Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Consolidate layers #856

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

WIP: Consolidate layers #856

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 0 additions & 22 deletions image/base/install-imagemagick
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,31 +5,9 @@ set -e
IMAGE_MAGICK_VERSION="7.1.0-62"
IMAGE_MAGICK_HASH="d282117bc6d0e91ad1ad685d096623b96ed8e229f911c891d83277b350ef884a"

# We use debian, but GitHub CI is stuck on Ubuntu Bionic, so this must be compatible with both
LIBJPEGTURBO=$(cat /etc/issue | grep -qi Debian && echo 'libjpeg62-turbo libjpeg62-turbo-dev' || echo 'libjpeg-turbo8 libjpeg-turbo8-dev')

# Ubuntu 22.04/22.10 doesn't have libwebp6
LIBWEBP=$(cat /etc/issue | grep -qiE 'Debian GNU/Linux 12|Ubuntu 22' && echo 'libwebp7' || echo 'libwebp6')

PREFIX=/usr/local
WDIR=/tmp/imagemagick

# Install build deps
apt -y -q remove imagemagick
apt -y -q install git make gcc pkg-config autoconf curl g++ yasm cmake \
libde265-0 libde265-dev ${LIBJPEGTURBO} ${LIBWEBP} x265 libx265-dev libtool \
libpng16-16 libpng-dev libwebp-dev libgomp1 \
libwebpmux3 libwebpdemux2 ghostscript libxml2-dev libxml2-utils librsvg2-dev \
libltdl7-dev libbz2-dev gsfonts libtiff-dev libfreetype6-dev libjpeg-dev libheif1 libheif-dev

# Ubuntu doesn't like backports
if cat /etc/issue | grep -qiE 'Debian GNU/Linux 12|Ubuntu 22'; then
apt -y install libaom-dev
else
# Use backports instead of compiling it
apt -y -q install -t bullseye-backports libaom-dev
fi

mkdir -p $WDIR
cd $WDIR

Expand Down
3 changes: 0 additions & 3 deletions image/base/install-nginx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,6 @@ gpg --verify nginx-$VERSION.tar.gz.asc nginx-$VERSION.tar.gz
tar zxf nginx-$VERSION.tar.gz
cd nginx-$VERSION

# nginx-common for boilerplate files etc.
apt install -y nginx-common

cd /tmp
# this is the reason we are compiling by hand...
git clone https://github.com/google/ngx_brotli.git
Expand Down
3 changes: 0 additions & 3 deletions image/base/install-oxipng
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,6 @@ case "${dpkgArch##*-}" in
*) echo >&2 "unsupported architecture: ${dpkgArch}"; exit 1 ;;
esac

# Install other deps
apt -y -q install advancecomp jhead jpegoptim libjpeg-turbo-progs optipng

mkdir /oxipng-install
cd /oxipng-install

Expand Down
297 changes: 189 additions & 108 deletions image/base/slim.Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,126 +8,207 @@ ARG DEBIAN_RELEASE
ENV PG_MAJOR=13 \
RUBY_ALLOCATOR=/usr/lib/libjemalloc.so \
LEFTHOOK=0 \
DEBIAN_RELEASE=${DEBIAN_RELEASE}
DEBIAN_RELEASE=${DEBIAN_RELEASE} \
LC_ALL=en_US.UTF-8 \
LANG=en_US.UTF-8 \
LANGUAGE=en_US.UTF-8

#LABEL maintainer="Sam Saffron \"https://twitter.com/samsaffron\""

# Ensures that the gid and uid of the following users are consistent to avoid permission issues on directories in the
# mounted volumes.
RUN groupadd --gid 104 postgres &&\
useradd --uid 101 --gid 104 --home /var/lib/postgresql --shell /bin/bash -c "PostgreSQL administrator,,," postgres &&\
groupadd --gid 106 redis &&\
useradd --uid 103 --gid 106 --home /var/lib/redis --shell /usr/sbin/nologin redis &&\
groupadd --gid 1000 discourse &&\
useradd --uid 1000 --gid 1000 -m --shell /bin/bash discourse

RUN echo 2.0.`date +%Y%m%d` > /VERSION
RUN echo "deb http://deb.debian.org/debian ${DEBIAN_RELEASE}-backports main" > "/etc/apt/sources.list.d/${DEBIAN_RELEASE}-backports.list"
RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping
RUN sh -c "fping proxy && echo 'Acquire { Retries \"0\"; HTTP { Proxy \"http://proxy:3128\";}; };' > /etc/apt/apt.conf.d/40proxy && apt-get update || true"
RUN apt-mark hold initscripts
RUN apt-get -y upgrade

RUN DEBIAN_FRONTEND=noninteractive apt-get install -y locales locales-all
ENV LC_ALL en_US.UTF-8
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US.UTF-8

RUN install -d /usr/share/postgresql-common/pgdg &&\
curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc &&\
echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list

