From 085973e2dbba18e80acfde545b98d2fd6fed7838 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Fri, 6 Sep 2019 17:40:48 +0700 Subject: [PATCH 01/15] Update main.workflow --- .github/main.workflow | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/main.workflow diff --git a/.github/main.workflow b/.github/main.workflow new file mode 100644 index 0000000000..cbbe6aea81 --- /dev/null +++ b/.github/main.workflow @@ -0,0 +1,8 @@ +workflow "New workflow" { + resolves = ["GitHub Action for Docker"] + on = "push" +} + +action "GitHub Action for Docker" { + uses = "actions/docker/cli@fe7ed3ce992160973df86480b83a2f8ed581cd50" +} From c9c91121556c9857e4ad902a3071fa05b26b221f Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Sun, 8 Sep 2019 21:38:25 +0700 Subject: [PATCH 02/15] Build and publish docker img along with nu plugins * Add Package.Dockerfile as flexible build source * Add docker-compose.package.yml as intermediary config * CI will use new github action YAML format it only publish the docker image on git tag * Add debian:latest, debian:slim, and alpine as base image * Add documentation --- .editorconfig | 7 ++- .github/main.workflow | 8 --- .github/workflows/docker-publish.yml | 80 ++++++++++++++++++++++++++++ docker/Package.Dockerfile | 5 ++ docker/docker-compose.package.yml | 10 ++++ docs/docker.md | 46 ++++++++++++++++ 6 files changed, 147 insertions(+), 9 deletions(-) delete mode 100644 .github/main.workflow create mode 100644 .github/workflows/docker-publish.yml create mode 100644 docker/Package.Dockerfile create mode 100644 docker/docker-compose.package.yml create mode 100644 docs/docker.md diff --git a/.editorconfig b/.editorconfig index f6fb9f98d9..c5d100a733 100644 --- a/.editorconfig +++ b/.editorconfig @@ -6,4 +6,9 @@ indent_size = 4 charset = utf-8 trim_trailing_whitespace = true insert_final_newline = false -end_of_line = lf \ No newline at end of file +end_of_line = lf + +[*.{yml,yaml}] +indent_size = 2 +charset = utf-8 +insert_final_newline = true \ No newline at end of file diff --git a/.github/main.workflow b/.github/main.workflow deleted file mode 100644 index cbbe6aea81..0000000000 --- a/.github/main.workflow +++ /dev/null @@ -1,8 +0,0 @@ -workflow "New workflow" { - resolves = ["GitHub Action for Docker"] - on = "push" -} - -action "GitHub Action for Docker" { - uses = "actions/docker/cli@fe7ed3ce992160973df86480b83a2f8ed581cd50" -} diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000000..a3c3e0f2af --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,80 @@ +name: Publish consumable Docker images + +on: + push: + tags: ['*.*.*'] + +jobs: + compile: + runs-on: ubuntu-latest + strategy: + matrix: + arch: + - x86_64-unknown-linux-musl + - x86_64-unknown-linux-gnu + steps: + - uses: actions/checkout@v1 + - run: cargo install cross + - name: compile for specific target + env: { arch: '${{ matrix.arch }}' } + run: | + cross build --target ${{ matrix.arch }} --release + # leave only the executable file + rm -rd target/${{ matrix.arch }}/release/{*/*,*.d,*.rlib,.fingerprint} + find . -empty -delete + - uses: actions/upload-artifact@master + with: + name: ${{ matrix.arch }} + path: target/${{ matrix.arch }}/release + + docker: + name: Build and publish docker images + needs: compile + runs-on: ubuntu-latest + strategy: + matrix: + base-image: [debian, 'debian:stable-slim', alpine] + include: + - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl } + - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu } + - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu } + steps: + - uses: actions/checkout@v1 + - uses: actions/download-artifact@master + with: { name: '${{ matrix.arch }}', path: target/release } + - name: Build and publish exact version + run: | + REGISTRY=${REGISTRY,,}; export TAG=${GITHUB_REF##*/}-${{ matrix.tag }}; + + echo ${{ secrets.DOCKER_REGISTRY }} | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin + docker-compose --file docker/docker-compose.package.yml build + docker-compose --file docker/docker-compose.package.yml push # exact version + env: + BASE_IMAGE: ${{ matrix.base-image }} + REGISTRY: docker.pkg.github.com/${{ github.repository }} + + #region semantics tagging + - name: Retag and push without suffixing version + run: | + VERSION=${GITHUB_REF##*/} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${{ matrix.tag }} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION%%.*}-${{ matrix.tag }} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION%.*}-${{ matrix.tag }} + docker push ${REGISTRY,,}/nu:${VERSION%.*}-${{ matrix.tag }} # latest patch + docker push ${REGISTRY,,}/nu:${VERSION%%.*}-${{ matrix.tag }} # latest features + docker push ${REGISTRY,,}/nu:${{ matrix.tag }} # latest version + env: { REGISTRY: 'docker.pkg.github.com/${{ github.repository }}' } + - name: Retag and push debian as latest + if: matrix.tag == 'debian' + run: | + VERSION=${GITHUB_REF##*/} + docker tag ${REGISTRY,,}/nu:${{ matrix.tag }} ${REGISTRY,,}/nu:latest + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION%.*} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION%%.*} + docker tag ${REGISTRY,,}/nu:${VERSION}-${{ matrix.tag }} ${REGISTRY,,}/nu:${VERSION} + docker push ${REGISTRY,,}/nu:${VERSION} # exact version + docker push ${REGISTRY,,}/nu:${VERSION%%.*} # latest features + docker push ${REGISTRY,,}/nu:${VERSION%.*} # latest patch + docker push ${REGISTRY,,}/nu:latest # latest version + env: { REGISTRY: 'docker.pkg.github.com/${{ github.repository }}' } + #endregion semantics tagging diff --git a/docker/Package.Dockerfile b/docker/Package.Dockerfile new file mode 100644 index 0000000000..8d61b03342 --- /dev/null +++ b/docker/Package.Dockerfile @@ -0,0 +1,5 @@ +ARG base +FROM ${base} + +COPY target/release/nu* /bin/ +ENTRYPOINT ["nu"] \ No newline at end of file diff --git a/docker/docker-compose.package.yml b/docker/docker-compose.package.yml new file mode 100644 index 0000000000..2192da8879 --- /dev/null +++ b/docker/docker-compose.package.yml @@ -0,0 +1,10 @@ +version: '3' + +services: + nushell: + image: ${REGISTRY}/nu:${TAG} + build: + context: .. + dockerfile: docker/Package.Dockerfile + args: + base: ${BASE_IMAGE} diff --git a/docs/docker.md b/docs/docker.md new file mode 100644 index 0000000000..dc8d37988c --- /dev/null +++ b/docs/docker.md @@ -0,0 +1,46 @@ +# Docker Guide + +| tag | base image | plugins | package manager | libs & bins | size | +| ------------------ | -------------------- | ------- | --------------- | ----------------------------------------------------------------------- | ----------- | +| `latest`,`debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB | +| `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB | +| `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image but include libcrypto, libssl, libtls, libz | ~(3+61) MB | + +[.slimify-excludes]: https://github.com/debuerreotype/debuerreotype/blob/master/scripts/.slimify-excludes +[distroless/base]: https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md + +## Image Variants + +### `nu:` +This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of. + +
example + +Let say you create a plugin in Rust. +- create a Dockerfile in your root project +```dockerfile +FROM nu:0.2 + +COPY /target/debug/nu_plugin_cowsay /bin/ +ENTRYPOINT ["nu"] +``` +- build your project first then run it via docker +```console +cargo build +docker run -it . +``` +
+ +### `nu:-slim` + +This image does not contain the common packages contained in the default tag and only contains the minimal packages needed to run `nu`. Unless you are working in an environment where only the `nu` image will be deployed and you have space constraints, we highly recommend using the alpine image if you aim for small image size. Only use this image if you really need **both** `glibc` and small image size. + +### `nu:-alpine` +This image is based on the popular [Alpine Linux project](http://alpinelinux.org/), available in [the alpine official image][alpine]. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general. + +This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use `musl` libc instead of `glibc` and friends, so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See [this Hacker News comment thread](https://news.ycombinator.com/item?id=10782897) for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images. + +To minimize image size, it's uncommon for additional related tools (such as `git` or `bash`) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the [alpine image description][alpine] for examples of how to install packages if you are unfamiliar). + +[musl]: http://www.musl-libc.org/ +[alpine]: https://hub.docker.com/_/alpine/ \ No newline at end of file From 21896b200cd4ec544f40cd416c977af4e4816d19 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Sun, 8 Sep 2019 22:31:10 +0700 Subject: [PATCH 03/15] Add busybox as base image --- .github/workflows/docker-publish.yml | 11 +++++++---- docker/Package.Dockerfile | 3 ++- docker/docker-compose.package.yml | 1 + docs/docker.md | 29 +++++++++++++++++++++++----- 4 files changed, 34 insertions(+), 10 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index a3c3e0f2af..353401e91b 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -33,11 +33,13 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - base-image: [debian, 'debian:stable-slim', alpine] + base-image: [debian, 'debian:stable-slim', alpine, 'busybox:glibc', 'busybox:musl'] include: - - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl } - - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu } - - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu } + - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true } + - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true } + - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true } + - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false } + - { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, plugin: false } steps: - uses: actions/checkout@v1 - uses: actions/download-artifact@master @@ -45,6 +47,7 @@ jobs: - name: Build and