From 55a80fb486e5da6334286b37b61e08a5dfe4dc93 Mon Sep 17 00:00:00 2001 From: michaeljguarino Date: Mon, 16 Dec 2024 10:11:40 -0500 Subject: [PATCH] Revert back to alpine base images (#1684) --- Dockerfile | 23 +++++++++---------- lib/console/graphql/deployments/service.ex | 2 +- lib/console/graphql/resolvers/deployments.ex | 4 +++- .../graphql/resolvers/deployments/service.ex | 5 ++++ lib/console/graphql/schema/base.ex | 8 +++++-- lib/console/schema/service.ex | 1 + 6 files changed, 27 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index dca8f3d7b8..c6b77fae87 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,8 @@ ARG ELIXIR_VERSION=1.16.3 ARG OTP_VERSION=26.2.5.5 -ARG DEBIAN_VERSION=bullseye-20241202 -ARG RUNNER_IMAGE=debian:${DEBIAN_VERSION}-slim +ARG ALPINE_VERSION=3.20.3 +ARG TOOLS_IMAGE=alpine:${ALPINE_VERSION} +ARG RUNNER_IMAGE=alpine:${ALPINE_VERSION} FROM node:16.16-alpine3.15 as node @@ -22,7 +23,7 @@ ENV VITE_PROD_SECRET_KEY=${VITE_PROD_SECRET_KEY} RUN yarn run build -FROM hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-debian-${DEBIAN_VERSION}-slim AS builder +FROM hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-alpine-${ALPINE_VERSION} AS builder # The following are build arguments used to change variable parts of the image. # The name of your application/release (required) @@ -40,7 +41,7 @@ ENV SKIP_PHOENIX=${SKIP_PHOENIX} \ WORKDIR /opt/app # This step installs all the build tools we'll need -RUN apt-get update -y && apt-get install -y git build-essential && \ +RUN apk update && apk add git build-base && \ mix local.rebar --force && \ mix local.hex --force @@ -57,7 +58,7 @@ COPY --from=node /app/build ./priv/static RUN mix release -FROM ${RUNNER_IMAGE} as tools +FROM ${TOOLS_IMAGE} as tools ARG TARGETARCH=amd64 @@ -73,7 +74,7 @@ ENV CLI_VERSION=v0.10.3 # renovate: datasource=github-tags depName=kubernetes/kubernetes # ENV KUBECTL_VERSION=v1.31.3 -RUN apt-get update -y && apt-get install -y curl wget unzip +RUN apk update && apk add curl wget unzip RUN curl -L https://github.com/pluralsh/plural-cli/releases/download/${CLI_VERSION}/plural-cli_${CLI_VERSION#v}_Linux_${TARGETARCH}.tar.gz | tar xvz plural && \ mv plural /usr/local/bin/plural && \ # curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | tar xvz && \ @@ -94,13 +95,11 @@ COPY --from=tools /usr/local/bin/plural /usr/local/bin/plural WORKDIR /opt/app -RUN echo "deb http://deb.debian.org/debian bullseye-backports main" >/etc/apt/sources.list.d/bullseye-backports.list && \ - apt-get update -y && \ - apt-get install -y libstdc++6 openssl libncurses5 locales ca-certificates git-man/bullseye-backports git/bullseye-backports gnupg bash && \ - apt-get clean && rm -f /var/lib/apt/lists/*_* && \ - sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen && \ +RUN apk update && apk add openssh-client libgcc libstdc++ ncurses-libs openssl-dev ca-certificates git gnupg bash && \ + apk add --no-cache --update --virtual=build gcc musl-dev libffi-dev openssl-dev make && \ + apk del build && \ addgroup --gid 10001 app && \ - adduser --home /home/console --uid 10001 --gid 10001 console && \ + adduser -D -h /home/console -u 10001 -G app console && \ chown console:app /opt/app && \ mkdir -p /opt/app/data diff --git a/lib/console/graphql/deployments/service.ex b/lib/console/graphql/deployments/service.ex index 90a5cd3fff..91bb243cbb 100644 --- a/lib/console/graphql/deployments/service.ex +++ b/lib/console/graphql/deployments/service.ex @@ -194,7 +194,7 @@ defmodule Console.GraphQl.Deployments.Service do field :errors, list_of(:service_error), resolve: dataloader(Deployments), description: "a list of errors generated by the deployment operator" field :cluster, :cluster, resolve: dataloader(Deployments), description: "the cluster this service is deployed into" field :revision, :revision, resolve: dataloader(Deployments), description: "the current revision of this service" - field :configuration, list_of(:service_configuration), resolve: &Deployments.service_configuration/3, description: "possibly secret configuration used to template the manifests of this service" + field :configuration, list_of(:service_configuration), resolve: filter_loader(dataloader(Deployments), &Deployments.allow_secrets/3), description: "possibly secret configuration used to template the manifests of this service" field :components, list_of(:service_component), resolve: dataloader(Deployments), description: "the kubernetes component of a service" field :global_service, :global_service, resolve: dataloader(Deployments), description: "the global service this service is the source for" field :owner, :global_service, resolve: dataloader(Deployments), description: "whether this service is controlled by a global service" diff --git a/lib/console/graphql/resolvers/deployments.ex b/lib/console/graphql/resolvers/deployments.ex index fbbd570c5b..fd4c2c92bf 100644 --- a/lib/console/graphql/resolvers/deployments.ex +++ b/lib/console/graphql/resolvers/deployments.ex @@ -68,7 +68,8 @@ defmodule Console.GraphQl.Resolvers.Deployments do NamespaceVuln, VulnerabilityReport, Vulnerability, - ClusterInsightComponent + ClusterInsightComponent, + ServiceConfiguration } def query(Project, _), do: Project @@ -135,6 +136,7 @@ defmodule Console.GraphQl.Resolvers.Deployments do def query(VulnerabilityReport, _), do: VulnerabilityReport def query(Vulnerability, _), do: Vulnerability def query(ClusterInsightComponent, _), do: ClusterInsightComponent + def query(ServiceConfiguration, _), do: ServiceConfiguration def query(_, _), do: Cluster delegates Console.GraphQl.Resolvers.Deployments.Git diff --git a/lib/console/graphql/resolvers/deployments/service.ex b/lib/console/graphql/resolvers/deployments/service.ex index fab9cde9c6..f749a0b4d1 100644 --- a/lib/console/graphql/resolvers/deployments/service.ex +++ b/lib/console/graphql/resolvers/deployments/service.ex @@ -103,6 +103,11 @@ defmodule Console.GraphQl.Resolvers.Deployments.Service do end end + def allow_secrets(svc, result, ctx) do + with {:ok, _} <- allow(svc, actor(ctx), :secrets), + do: {:ok, result} + end + def helm_values(%{parent: service} = helm, _, ctx) do case allow(service, actor(ctx), :secrets) do {:ok, _} -> {:ok, helm.values} diff --git a/lib/console/graphql/schema/base.ex b/lib/console/graphql/schema/base.ex index 1da8c4e8a3..31c2370e15 100644 --- a/lib/console/graphql/schema/base.ex +++ b/lib/console/graphql/schema/base.ex @@ -124,8 +124,12 @@ defmodule Console.GraphQl.Schema.Base do def filter_loader(dataloader, func) when is_function(dataloader, 3) and is_function(func, 3) do fn parent, args, res -> - with {:ok, result} <- dataloader.(parent, args, res), - do: {:ok, func.(parent, result, res)} + with {:ok, result} <- dataloader.(parent, args, res) do + case func.(parent, result, res) do + l when is_list(l) -> {:ok, l} + res -> res + end + end end end diff --git a/lib/console/schema/service.ex b/lib/console/schema/service.ex index a3cf77a302..824c78f7ff 100644 --- a/lib/console/schema/service.ex +++ b/lib/console/schema/service.ex @@ -147,6 +147,7 @@ defmodule Console.Schema.Service do has_many :errors, ServiceError, on_replace: :delete has_many :components, ServiceComponent, on_replace: :delete has_many :context_bindings, ServiceContextBinding, on_replace: :delete + has_many :configuration, through: [:revision, :configuration] has_many :dependencies, ServiceDependency, foreign_key: :service_id, on_replace: :delete