RUN curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list
RUN apt-get -y update
# install these without recommends to avoid pulling in e.g.
# X11 libraries, mailutils
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends git rsyslog logrotate cron ssh-client less
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install autoconf build-essential ca-certificates rsync \
libxslt-dev libcurl4-openssl-dev \
libssl-dev libyaml-dev libtool \
libpcre3 libpcre3-dev zlib1g zlib1g-dev \
libxml2-dev gawk parallel \
postgresql-${PG_MAJOR} postgresql-client \
postgresql-contrib-${PG_MAJOR} libpq-dev postgresql-${PG_MAJOR}-pgvector \
libreadline-dev anacron wget \
psmisc whois brotli libunwind-dev \
libtcmalloc-minimal4 cmake \
pngcrush pngquant ripgrep poppler-utils
RUN sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron
RUN sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf
RUN sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf
RUN dpkg-divert --local --rename --add /sbin/initctl
RUN sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"
RUN cd / &&\
DEBIAN_FRONTEND=noninteractive apt-get -y install runit socat &&\
mkdir -p /etc/runit/1.d &&\
apt-get clean &&\
rm -f /etc/apt/apt.conf.d/40proxy &&\
locale-gen en_US &&\
DEBIAN_FRONTEND=noninteractive apt-get install -y nodejs yarn &&\
npm install -g terser uglify-js pnpm

ADD install-imagemagick /tmp/install-imagemagick
RUN /tmp/install-imagemagick

ADD install-jemalloc /tmp/install-jemalloc
RUN /tmp/install-jemalloc

# From https://nginx.org/en/pgp_keys.html
ADD nginx_public_keys.key /tmp/nginx_public_keys.key
ADD install-nginx /tmp/install-nginx

RUN gpg --import /tmp/nginx_public_keys.key &&\
rm /tmp/nginx_public_keys.key &&\
/tmp/install-nginx

ADD install-redis /tmp/install-redis
RUN /tmp/install-redis

ADD install-oxipng /tmp/install-oxipng
RUN /tmp/install-oxipng

RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
gem update --system

RUN gem install pups --force &&\
mkdir -p /pups/bin/ &&\
ln -s /usr/local/bin/pups /pups/bin/pups

ADD install-redis /tmp/install-redis
# This tool allows us to disable huge page support for our current process
# since the flag is preserved through forks and execs it can be used on any
# process
ADD thpoff.c /src/thpoff.c
RUN gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c

# clean up for docker squash
RUN rm -fr /usr/share/man &&\
rm -fr /usr/share/doc &&\
rm -fr /usr/share/vim/vim74/doc &&\
rm -fr /usr/share/vim/vim74/lang &&\
rm -fr /usr/share/vim/vim74/spell/en* &&\
rm -fr /usr/share/vim/vim74/tutor &&\
rm -fr /usr/local/share/doc &&\
rm -fr /usr/local/share/ri &&\
rm -fr /var/lib/apt/lists/* &&\
rm -fr /root/.gem &&\
rm -fr /root/.npm &&\
rm -fr /tmp/*

# this can probably be done, but I worry that people changing PG locales will have issues
# cd /usr/share/locale && rm -fr `ls -d */ | grep -v en`

# this is required for aarch64 which uses buildx
# see https://github.com/docker/buildx/issues/150
RUN rm -f /etc/service