publish exact version run: | REGISTRY=${REGISTRY,,}; export TAG=${GITHUB_REF##*/}-${{ matrix.tag }}; + export NU_BINS=target/release/$( [ ${{ matrix.plugin }} ] && nu* || nu ) echo ${{ secrets.DOCKER_REGISTRY }} | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin docker-compose --file docker/docker-compose.package.yml build diff --git a/docker/Package.Dockerfile b/docker/Package.Dockerfile index 8d61b03342..7bc2bfe291 100644 --- a/docker/Package.Dockerfile +++ b/docker/Package.Dockerfile @@ -1,5 +1,6 @@ +ARG artifact ARG base FROM ${base} -COPY target/release/nu* /bin/ +COPY ${artifact} /bin/ ENTRYPOINT ["nu"] \ No newline at end of file diff --git a/docker/docker-compose.package.yml b/docker/docker-compose.package.yml index 2192da8879..3622fa0cf6 100644 --- a/docker/docker-compose.package.yml +++ b/docker/docker-compose.package.yml @@ -8,3 +8,4 @@ services: dockerfile: docker/Package.Dockerfile args: base: ${BASE_IMAGE} + artifact: ${NU_BINS} diff --git a/docs/docker.md b/docs/docker.md index dc8d37988c..78db9a44c7 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -1,10 +1,12 @@ # Docker Guide -| tag | base image | plugins | package manager | libs & bins | size | -| ------------------ | -------------------- | ------- | --------------- | ----------------------------------------------------------------------- | ----------- | -| `latest`,`debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB | -| `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB | -| `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image but include libcrypto, libssl, libtls, libz | ~(3+61) MB | +| tag | base image | plugins | package manager | libs & bins | size | +| ----------------- | -------------------- | ------- | --------------- | ---------------------------------------------------------------- | ----------- | +| `latest`,`debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB | +| `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB | +| `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image + libcrypto, libssl, libtls, libz | ~(3+61) MB | +| `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB | +| `glibc-busybox` | `busybox:glibc` | no | — | GNU utils + _glibc_ | ~(3+17) MB | [.slimify-excludes]: https://github.com/debuerreotype/debuerreotype/blob/master/scripts/.slimify-excludes [distroless/base]: https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md @@ -42,5 +44,22 @@ This variant is highly recommended when final image size being as small as possi To minimize image size, it's uncommon for additional related tools (such as `git` or `bash`) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the [alpine image description][alpine] for examples of how to install packages if you are unfamiliar). +### `nu:--busybox` +This image is based on [Busybox](http://www.busybox.net/) which is a very good ingredient to craft space-efficient distributions. It combines tiny versions of many common UNIX utilities into a single small executable. It also provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. Basically, this image provides a fairly complete environment for any small or embedded system. + +> Use this only if you need common utilities like `tar`, `awk`, and many more but don't want extra blob like nushell plugins and others. + +
example + +```dockerfile +FROM nu:0.2-glibc-busybox + +ADD https://github.com/user/repo/releases/download/latest/nu_plugin_cowsay.tar.gz /tmp/ +RUN tar xzfv nu_plugin_cowsay.tar.gz -C /bin + +ENTRYPOINT ["nu"] +``` +
+ [musl]: http://www.musl-libc.org/ [alpine]: https://hub.docker.com/_/alpine/ \ No newline at end of file From fa53d59aeea396895bbc70356ac57da6b277710d Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Sun, 8 Sep 2019 22:59:35 +0700 Subject: [PATCH 04/15] Add scratch as base image --- .github/workflows/docker-publish.yml | 2 ++ docs/docker.md | 34 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 353401e91b..c8b56e680c 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -40,6 +40,8 @@ jobs: - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true } - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false } - { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, plugin: false } + - { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, plugin: false } + - { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, plugin: false } steps: - uses: actions/checkout@v1 - uses: actions/download-artifact@master diff --git a/docs/docker.md b/docs/docker.md index 78db9a44c7..7c00f05544 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -7,6 +7,8 @@ | `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image + libcrypto, libssl, libtls, libz | ~(3+61) MB | | `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB | | `glibc-busybox` | `busybox:glibc` | no | — | GNU utils + _glibc_ | ~(3+17) MB | +| `glibc` | `scratch` | no | — | **only `nu` binary-executable** which depend on glibc runtime | ~17 MB | +| `musl` | `scratch` | no | — | **only `nu` binary-executable** statically linked to musl | ~16 MB | [.slimify-excludes]: https://github.com/debuerreotype/debuerreotype/blob/master/scripts/.slimify-excludes [distroless/base]: https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md @@ -44,6 +46,38 @@ This variant is highly recommended when final image size being as small as possi To minimize image size, it's uncommon for additional related tools (such as `git` or `bash`) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the [alpine image description][alpine] for examples of how to install packages if you are unfamiliar). +### `nu:-` +This image is based on [`scratch`](https://hub.docker.com/_/scratch) which doesn't create an extra layer. This variants can be handy in a project that uses multiple programming language as you need a lot of tools. By using this in [multi-stage build][], you can slim down the docker image that need to be pulled. + +[multi-stage build]: https://docs.docker.com/develop/develop-images/multistage-build/ + +
example + +- using `glibc` variant +```dockerfile +FROM nu:0.2-glibc as shell +FROM node:slim + +# Build your plugins + +COPY --from=shell /bin/nu /bin/ +# Something else +ENTRYPOINT ["nu"] +``` + +- using `musl` variant +```dockerfile +FROM nu:musl as shell +FROM go:alpine + +# Build your plugins + +COPY --from=shell /bin/nu /bin/ +# Something else +ENTRYPOINT ["nu"] +``` +
+ ### `nu:--busybox` This image is based on [Busybox](http://www.busybox.net/) which is a very good ingredient to craft space-efficient distributions. It combines tiny versions of many common UNIX utilities into a single small executable. It also provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. Basically, this image provides a fairly complete environment for any small or embedded system. From d99208619289f16e8fbe336cdff207f1b354d164 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Sun, 8 Sep 2019 23:42:03 +0700 Subject: [PATCH 05/15] Add distroless as base image --- .github/workflows/docker-publish.yml | 16 +++++---- docs/docker.md | 49 +++++++++++++++++++++------- 2 files changed, 46 insertions(+), 19 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index c8b56e680c..30ee8b0418 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -35,13 +35,15 @@ jobs: matrix: base-image: [debian, 'debian:stable-slim', alpine, 'busybox:glibc', 'busybox:musl'] include: - - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true } - - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true } - - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true } - - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false } - - { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, plugin: false } - - { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, plugin: false } - - { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, plugin: false } + - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true } + - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true } + - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true } + - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false } + - { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, plugin: false } + - { tag: musl-distroless, base-image: 'gcr.io/distroless/static', arch: x86_64-unknown-linux-musl, plugin: false } + - { tag: glibc-distroless, base-image: 'gcr.io/distroless/base', arch: x86_64-unknown-linux-gnu, plugin: false } + - { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, plugin: false } + - { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, plugin: false } steps: - uses: actions/checkout@v1 - uses: actions/download-artifact@master diff --git a/docs/docker.md b/docs/docker.md index 7c00f05544..837707404c 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -1,14 +1,16 @@ # Docker Guide -| tag | base image | plugins | package manager | libs & bins | size | -| ----------------- | -------------------- | ------- | --------------- | ---------------------------------------------------------------- | ----------- | -| `latest`,`debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB | -| `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB | -| `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image + libcrypto, libssl, libtls, libz | ~(3+61) MB | -| `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB | -| `glibc-busybox` | `busybox:glibc` | no | — | GNU utils + _glibc_ | ~(3+17) MB | -| `glibc` | `scratch` | no | — | **only `nu` binary-executable** which depend on glibc runtime | ~17 MB | -| `musl` | `scratch` | no | — | **only `nu` binary-executable** statically linked to musl | ~16 MB | +| tag | base image | plugins | package manager | libs & bins | size | +| ------------------ | -------------------- | ------- | --------------- | ---------------------------------------------------------------- | ----------- | +| `latest`,`debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB | +| `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB | +| `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image + libcrypto, libssl, libtls, libz | ~(3+61) MB | +| `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB | +| `glibc-busybox` | `busybox:glibc` | no | — | GNU utils + _glibc_ | ~(3+17) MB | +| `musl-distroless` | `distroless/static` | no | — | see [here][distroless/base] | ~(2+16) MB | +| `glibc-distroless` | `distroless/base` | no | — | `distroless/static` with _glibc_ | ~(17+17) MB | +| `glibc` | `scratch` | no | — | **only `nu` binary-executable** which depend on glibc runtime | ~17 MB | +| `musl` | `scratch` | no | — | **only `nu` binary-executable** statically linked to musl | ~16 MB | [.slimify-excludes]: https://github.com/debuerreotype/debuerreotype/blob/master/scripts/.slimify-excludes [distroless/base]: https://github.com/GoogleContainerTools/distroless/blob/master/base/README.md @@ -36,8 +38,7 @@ docker run -it . ### `nu:-slim` - -This image does not contain the common packages contained in the default tag and only contains the minimal packages needed to run `nu`. Unless you are working in an environment where only the `nu` image will be deployed and you have space constraints, we highly recommend using the alpine image if you aim for small image size. Only use this image if you really need **both** `glibc` and small image size. +This image does not contain the common packages contained in the default tag and only contains the minimal packages needed to run `nu`. Unless you are working in an environment where only the `nu` image will be deployed and you have space constraints, it's highly recommended to use the alpine image if you aim for small image size. Only use this image if you really need **both** `glibc` and small image size. ### `nu:-alpine` This image is based on the popular [Alpine Linux project](http://alpinelinux.org/), available in [the alpine official image][alpine]. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general. @@ -78,6 +79,30 @@ ENTRYPOINT ["nu"] ``` +### `nu:--distroless` +This image is base on [Distroless](https://github.com/GoogleContainerTools/distroless) which usually to contain only your application and its runtime dependencies. This image do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution except for nushell itself. All distroless variant always contains: +- ca-certificates +- A /etc/passwd entry for a root user +- A /tmp directory +- tzdata + +As for `glibc-distroless` variant, it **adds**: +- glibc +- libssl +- openssl + +> Most likely you want to use this in CI/CD environment for plugins that can be statically compiled. + +
example + +```dockerfile +FROM nu:musl-distroless + +COPY target/x86_64-unknown-linux-musl/release/nu_plugin_* /bin/ +ENTRYPOINT ["nu"] +``` +
+ ### `nu:--busybox` This image is based on [Busybox](http://www.busybox.net/) which is a very good ingredient to craft space-efficient distributions. It combines tiny versions of many common UNIX utilities into a single small executable. It also provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts. Basically, this image provides a fairly complete environment for any small or embedded system. @@ -89,7 +114,7 @@ This image is based on [Busybox](http://www.busybox.net/) which is a very good i FROM nu:0.2-glibc-busybox ADD https://github.com/user/repo/releases/download/latest/nu_plugin_cowsay.tar.gz /tmp/ -RUN tar xzfv nu_plugin_cowsay.tar.gz -C /bin +RUN tar xzfv nu_plugin_cowsay.tar.gz -C /bin --strip=1 nu_plugin_cowsay ENTRYPOINT ["nu"] ``` From 99d5dae83a93abbe8b7a2c017c947e3488ffe535 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 01:29:52 +0700 Subject: [PATCH 06/15] Fix artifact is missing Signed-off-by: Fahmi Akbar Wildana --- .github/workflows/docker-publish.yml | 2 +- docker/Package.Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 30ee8b0418..ee24f94b42 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -51,7 +51,7 @@ jobs: - name: Build and publish exact version run: | REGISTRY=${REGISTRY,,}; export TAG=${GITHUB_REF##*/}-${{ matrix.tag }}; - export NU_BINS=target/release/$( [ ${{ matrix.plugin }} ] && nu* || nu ) + export NU_BINS=target/release/$( [ ${{ matrix.plugin }} = true ] && echo nu* || echo nu ) echo ${{ secrets.DOCKER_REGISTRY }} | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin docker-compose --file docker/docker-compose.package.yml build diff --git a/docker/Package.Dockerfile b/docker/Package.Dockerfile index 7bc2bfe291..5bdc216408 100644 --- a/docker/Package.Dockerfile +++ b/docker/Package.Dockerfile @@ -1,6 +1,6 @@ -ARG artifact ARG base FROM ${base} +ARG artifact COPY ${artifact} /bin/ ENTRYPOINT ["nu"] \ No newline at end of file From d900d8b4c77d3031ffda6a7a67c27bbd26a0994a Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 05:41:58 +0700 Subject: [PATCH 07/15] Fix can't execute entrypoint Signed-off-by: Fahmi Akbar Wildana --- .github/workflows/docker-publish.yml | 1 + docker/Package.Dockerfile | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index ee24f94b42..a726ef9661 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -52,6 +52,7 @@ jobs: run: | REGISTRY=${REGISTRY,,}; export TAG=${GITHUB_REF##*/}-${{ matrix.tag }}; export NU_BINS=target/release/$( [ ${{ matrix.plugin }} = true ] && echo nu* || echo nu ) + chmod +x $NU_BINS echo ${{ secrets.DOCKER_REGISTRY }} | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin docker-compose --file docker/docker-compose.package.yml build diff --git a/docker/Package.Dockerfile b/docker/Package.Dockerfile index 5bdc216408..fd3015c280 100644 --- a/docker/Package.Dockerfile +++ b/docker/Package.Dockerfile @@ -3,4 +3,4 @@ FROM ${base} ARG artifact COPY ${artifact} /bin/ -ENTRYPOINT ["nu"] \ No newline at end of file +ENTRYPOINT ["/bin/nu"] \ No newline at end of file From 7c541000a13998028e97c45872ec1eea04785426 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 07:15:51 +0700 Subject: [PATCH 08/15] Iterate over tag rather than base-image Signed-off-by: Fahmi Akbar Wildana --- .github/workflows/docker-publish.yml | 11 ++++++++++- docs/docker.md | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index a726ef9661..f8bb3474a8 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -33,7 +33,16 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - base-image: [debian, 'debian:stable-slim', alpine, 'busybox:glibc', 'busybox:musl'] + tag: + - alpine + - slim + - debian + - glibc-busybox + - musl-busybox + - musl-distroless + - glibc-distroless + - glibc + - musl include: - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true } - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true } diff --git a/docs/docker.md b/docs/docker.md index 837707404c..17ed135e92 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -2,7 +2,7 @@ | tag | base image | plugins | package manager | libs & bins | size | | ------------------ | -------------------- | ------- | --------------- | ---------------------------------------------------------------- | ----------- | -| `latest`,`debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB | +| `latest`, `debian` | `debian:latest` | yes | apt | **a lot**, including _glibc_ | ~(48+62) MB | | `slim` | `debian:stable-slim` | yes | apt | all `nu:debian` image but exclude [this list][.slimify-excludes] | ~(26+62) MB | | `alpine` | `alpine:latest` | yes | apk | all `nu:musl-busybox` image + libcrypto, libssl, libtls, libz | ~(3+61) MB | | `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB | From 0ca7aaa56f2042f02fe34f88164e0894bcefd50b Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 16:45:55 +0700 Subject: [PATCH 09/15] Add libz for glibc-{busybox,distroless} Signed-off-by: Fahmi Akbar Wildana --- .dockerignore | 6 ++++++ .github/workflows/docker-publish.yml | 5 +++-- docker/Package.Dockerfile | 1 + docker/Package.patch.Dockerfile | 9 +++++++++ docker/docker-compose.package.yml | 2 +- 5 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 .dockerignore create mode 100644 docker/Package.patch.Dockerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000..9965837eab --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +* +!target/debug/nu* +!target/release/nu* +!dist/* +!LICENSE +!*.md \ No newline at end of file diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index f8bb3474a8..1e6f1881d8 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -47,10 +47,10 @@ jobs: - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true } - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true } - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true } - - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false } + - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false, use-patch: true } - { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, plugin: false } - { tag: musl-distroless, base-image: 'gcr.io/distroless/static', arch: x86_64-unknown-linux-musl, plugin: false } - - { tag: glibc-distroless, base-image: 'gcr.io/distroless/base', arch: x86_64-unknown-linux-gnu, plugin: false } + - { tag: glibc-distroless, base-image: 'gcr.io/distroless/base', arch: x86_64-unknown-linux-gnu, plugin: false, use-patch: true } - { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, plugin: false } - { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, plugin: false } steps: @@ -61,6 +61,7 @@ jobs: run: | REGISTRY=${REGISTRY,,}; export TAG=${GITHUB_REF##*/}-${{ matrix.tag }}; export NU_BINS=target/release/$( [ ${{ matrix.plugin }} = true ] && echo nu* || echo nu ) + export PATCH=$([ ${{ matrix.use-patch }} = true ] && echo .patch || echo '') chmod +x $NU_BINS echo ${{ secrets.DOCKER_REGISTRY }} | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin diff --git a/docker/Package.Dockerfile b/docker/Package.Dockerfile index fd3015c280..a9040d2900 100644 --- a/docker/Package.Dockerfile +++ b/docker/Package.Dockerfile @@ -3,4 +3,5 @@ FROM ${base} ARG artifact COPY ${artifact} /bin/ + ENTRYPOINT ["/bin/nu"] \ No newline at end of file diff --git a/docker/Package.patch.Dockerfile b/docker/Package.patch.Dockerfile new file mode 100644 index 0000000000..250146f88e --- /dev/null +++ b/docker/Package.patch.Dockerfile @@ -0,0 +1,9 @@ +ARG base +FROM debian:stable-slim AS patch +FROM ${base} + +ARG artifact +COPY ${artifact} /bin/ + +COPY --from=patch /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1 +ENTRYPOINT ["/bin/nu"] \ No newline at end of file diff --git a/docker/docker-compose.package.yml b/docker/docker-compose.package.yml index 3622fa0cf6..9be36544eb 100644 --- a/docker/docker-compose.package.yml +++ b/docker/docker-compose.package.yml @@ -5,7 +5,7 @@ services: image: ${REGISTRY}/nu:${TAG} build: context: .. - dockerfile: docker/Package.Dockerfile + dockerfile: docker/Package${PATCH}.Dockerfile args: base: ${BASE_IMAGE} artifact: ${NU_BINS} From 6b2a7d6793d8b5d3aa8df195b9175c46e36a7234 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 23:48:29 +0700 Subject: [PATCH 10/15] Fix .dockerignore compatibility with .circleci/ Signed-off-by: Fahmi Akbar Wildana --- .dockerignore | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.dockerignore b/.dockerignore index 9965837eab..62bfc948d1 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,6 +1,6 @@ * -!target/debug/nu* -!target/release/nu* +!target/debug/* +!target/release/* !dist/* !LICENSE !*.md \ No newline at end of file From d4240ffb4d8691c69d24b85de84b1fa78dfed483 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Tue, 10 Sep 2019 01:10:45 +0700 Subject: [PATCH 11/15] =?UTF-8?q?Delete=20.dockerignore=20=E2=9A=A0?= =?UTF-8?q?=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit something weird about CircleCI build it can't find target/release/nu although it's whitelisted in the .dockerignore 🤔 --- .dockerignore | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index 62bfc948d1..0000000000 --- a/.dockerignore +++ /dev/null @@ -1,6 +0,0 @@ -* -!target/debug/* -!target/release/* -!dist/* -!LICENSE -!*.md \ No newline at end of file From 149ccc4fd32635581e2d5656d17871e74848070c Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 16:45:55 +0700 Subject: [PATCH 12/15] Fix glibc-{busybox,distroless} * Add libdl.so.2 for glibc-busybox * Change base-image of glibc-distroless to gcr.io/distroless/cc --- .github/workflows/docker-publish.yml | 20 +++++++++---------- docker/Package.glibc-busybox.Dockerfile | 10 ++++++++++ ...le => Package.glibc-distroless.Dockerfile} | 0 docs/docker.md | 2 +- 4 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 docker/Package.glibc-busybox.Dockerfile rename docker/{Package.patch.Dockerfile => Package.glibc-distroless.Dockerfile} (100%) diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 1e6f1881d8..e84cefd3ab 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -44,15 +44,15 @@ jobs: - glibc - musl include: - - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true } - - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true } - - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true } - - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, plugin: false, use-patch: true } - - { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, plugin: false } - - { tag: musl-distroless, base-image: 'gcr.io/distroless/static', arch: x86_64-unknown-linux-musl, plugin: false } - - { tag: glibc-distroless, base-image: 'gcr.io/distroless/base', arch: x86_64-unknown-linux-gnu, plugin: false, use-patch: true } - - { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, plugin: false } - - { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, plugin: false } + - { tag: alpine, base-image: alpine, arch: x86_64-unknown-linux-musl, plugin: true } + - { tag: slim, base-image: 'debian:stable-slim', arch: x86_64-unknown-linux-gnu, plugin: true } + - { tag: debian, base-image: debian, arch: x86_64-unknown-linux-gnu, plugin: true } + - { tag: glibc-busybox, base-image: 'busybox:glibc', arch: x86_64-unknown-linux-gnu, use-patch: true } + - { tag: musl-busybox, base-image: 'busybox:musl', arch: x86_64-unknown-linux-musl, } + - { tag: musl-distroless, base-image: 'gcr.io/distroless/static', arch: x86_64-unknown-linux-musl, } + - { tag: glibc-distroless, base-image: 'gcr.io/distroless/cc', arch: x86_64-unknown-linux-gnu, use-patch: true } + - { tag: glibc, base-image: scratch, arch: x86_64-unknown-linux-gnu, } + - { tag: musl, base-image: scratch, arch: x86_64-unknown-linux-musl, } steps: - uses: actions/checkout@v1 - uses: actions/download-artifact@master @@ -61,7 +61,7 @@ jobs: run: | REGISTRY=${REGISTRY,,}; export TAG=${GITHUB_REF##*/}-${{ matrix.tag }}; export NU_BINS=target/release/$( [ ${{ matrix.plugin }} = true ] && echo nu* || echo nu ) - export PATCH=$([ ${{ matrix.use-patch }} = true ] && echo .patch || echo '') + export PATCH=$([ ${{ matrix.use-patch }} = true ] && echo .