[Bps-public-commit] docker-rt-base branch buster created. 4bc7dc0a1f4b306a2ba9f09e7a117d5f28fb4ffd
BPS Git Server
git at git.bestpractical.com
Fri Nov 19 23:38:34 UTC 2021
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "docker-rt-base".
The branch, buster has been created
at 4bc7dc0a1f4b306a2ba9f09e7a117d5f28fb4ffd (commit)
- Log -----------------------------------------------------------------
commit 4bc7dc0a1f4b306a2ba9f09e7a117d5f28fb4ffd
Author: Brett Smith <brett at bestpractical.com>
Date: Fri Nov 19 18:13:12 2021 -0500
Make the default CMD print an autobundle
As discussed in the README, this is primarily just to give you a simple
report of installed module versions that you can use to compare
different builds. While it is not the most useful thing you can do with
this image, I think it's the most useful thing we can do as a default
command. Other tasks like running RT tests require additional setup like
injecting source code into the container somehow, etc.
diff --git a/Dockerfile b/Dockerfile
index 818baee..3229b82 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -76,4 +76,4 @@ RUN cd /tmp \
| xargs -d\\n --exit --verbose cpm install --global --no-prebuilt --test --with-all \
&& rm -rf cpanfile ~/.perl-cpm
-CMD tail -f /dev/null
+CMD cpan -a </dev/null >/dev/null && cat ~/.cpan/Bundle/Snapshot_*.pm
diff --git a/README b/README
index 1a3e54c..aca812c 100644
--- a/README
+++ b/README
@@ -62,6 +62,13 @@ most of its databases and optional features. If you wanted to run RT in
Docker in production, you would probably prefer to be more selective about
what you install, and build a slimmer image.
+When you run this container, by default it prints a list all the Perl
+modules it contains, along with their versions, in the CPAN "autobundle"
+format. This is primarily intended to provide an easy way to compare the
+main differences in built images over time. You could also use it to deploy
+the exact same set of modules on a different distribution or architecture if
+needed.
+
Thanks to Christian Loos (GitHub:@cloos) for publishing RT docker examples.
Instructions for updating: https://docs.docker.com/docker-hub/repos/
commit 457278c959b0c1bd1a9b6db72d67caa0d11998b9
Author: Brett Smith <brett at bestpractical.com>
Date: Fri Nov 19 18:08:22 2021 -0500
Revamp Dockerfile for more modern deployment
This commit makes several updates to the Dockerfile meant to align it
more closely with the way we typically deploy RT today. Goals are:
* Upgrade to Debian 10.
* Build our own Perl from source to test with. This gives us more
flexibility to test with different versions of Perl. It is also closer
to how we typically deploy today, mainly so there's a place to install
RT's dependencies without causing conflicts between them and the
distribution's Perl.
* Install RT's dependencies from CPAN rather than Debian, for all the
same reasons we build our own Perl.
* Make it easier to update this Docker image and keep it modern.
Steps are:
* Parameterize the main parts of the build that vary, like Perl version
and RT's cpanfile, with build arguments. This lets you test new things
with `docker build --build-arg` rather than updating the Dockerfile.
* Add steps to download and build Perl from source, including
workarounds for known test oddities (documented in comments).
* Install RT's dependencies by running `cpm` against RT's `cpanfile`.
This lets the Docker image stay up-to-date with changes in RT's
dependencies automatically, and as a bonus makes the build faster.
* Provide a CMD that prints out a CPAN autobundle. After you build the
image, you can `docker run` it to save this information for use
elsewhere.
diff --git a/Dockerfile b/Dockerfile
index 5ab8119..818baee 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,159 +1,79 @@
-FROM debian:stretch-slim
+FROM debian:buster-slim
LABEL maintainer="Best Practical Solutions <contact at bestpractical.com>"
+ARG CPANFILE=https://raw.githubusercontent.com/bestpractical/rt/stable/etc/cpanfile
+ARG CPM=https://git.io/cpm
+ARG PERL_VERSION=5.32.1
+ARG PERL_CONFIGURE="-des"
+ARG PERL_PREFIX="/opt/perl-$PERL_VERSION"
+
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
- apache2 \
- cpanminus \
+ # Packages required for building Perl and modules
+ build-essential \
+ autoconf \
+ # curl needs CA certificates to verify the authenticity of downloads.
