From 49b97539a56d5e998b870d2bb40750678d54b713 Mon Sep 17 00:00:00 2001 From: Thulio Ferraz Assis <3149049+f0rmiga@users.noreply.github.com> Date: Mon, 13 Dec 2021 19:13:09 -0800 Subject: [PATCH 1/5] feat: Dockerfile for new Bazel releases Signed-off-by: Thulio Ferraz Assis <3149049+f0rmiga@users.noreply.github.com> --- bazel/oci/Dockerfile | 42 ++++++++++++++++++++++++++++++++++++++++++ bazel/oci/build.sh | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 bazel/oci/Dockerfile create mode 100755 bazel/oci/build.sh diff --git a/bazel/oci/Dockerfile b/bazel/oci/Dockerfile new file mode 100644 index 0000000000..8d015f9589 --- /dev/null +++ b/bazel/oci/Dockerfile @@ -0,0 +1,42 @@ +# ATTENTION: use the build.sh script to build this image. +# ./build.sh + +# When upgrading the base OS image, update the SHA as well to keep the image pinned. +FROM ubuntu:20.04@sha256:626ffe58f6e7566e00254b638eb7e0f3b11d4da9675088f4781a50ae288f3322 AS base_image + +RUN apt-get update && \ + DEBIAN_FRONTEND="noninteractive" \ + TZ="Etc/UTC" \ + apt-get install --yes \ + build-essential \ + curl \ + git \ + openjdk-11-jdk \ + unzip \ + zip + +FROM base_image AS downloader + +ARG BAZEL_VERSION + +WORKDIR /var/bazel +RUN curl \ + --fail \ + --fail-early \ + --no-progress-meter \ + --location \ + --remote-name \ + "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel-${BAZEL_VERSION}-linux-x86_64" +RUN curl \ + --fail \ + --fail-early \ + --no-progress-meter \ + --location \ + "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel-${BAZEL_VERSION}-linux-x86_64.sha256" \ + | sha256sum --check \ + && mv "bazel-${BAZEL_VERSION}-linux-x86_64" bazel \ + && chmod +x bazel + +FROM base_image + +COPY --from=downloader /var/bazel/bazel /usr/local/bin/bazel diff --git a/bazel/oci/build.sh b/bazel/oci/build.sh new file mode 100755 index 0000000000..74a176f574 --- /dev/null +++ b/bazel/oci/build.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +readonly OCI_REPOSITORY=$1 +readonly BAZEL_VERSION=$2 + +set -o errexit -o nounset -o pipefail + +function print_usage() { + >&2 echo "Usage: $0 " +} + +if [ -z "${OCI_REPOSITORY}" ]; then + >&2 echo "ERROR: missing 'OCI_REPOSITORY' argument" + print_usage + exit 1 +fi + +if [ -z "${BAZEL_VERSION}" ]; then + >&2 echo "ERROR: missing 'BAZEL_VERSION' argument" + print_usage + exit 1 +fi + +GIT_ROOT=$(git rev-parse --show-toplevel) +readonly GIT_ROOT + +if docker buildx version 2>&1 1>/dev/null; then + buildx="buildx" +fi + +docker ${buildx:+"${buildx}"} build \ + --file "${GIT_ROOT}/bazel/oci/Dockerfile" \ + --tag "${OCI_REPOSITORY}:${BAZEL_VERSION}" \ + --build-arg BAZEL_VERSION="${BAZEL_VERSION}" \ + "${GIT_ROOT}" From fc77ea4d9a729225624cff009c8f85eb499806b5 Mon Sep 17 00:00:00 2001 From: Thulio Ferraz Assis <3149049+f0rmiga@users.noreply.github.com> Date: Tue, 14 Dec 2021 21:36:06 +0000 Subject: [PATCH 2/5] fix: add missing python and entrypoint --- bazel/oci/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bazel/oci/Dockerfile b/bazel/oci/Dockerfile index 8d015f9589..d2cbd7df08 100644 --- a/bazel/oci/Dockerfile +++ b/bazel/oci/Dockerfile @@ -12,6 +12,8 @@ RUN apt-get update && \ curl \ git \ openjdk-11-jdk \ + python3 \ + python3-pip \ unzip \ zip @@ -40,3 +42,4 @@ RUN curl \ FROM base_image COPY --from=downloader /var/bazel/bazel /usr/local/bin/bazel +ENTRYPOINT ["/usr/local/bin/bazel"] From b20b02631ba4e3829addc890f8d97ac56429f371 Mon Sep 17 00:00:00 2001 From: Thulio Ferraz Assis <3149049+f0rmiga@users.noreply.github.com> Date: Wed, 15 Dec 2021 17:33:00 +0000 Subject: [PATCH 3/5] feat: symlink python to python3 --- bazel/oci/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/bazel/oci/Dockerfile b/bazel/oci/Dockerfile index d2cbd7df08..af130f6b7f 100644 --- a/bazel/oci/Dockerfile +++ b/bazel/oci/Dockerfile @@ -14,6 +14,7 @@ RUN apt-get update && \ openjdk-11-jdk \ python3 \ python3-pip \ + python-is-python3 \ unzip \ zip From 1c9f61f49e148f6cdc863013c55eda784d271d0d Mon Sep 17 00:00:00 2001 From: Thulio Ferraz Assis <3149049+f0rmiga@users.noreply.github.com> Date: Thu, 16 Dec 2021 02:08:04 +0000 Subject: [PATCH 4/5] fix: rollback to ubuntu 16.04 for compatibility --- bazel/oci/Dockerfile | 36 +++++------------------------------ bazel/oci/install_bazel.sh | 18 ++++++++++++++++++ bazel/oci/install_packages.sh | 20 +++++++++++++++++++ 3 files changed, 43 insertions(+), 31 deletions(-) create mode 100755 bazel/oci/install_bazel.sh create mode 100755 bazel/oci/install_packages.sh diff --git a/bazel/oci/Dockerfile b/bazel/oci/Dockerfile index af130f6b7f..c2d3c5024b 100644 --- a/bazel/oci/Dockerfile +++ b/bazel/oci/Dockerfile @@ -1,44 +1,18 @@ # ATTENTION: use the build.sh script to build this image. # ./build.sh -# When upgrading the base OS image, update the SHA as well to keep the image pinned. -FROM ubuntu:20.04@sha256:626ffe58f6e7566e00254b638eb7e0f3b11d4da9675088f4781a50ae288f3322 AS base_image +FROM ubuntu:16.04@sha256:0f71fa8d4d2d4292c3c617fda2b36f6dabe5c8b6e34c3dc5b0d17d4e704bd39c AS base_image -RUN apt-get update && \ - DEBIAN_FRONTEND="noninteractive" \ - TZ="Etc/UTC" \ - apt-get install --yes \ - build-essential \ - curl \ - git \ - openjdk-11-jdk \ - python3 \ - python3-pip \ - python-is-python3 \ - unzip \ - zip +RUN --mount=source=bazel/oci/install_packages.sh,target=/mnt/install_packages.sh,type=bind \ + /mnt/install_packages.sh FROM base_image AS downloader ARG BAZEL_VERSION WORKDIR /var/bazel -RUN curl \ - --fail \ - --fail-early \ - --no-progress-meter \ - --location \ - --remote-name \ - "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel-${BAZEL_VERSION}-linux-x86_64" -RUN curl \ - --fail \ - --fail-early \ - --no-progress-meter \ - --location \ - "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel-${BAZEL_VERSION}-linux-x86_64.sha256" \ - | sha256sum --check \ - && mv "bazel-${BAZEL_VERSION}-linux-x86_64" bazel \ - && chmod +x bazel +RUN --mount=source=bazel/oci/install_bazel.sh,target=/mnt/install_bazel.sh,type=bind \ + /mnt/install_bazel.sh FROM base_image diff --git a/bazel/oci/install_bazel.sh b/bazel/oci/install_bazel.sh new file mode 100755 index 0000000000..c2e1ba400c --- /dev/null +++ b/bazel/oci/install_bazel.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -o errexit -o nounset -o pipefail + +curl \ + --fail \ + --location \ + --remote-name \ + "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel-${BAZEL_VERSION}-linux-x86_64" + +curl \ + --fail \ + --location \ + "https://github.com/bazelbuild/bazel/releases/download/${BAZEL_VERSION}/bazel-${BAZEL_VERSION}-linux-x86_64.sha256" \ + | sha256sum --check + +mv "bazel-${BAZEL_VERSION}-linux-x86_64" bazel +chmod +x bazel diff --git a/bazel/oci/install_packages.sh b/bazel/oci/install_packages.sh new file mode 100755 index 0000000000..d248f1f05b --- /dev/null +++ b/bazel/oci/install_packages.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +set -o errexit -o nounset -o pipefail + +apt-get update + +export DEBIAN_FRONTEND="noninteractive" +export TZ="Etc/UTC" + +apt-get install --yes \ + build-essential \ + curl \ + git \ + openjdk-8-jdk \ + python3 \ + python3-pip \ + unzip \ + zip + +ln -s "$(which python3)" /usr/bin/python From f71e387eee9164ddc46f10471cb550d55bc4668b Mon Sep 17 00:00:00 2001 From: Thulio Ferraz Assis <3149049+f0rmiga@users.noreply.github.com> Date: Tue, 4 Jan 2022 17:07:49 -0800 Subject: [PATCH 5/5] feat: create default user with uid 1000 Signed-off-by: Thulio Ferraz Assis <3149049+f0rmiga@users.noreply.github.com> --- bazel/oci/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bazel/oci/Dockerfile b/bazel/oci/Dockerfile index c2d3c5024b..b6f288b908 100644 --- a/bazel/oci/Dockerfile +++ b/bazel/oci/Dockerfile @@ -16,5 +16,8 @@ RUN --mount=source=bazel/oci/install_bazel.sh,target=/mnt/install_bazel.sh,type= FROM base_image +RUN useradd --system --create-home --home-dir=/home/ubuntu --shell=/bin/bash --gid=root --groups=sudo --uid=1000 ubuntu +USER ubuntu +WORKDIR /home/ubuntu COPY --from=downloader /var/bazel/bazel /usr/local/bin/bazel ENTRYPOINT ["/usr/local/bin/bazel"]