${{ matrix.tag }} || echo '') chmod +x $NU_BINS echo ${{ secrets.DOCKER_REGISTRY }} | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin diff --git a/docker/Package.glibc-busybox.Dockerfile b/docker/Package.glibc-busybox.Dockerfile new file mode 100644 index 0000000000..76ddd9fd75 --- /dev/null +++ b/docker/Package.glibc-busybox.Dockerfile @@ -0,0 +1,10 @@ +ARG base +FROM debian:stable-slim AS patch +FROM ${base} + +ARG artifact +COPY ${artifact} /bin/ + +COPY --from=patch /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1 +COPY --from=patch /lib/x86_64-linux-gnu/libdl.so.2 /lib/x86_64-linux-gnu/libdl.so.2 +ENTRYPOINT ["/bin/nu"] \ No newline at end of file diff --git a/docker/Package.patch.Dockerfile b/docker/Package.glibc-distroless.Dockerfile similarity index 100% rename from docker/Package.patch.Dockerfile rename to docker/Package.glibc-distroless.Dockerfile diff --git a/docs/docker.md b/docs/docker.md index 17ed135e92..b51f4e0cd0 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -8,7 +8,7 @@ | `musl-busybox` | `busybox:musl` | no | — | GNU utils + _musl_ | ~(1+16) MB | | `glibc-busybox` | `busybox:glibc` | no | — | GNU utils + _glibc_ | ~(3+17) MB | | `musl-distroless` | `distroless/static` | no | — | see [here][distroless/base] | ~(2+16) MB | -| `glibc-distroless` | `distroless/base` | no | — | `distroless/static` with _glibc_ | ~(17+17) MB | +| `glibc-distroless` | `distroless/cc` | no | — | `distroless/static` with _glibc_ | ~(17+17) MB | | `glibc` | `scratch` | no | — | **only `nu` binary-executable** which depend on glibc runtime | ~17 MB | | `musl` | `scratch` | no | — | **only `nu` binary-executable** statically linked to musl | ~16 MB | From 095e5ac69fbbc049febc50ce74c9fdc73d0e5cc2 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 16:45:55 +0700 Subject: [PATCH 13/15] Add librt.so.1 for glibc-busybox --- docker/Package.glibc-busybox.Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docker/Package.glibc-busybox.Dockerfile b/docker/Package.glibc-busybox.Dockerfile index 76ddd9fd75..48b6e9fc88 100644 --- a/docker/Package.glibc-busybox.Dockerfile +++ b/docker/Package.glibc-busybox.Dockerfile @@ -5,6 +5,7 @@ FROM ${base} ARG artifact COPY ${artifact} /bin/ -COPY --from=patch /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1 -COPY --from=patch /lib/x86_64-linux-gnu/libdl.so.2 /lib/x86_64-linux-gnu/libdl.so.2 +COPY --from=patch /lib/x86_64-linux-gnu/libz* /lib/x86_64-linux-gnu/ +COPY --from=patch /lib/x86_64-linux-gnu/libdl* /lib/x86_64-linux-gnu/ +COPY --from=patch /lib/x86_64-linux-gnu/librt* /lib/x86_64-linux-gnu/ ENTRYPOINT ["/bin/nu"] \ No newline at end of file From 62e6cc4dae3da0813dea813541ce1a5d76fd2c9b Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 16:45:55 +0700 Subject: [PATCH 14/15] Add libgcc_s.so.1 for glibc-busybox --- docker/Package.glibc-busybox.Dockerfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docker/Package.glibc-busybox.Dockerfile b/docker/Package.glibc-busybox.Dockerfile index 48b6e9fc88..bdd4c18dd0 100644 --- a/docker/Package.glibc-busybox.Dockerfile +++ b/docker/Package.glibc-busybox.Dockerfile @@ -1,11 +1,12 @@ ARG base -FROM debian:stable-slim AS patch +FROM gcr.io/distroless/cc AS patch FROM ${base} ARG artifact COPY ${artifact} /bin/ -COPY --from=patch /lib/x86_64-linux-gnu/libz* /lib/x86_64-linux-gnu/ -COPY --from=patch /lib/x86_64-linux-gnu/libdl* /lib/x86_64-linux-gnu/ -COPY --from=patch /lib/x86_64-linux-gnu/librt* /lib/x86_64-linux-gnu/ +COPY --from=patch /lib/x86_64-linux-gnu/libz* /lib/x86_64-linux-gnu/ +COPY --from=patch /lib/x86_64-linux-gnu/libdl* /lib/x86_64-linux-gnu/ +COPY --from=patch /lib/x86_64-linux-gnu/librt* /lib/x86_64-linux-gnu/ +COPY --from=patch /lib/x86_64-linux-gnu/libgcc_s* /lib/x86_64-linux-gnu/ ENTRYPOINT ["/bin/nu"] \ No newline at end of file From 9dc58247e59b2bf3c42386798f8c89a921dd8aa1 Mon Sep 17 00:00:00 2001 From: Fahmi Akbar Wildana Date: Mon, 9 Sep 2019 16:45:55 +0700 Subject: [PATCH 15/15] Fix wrong patch on glibc-busybox because distroless/cc doesn't contain libz --- docker/Package.glibc-busybox.Dockerfile | 13 ++++++++----- docker/Package.glibc-distroless.Dockerfile | 5 ++++- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/docker/Package.glibc-busybox.Dockerfile b/docker/Package.glibc-busybox.Dockerfile index bdd4c18dd0..6191b5f04c 100644 --- a/docker/Package.glibc-busybox.Dockerfile +++ b/docker/Package.glibc-busybox.Dockerfile @@ -1,12 +1,15 @@ ARG base -FROM gcr.io/distroless/cc AS patch +FROM debian:stable-slim AS patch FROM ${base} ARG artifact COPY ${artifact} /bin/ -COPY --from=patch /lib/x86_64-linux-gnu/libz* /lib/x86_64-linux-gnu/ -COPY --from=patch /lib/x86_64-linux-gnu/libdl* /lib/x86_64-linux-gnu/ -COPY --from=patch /lib/x86_64-linux-gnu/librt* /lib/x86_64-linux-gnu/ -COPY --from=patch /lib/x86_64-linux-gnu/libgcc_s* /lib/x86_64-linux-gnu/ +COPY --from=patch \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /lib/x86_64-linux-gnu/libdl.so.2 \ + /lib/x86_64-linux-gnu/librt.so.1 \ + /lib/x86_64-linux-gnu/libgcc_s.so.1 \ + /lib/x86_64-linux-gnu/ + ENTRYPOINT ["/bin/nu"] \ No newline at end of file diff --git a/docker/Package.glibc-distroless.Dockerfile b/docker/Package.glibc-distroless.Dockerfile index 250146f88e..42768fc08c 100644 --- a/docker/Package.glibc-distroless.Dockerfile +++ b/docker/Package.glibc-distroless.Dockerfile @@ -5,5 +5,8 @@ FROM ${base} ARG artifact COPY ${artifact} /bin/ -COPY --from=patch /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1 +COPY --from=patch \ + /lib/x86_64-linux-gnu/libz.so.1 \ + /lib/x86_64-linux-gnu/ + ENTRYPOINT ["/bin/nu"] \ No newline at end of file