+ ca-certificates \
curl \
- gcc \
- gnupg \
- vim \
- git \
+ # The Perl getaddrinfo tests rely on /etc/services, provided by netbase.
+ netbase \
# RT core dependencies
- libapache2-mod-fcgid \
- libapache-session-perl \
- libbusiness-hours-perl \
- libc-dev \
- libcgi-emulate-psgi-perl \
- libcgi-psgi-perl \
- libconvert-color-perl \
- libcrypt-eksblowfish-perl \
- libcrypt-ssleay-perl \
- libcrypt-x509-perl \
- libcss-minifier-xs-perl \
- libcss-squish-perl \
- libdata-guid-perl \
- libdata-ical-perl \
- libdata-page-pageset-perl \
- libdata-page-perl \
- libdate-extract-perl \
- libdate-manip-perl \
- libdatetime-format-natural-perl \
- libdbd-sqlite3-perl \
- libdevel-globaldestruction-perl \
- libemail-address-list-perl \
- libemail-address-perl \
- libencode-perl \
- libfcgi-perl \
- libfcgi-procmanager-perl \
- libfile-sharedir-install-perl \
- libfile-sharedir-perl \
- libgd-graph-perl \
- libgraphviz-perl \
- libhtml-formattext-withlinks-andtables-perl \
- libhtml-formattext-withlinks-perl \
- libhtml-mason-perl \
- libhtml-mason-psgihandler-perl \
- libhtml-quoted-perl \
- libhtml-rewriteattributes-perl \
- libhtml-scrubber-perl \
- libipc-run3-perl \
- libipc-signal-perl \
- libjavascript-minifier-xs-perl \
- libjson-perl \
- liblocale-maketext-fuzzy-perl \
- liblocale-maketext-lexicon-perl \
- liblog-dispatch-perl \
- libmailtools-perl \
- libmime-tools-perl \
- libmime-types-perl \
- libmodule-refresh-perl \
- libmodule-signature-perl \
- libmodule-versions-report-perl \
- libnet-cidr-perl \
- libnet-ip-perl \
- libparallel-forkmanager-perl \
- libplack-perl \
- libregexp-common-net-cidr-perl \
- libregexp-common-perl \
- libregexp-ipv6-perl \
- librole-basic-perl \
- libscope-upper-perl \
- libserver-starter-perl \
- libsymbol-global-name-perl \
- libterm-readkey-perl \
- libtext-password-pronounceable-perl \
- libtext-quoted-perl \
- libtext-template-perl \
- libtext-wikiformat-perl \
- libtext-wrapper-perl \
- libtime-modules-perl \
- libtree-simple-perl \
- libuniversal-require-perl \
- libxml-rss-perl \
- make \
- perl-doc \
- starlet \
- w3m \
- # RT developer dependencies
- libemail-abstract-perl \
- libfile-which-perl \
- liblocale-po-perl \
- liblog-dispatch-perl-perl \
- libmojolicious-perl \
- libperlio-eol-perl \
- libplack-middleware-test-stashwarnings-perl \
- libset-tiny-perl \
- libstring-shellquote-perl \
- libtest-deep-perl \
- libtest-email-perl \
- libtest-expect-perl \
- libtest-longstring-perl \
- libtest-mocktime-perl \
- libtest-nowarnings-perl \
- libtest-pod-perl \
- libtest-warn-perl \
- libtest-www-mechanize-perl \
- libtest-www-mechanize-psgi-perl \
- libwww-mechanize-perl \
- libxml-simple-perl \
- autoconf \
- libnet-ldap-server-test-perl \
- libencode-hanextra-perl \
libgumbo1 \
- build-essential \
- libhtml-formatexternal-perl \
- libtext-worddiff-perl \
- libdbd-mysql-perl \
+ libmariadb-dev \