COPY etc/ /etc
RUN set -eux; \
# Ensures that the gid and uid of the following users are consistent to avoid permission issues on directories in the
# mounted volumes.
groupadd --gid 104 postgres; \
useradd --uid 101 --gid 104 --home /var/lib/postgresql --shell /bin/bash -c "PostgreSQL administrator,,," postgres; \
groupadd --gid 106 redis; \
useradd --uid 103 --gid 106 --home /var/lib/redis --shell /usr/sbin/nologin redis; \
groupadd --gid 1000 discourse; \
useradd --uid 1000 --gid 1000 -m --shell /bin/bash discourse; \
\
echo 2.0.`date +%Y%m%d` > /VERSION; \
echo "deb http://deb.debian.org/debian ${DEBIAN_RELEASE}-backports main" > "/etc/apt/sources.list.d/${DEBIAN_RELEASE}-backports.list"; \
echo "debconf debconf/frontend select Teletype" | debconf-set-selections; \
apt-get update; \
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends sudo curl; \
install -d /usr/share/postgresql-common/pgdg; \
curl -o /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc --fail https://www.postgresql.org/media/keys/ACCC4CF8.asc; \
echo "deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt ${DEBIAN_RELEASE}-pgdg main" > /etc/apt/sources.list.d/pgdg.list; \
curl --silent --location https://deb.nodesource.com/setup_18.x | sudo bash -; \
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -; \
echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list; \
apt-mark hold initscripts; \
apt-get update; \
apt-get -y upgrade; \
\
# Dependencies required to run Discourse
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
locales \
locales-all \
git \
rsyslog \
logrotate \
cron \
ssh-client \
less \
ca-certificates \
rsync \
libxslt-dev \
libcurl4-openssl-dev \
libssl-dev \
libyaml-dev \
libtool \
libpcre3 \
libpcre3-dev \
zlib1g \
zlib1g-dev \
libxml2-dev \
gawk \
parallel \
postgresql-${PG_MAJOR} \
postgresql-client \
postgresql-contrib-${PG_MAJOR} \
libpq-dev \
postgresql-${PG_MAJOR}-pgvector \
libreadline-dev \
anacron \
psmisc \
whois \
brotli \
libunwind-dev \
libtcmalloc-minimal4 \
ripgrep \
poppler-utils \
runit \
socat \
nodejs \
yarn \
# START Nginx
nginx-common \
# END Nginx
# START ImageMagick
pngcrush \
pngquant \
libde265-0 \
libde265-dev \
libjpeg62-turbo \
libjpeg62-turbo-dev \
libwebp7 \
x265 \
libx265-dev \
libtool \
libpng16-16 \
libpng-dev \
libwebp-dev \
libgomp1 \
libwebpmux3 \
libwebpdemux2 \
ghostscript \
libxml2-dev \
libxml2-utils \
librsvg2-dev \
libltdl7-dev \
libbz2-dev \
gsfonts \
libtiff-dev \
libfreetype6-dev \
libjpeg-dev \
libheif1 \
libheif-dev \
libaom-dev \
# END ImageMagick
; \
savedAptMark="$(apt-mark showmanual)"; \
# Dependencies required to build packages. These packages are automatically removed
# at the end of the RUN step.
DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends \
wget \
gcc \
g++ \
make \
cmake \
autoconf \
automake \
libtool \
pkg-config \
autoconf \
yasm \
; \
sed -i -e 's/start -q anacron/anacron -s/' /etc/cron.d/anacron; \
sed -i.bak 's/$ModLoad imklog/#$ModLoad imklog/' /etc/rsyslog.conf; \
sed -i.bak 's/module(load="imklog")/#module(load="imklog")/' /etc/rsyslog.conf; \
dpkg-divert --local --rename --add /sbin/initctl; \
sh -c "test -f /sbin/initctl || ln -s /bin/true /sbin/initctl"; \
mkdir -p /etc/runit/1.d; \
rm -f /etc/apt/apt.conf.d/40proxy; \
locale-gen en_US; \
npm install -g terser uglify-js pnpm; \
\
# Installs ImageMagick
/tmp/install-imagemagick; \
# Installs JeMalloc
/tmp/install-jemalloc; \
\
# Installs Nginx
gpg --import /tmp/nginx_public_keys.key; \
rm /tmp/nginx_public_keys.key; \
/tmp/install-nginx; \
# Installs Redis
/tmp/install-redis; \
# Installs Oxipng
/tmp/install-oxipng; \
echo 'gem: --no-document' >> /usr/local/etc/gemrc; \
gem update --system; \
gem install pups --force; \
mkdir -p /pups/bin/; \
ln -s /usr/local/bin/pups /pups/bin/pups; \
gcc -o /usr/local/sbin/thpoff /src/thpoff.c && rm /src/thpoff.c; \
\
# Discourse specific bits
install -dm 0755 -o discourse -g discourse /var/www/discourse; \
sudo -u discourse git clone --filter=tree:0 https://github.com/discourse/discourse.git /var/www/discourse; \
gem install bundler --conservative -v $(awk '/BUNDLED WITH/ { getline; gsub(/ /,""); print $0 }' /var/www/discourse/Gemfile.lock); \
\
# Clean up
rm -fr /usr/share/man; \
rm -fr /usr/share/doc; \
rm -fr /usr/share/vim/vim74/doc; \
rm -fr /usr/share/vim/vim74/lang; \
rm -fr /usr/share/vim/vim74/spell/en*; \
rm -fr /usr/share/vim/vim74/tutor; \
rm -fr /usr/local/share/doc; \
rm -fr /usr/local/share/ri; \
rm -fr /var/lib/apt/lists/*; \
rm -fr /root/.gem; \
rm -fr /root/.npm; \
rm -fr /tmp/*; \
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark > /dev/null; \
find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \
| awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); printf "*%s\n", so }' \
| sort -u \
| xargs -r dpkg-query --search \
| cut -d: -f1 \
| sort -u \
| xargs -r apt-mark manual \
; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
apt-get clean; \
\
# this is required for aarch64 which uses buildx
# see https://github.com/docker/buildx/issues/150
rm -f /etc/service

COPY etc/ /etc
COPY sbin/ /sbin

# Discourse specific bits
RUN install -dm 0755 -o discourse -g discourse /var/www/discourse &&\
sudo -u discourse git clone --filter=tree:0 https://github.com/discourse/discourse.git /var/www/discourse &&\
gem install bundler --conservative -v $(awk '/BUNDLED WITH/ { getline; gsub(/ /,""); print $0 }' /var/www/discourse/Gemfile.lock)
Loading