Dockerignore: convert to whitelist

.dockerignore

@@ -1,2 +1,26 @@
-node_modules
-npm-debug.log
+**
+
+# .git directories required for generating version.txt
+
+!/.git/
+!/docs/
+!/files/
+!/test/files/
+
+!/client/.browserslistrc
+!/client/.git/
+!/client/package.json
+!/client/package-lock.json
+!/client/vue.config.js
+!/client/public/
+!/client/src/
+
+!/server/.npmrc
+!/server/.git/
+!/server/package.json
+!/server/package-lock.json
+!/server/Makefile
+!/server/pm2.config.js
+!/server/config/
+!/server/docs/
+!/server/lib/

.github/workflows/test-docker-context.yml

@@ -0,0 +1,19 @@
+name: Test docker context
+
+on:
+ push:
+ pull_request:
+
+jobs:
+ build:
+ timeout-minutes: 3
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ fetch-tags: true
+ submodules: recursive
+ # Some reasonable boundaries; these may change in future. Numbers outside
+ # these bounds indicate a misconfiguration, and should be investigated.
+ - run: ./test/check-docker-context.sh --min-size 30000 --max-size 50000 --min-count 500 --max-count 1000

test/check-docker-context.sh

@@ -0,0 +1,101 @@
+#!/bin/bash -eu
+set -o pipefail
+log() { echo "[$(basename "$0")] $*"; }
+
+# See: https://stackoverflow.com/a/71751097
+
+while [[ $# -gt 0 ]]; do
+ case "$1" in
+ --report) skip_size=true; skip_count=true ;;
+
+ --min-size) shift;min_size="$1" ;;
+ --max-size) shift;max_size="$1" ;;
+ --skip-size) skip_size=true ;;
+
+ --min-count) shift;min_count="$1" ;;
+ --max-count) shift;max_count="$1" ;;
+ --skip-count) skip_count=true ;;
+
+ *) log "!!! Unrecognised arg: $1"; exit 1 ;;
+ esac
+ shift
+done
+
+tmp="$(mktemp)"
+
+log "Building docker image..."
+(
+docker build --no-cache --progress plain --file - . 2>&1 <<EOF
+FROM busybox
+COPY . /build-context
+WORKDIR /build-context
+RUN find . -type f
+RUN du -s .
+EOF
+) | tee "$tmp"
+
+vars="$(awk '
+ / DONE / { stage="" }
+
+ /RUN find \./ { stage="files" }
+ /RUN du -s .$/ { stage="size" }
+
+ stage == "files" { ++file_count }
+ stage == "size" { total_size=$3 }
+
+ /writing image/ { image_hash=$4 }
+
+ END {
+ print "file_count: " file_count "\n"
+ print "total_size: " total_size "\n"
+ print "image_hash: " image_hash "\n"
+ }
+' "$tmp")"
+
+
+file_count="$(echo "$vars" | grep file_count | cut -d: -f2)"
+total_size="$(echo "$vars" | grep total_size | cut -d: -f2)"
+docker_img="$(echo "$vars" | grep image_hash | cut -d: -f3)"
+
+cleanup() {
+ log "Removing docker image..."
+ docker image rm "$docker_img" >/dev/null
+}
+throw_err() {
+ log "!!!"
+ log "!!! $* !!!"
+ log "!!!"
+ cleanup
+ exit 1
+}
+
+for_humans() {
+ local size="$1"
+ if [[ "$size" -gt 999999 ]]; then
+ log "$((size / 1000000)) GB"
+ else
+ log "$((size / 1000)) MB"
+ fi
+}
+
+log "File count: $file_count"
+if [[ "${skip_count-}" != "true" ]]; then
+ if [[ "$file_count" -lt "$min_count" ]] || [[ "$file_count" -gt "$max_count" ]]; then
+ throw_err "This is a surprising number of files - expected between $min_count and $max_count"
+ fi
+fi
+
+log "Total size: $(for_humans "$total_size")"
+if [[ "${skip_size-}" != "true" ]]; then
+ # N.B. busybox `du` outputs in kB
+ # See: https://www.busybox.net/downloads/BusyBox.html#du
+ expected="- expected between $(for_humans "$min_size") and $(for_humans "$max_size")"
+ if [[ "$total_size" -lt "$min_size" ]]; then
+ throw_err "This is a surprisingly small total size $expected"
+ elif [[ "$total_size" -gt "$max_size" ]]; then
+ throw_err "This is a surprisingly large total size $expected"
+ fi
+fi
+
+cleanup
+log "Everything looks OK."