+ libmariadb-dev-compat \
libpq-dev \
-&& rm -rf /var/lib/apt/lists/*
-
-# Install from backports to get newer gpg
-RUN echo 'deb http://deb.debian.org/debian stretch-backports main' > /etc/apt/sources.list.d/backports.list
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -t stretch-backports install -y --no-install-recommends \
+ # RT optional dependencies
+ apache2 \
+ libapache2-mod-fcgid \
gnupg \
+ graphviz \
+ w3m \
+ libexpat-dev \
+ libgd-dev \
+ libssl-dev \
+ libz-dev \
&& rm -rf /var/lib/apt/lists/*
-RUN gpg --version
+RUN cd /usr/local/src \
+ && curl --fail --location "https://www.cpan.org/src/5.0/perl-$PERL_VERSION.tar.gz" \
+ | tar -xz \
+ && cd "perl-$PERL_VERSION" \
+ # termios.t tests that tcdrain, tcflow, tcflush, and tcsendbreak all return
+ # ENOTTY on a regular file.
+ # The underlying ioctls are not implemented on podman 3.0
+ # (probably runc/libcontainer) and return ENOSYS instead.
+ # This sed simply deletes those tests as a hacky workaround for now,
+ # since returning ENOSYS is legitimate.
+ && sed -i '/^is(tc/ , /^$/ d' ext/POSIX/t/termios.t \
+ && ./Configure -Dprefix="$PERL_PREFIX" $PERL_CONFIGURE \
+ # The Net::Ping tests assume they can construct arbitrary packets when $< is 0.
+ # This assumption is false when tests are running in a user namespace
+ # (e.g., podman) or otherwise without the CAP_NET_RAW capability.
+ # See <https://rt.cpan.org/Ticket/Display.html?id=139820>.
+ # Run tests as nobody to force $< to be nonzero.
+ && chown -R nobody: . \
+ # The command: su -s /bin/sh -c "…" nobody
+ # is just the sudo-less version of: sudo -u nobody …
+ && su -s /bin/sh -c "make test" nobody \
+ && make install \
+ && cd /opt \
+ && ln -s "$PERL_PREFIX" perl \
+ && rm -rf "/usr/local/src/perl-$PERL_VERSION"
+
+ENV PATH="/opt/perl/bin:$PATH"
+
+RUN curl --fail --location --compressed -o /opt/perl/bin/cpm "$CPM" \
+ && chmod a+rx /opt/perl/bin/cpm
-RUN cpanm \
- # RT dependencies
- # Install Module::Install first because after perl 5.26 "." fails to find
- # it in inc for older modules.
- Module::Install \
- Email::Address \
- Email::Address::List \
- Mozilla::CA \
- Encode::Detect::Detector \
- HTML::Gumbo \
- GnuPG::Interface \
- Module::Path \
- Moose \
- MooseX::NonMoose \
- MooseX::Role::Parameterized \
- Path::Dispatcher \
- Web::Machine \
- capitalization \
- DBIx::SearchBuilder \
- Parallel::ForkManager \
- # DBD::Pg version 3.15 fails tests when run as root. There is a merged fix
- # in github, but it is not yet released. Assuming it is released in 3.16,
- # it shouldn't be an issue after that. Until then, this can be installed
- # by passing --notest to cpanm for DBD::Pg.
- DBD::Pg \
- # RT extension development dependencies
- ExtUtils::MakeMaker \
-&& rm -rf /root/.cpanm
+RUN cd /tmp \
+ && curl --fail --location --compressed -o cpanfile "$CPANFILE" \
+ # 1. Find all the features named in RT's cpanfile.
