------------------------- | ----------- | +| `latest`, `debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB | +| `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB | +| `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image + libcrypto, libssl, libtls, libz | ~(3+61) MB | +| `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB | +| `glibc-busybox` | `busybox:glibc` | no | — | GNU utils + _glibc_ | ~(3+17) MB | +| `musl-distroless` | `distroless/static` | no | — | see [here][distroless/base] | ~(2+16) MB | +| `glibc-distroless` | `distroless/cc` | no | — | `distroless/static` with _glibc_ | ~(17+17) MB | +| `glibc` | `scratch` | no | — | **only `nu` binary-executable** which depend on glibc runtime | ~17 MB | +| `musl` | `scratch` | no | — | **only `nu` binary-executable** statically linked to musl | ~16 MB | + +[.slimify-excludes]: https://github.com/debuerreotype/debuerreotype/blob/master/scripts/.slimify-excludes +[distroless/base]: https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md + +## Image Variants + +### `nu:` +This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of. + +
example + +Let say you create a plugin in Rust. +- create a Dockerfile in your root project +```dockerfile +FROM nu:0.2 + +COPY /target/debug/nu_plugin_cowsay /bin/ +ENTRYPOINT ["nu"] +``` +- build your project first then run it via docker +```console +cargo build +docker run -it . +``` +
+ +### `nu:-slim` +This image does not contain the common packages contained in the default tag and only contains the minimal packages needed to run `nu`. Unless you are working in an environment where only the `nu` image will be deployed and you have space constraints, it's highly recommended to use the alpine image if you aim for small image size. Only use this image if you really need **both** `glibc` and small image size. + +### `nu:-alpine` +This image is based on the popular [Alpine Linux project](http://alpinelinux.org/), available in [the alpine official image][alpine]. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general. + +This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use `musl` libc instead of `glibc` and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See [this Hacker News comment thread](https://news.ycombinator.com/item?id=10782897) for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images. + +To minimize image size, it's uncommon for additional related tools (such as `git` or `bash`) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the [alpine image description][alpine] for examples of how to install packages if you are unfamiliar). + +### `nu:-` +This image is based on [`scratch`](https://hub.docker.com/_/scratch) which doesn't create an extra layer. This variants can be handy in a project that uses multiple programming language as you need a lot of tools. By using this in [multi-stage build][], you can slim down the docker image that need to be pulled. + +[multi-stage build]: https://docs.docker.com/develop/develop-images/multistage-build/ + +
example + +- using `glibc` variant +```dockerfile +FROM nu:0.2-glibc as shell +FROM node:slim + +# Build your plugins + +COPY --from=shell /bin/nu /bin/ +# Something else +ENTRYPOINT ["nu"] +``` + +- using `musl` variant +```dockerfile +FROM nu:musl as shell +FROM go:alpine + +# Build your plugins + +COPY --from=shell /bin/nu /bin/ +# Something else +ENTRYPOINT ["nu"] +``` +
+ +### `nu:--distroless` +This image is base on [Distroless](https://github.com/GoogleContainerTools/distroless) which usually to contain only your application and its runtime dependencies. This image do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution except for nushell itself. All distroless variant always contains: +- ca-certificates +- A /etc/passwd entry for a root user +- A /tmp directory +- tzdata + +As for `glibc-distroless` variant, it **adds**: +- glibc +- libssl +- openssl + +> Most likely you want to use this in CI/CD environment for plugins that can be statically compiled. + +
example + +```dockerfile +FROM nu:musl-distroless + +COPY target/x86_64-unknown-linux-musl/release/nu_plugin_* /bin/ +ENTRYPOINT ["nu"] +``` +
+ +### `nu:--busybox` +This image is based on [Busybox](http://www.busybox.net/) which is a very good ingredient to craft space-efficient distributions. It combines tiny versions of many common UNIX utilities into a single small executable. It also provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. Basically, this image provides a fairly complete environment for any small or embedded system. + +> Use this only if you need common utilities like `tar`, `awk`, and many more but don't want extra blob like nushell plugins and others. + +
example + +```dockerfile +FROM nu:0.2-glibc-busybox + +ADD https://github.com/user/repo/releases/download/latest/nu_plugin_cowsay.tar.gz /tmp/ +RUN tar xzfv nu_plugin_cowsay.tar.gz -C /bin --strip=1 nu_plugin_cowsay + +ENTRYPOINT ["nu"] +``` +
+ +[musl]: http://www.musl-libc.org/ +[alpine]: https://hub.docker.com/_/alpine/ \ No newline at end of file