+ # 2. Filter out the ones named in the regexp test against $2.
+ # 3. Print corresponding `--feature=name` options for cpm.
+ # 4. Run cpm with those options, along with a baseline set,
+ # to test and install all dependencies needed to run RT's tests.
+ && awk '($1 == "feature" && $2 !~ /(modperl1|oracle)/) { print "--feature=" substr($2, 2, length($2) - 2) }' cpanfile \
+ | xargs -d\\n --exit --verbose cpm install --global --no-prebuilt --test --with-all \
+ && rm -rf cpanfile ~/.perl-cpm
CMD tail -f /dev/null
diff --git a/README b/README
index 17d486f..1a3e54c 100644
--- a/README
+++ b/README
@@ -1,8 +1,66 @@
-This repo defines a base docker image to use for testing Request Tracker (RT).
+This repo defines a base Docker image to use for testing Request Tracker
+(RT) and its dependencies. It:
-It is intended only for testing but might be used as a base example for
-other deployments of RT with docker. Since it is used for testing, it
-includes development dependencies that are not needed for production RT deployments.
+* installs required C libraries and build tools from a distribution
+
+* builds Perl from source and runs its tests
+
+* installs cpm and uses it to install most of RT's dependencies, and run their tests
+
+After you build this image, you can use it to:
+
+* run the test suite for RT and its extensions (the Dockerfile and
+ GitHub Actions in the RT repository provides examples of this)
+
+* deploy the stack of dependencies to other hosts running the same
+ distribution and architecture, to save build time while maintaining
+ confidence that it has all passed testing
+
+To help you tailor the image to versions of Perl and RT you're targeting,
+and any future deployments you plan to do from that, you can pass build
+arguments to control what is built inside of it. The available arguments
+are:
+
+* CPANFILE: The URL to RT's cpanfile. The Dockerfile runs cpm to install
+ most of the modules named in this file, with some additional parsing to
+ select most optional features. The default is to use the cpanfile from the
+ current stable RT release available on GitHub. You can use a different URL
+ to use the cpanfile from a different RT version (e.g., replace `stable` in
+ the default URL with a different tag name).
+
+* CPM: The URL to the single-file script download published by cpm. You
+ should only need to set this if cpm moves or if you can't access GitHub.
+
+* PERL_VERSION: The version of Perl that is built, tested, and installed in
+ the image, written in the same format used in the source releases, like
+ `5.34.0`. The default is a release that was recently stable last time we
+ updated the Dockerfile.
+
+* PERL_CONFIGURE: A string of options passed the Perl's configure script
+ during the build process. The default is `-des`, which gets you a default
+ build without any interaction. You could change this to set specific
+ defines, turn on experimental features, etc.
+
+ Don't specify `-Dprefix` here. For that, use:
+
+* PERL_PREFIX: The full path where Perl will be installed inside the
+ container. Default is `/opt/perl-$PERL_VERSION`. You could change this is
+ if you wanted to use a different path for deployments out of the image.
+
+For routine builds, the only argument you're expected to set is
+PERL_VERSION, which you should set to a recent release.
+
+If you specifically want to test older or development versions of Perl
+and/or RT, you can do that by setting PERL_VERSION and CPANFILE,
+respectively. Testing development versions of Perl may require setting
+PERL_CONFIGURE as well.
+
+Because it is oriented towards testing and broader deployment, this Docker
+image contains a relatively "maximal" set of dependencies. It installs all
+of the modules required to support RT's tests, development features, and
+most of its databases and optional features. If you wanted to run RT in
+Docker in production, you would probably prefer to be more selective about
+what you install, and build a slimmer image.
Thanks to Christian Loos (GitHub:@cloos) for publishing RT docker examples.
-----------------------------------------------------------------------
hooks/post-receive
--
docker-rt-base
More information about the Bps-public-commit
mailing list