This is an automated email from the ASF dual-hosted git repository. wohali pushed a commit to branch better-faster-dev-builds in repository https://gitbox.apache.org/repos/asf/couchdb-docker.git
commit 95372aaead8f7de98951abb1876b70dddb4da5bd Author: Joan Touzet <[email protected]> AuthorDate: Tue Jul 10 13:15:45 2018 -0700 [WIP] First pass --- dev-cluster/Dockerfile | 107 +++++++++++++++++++++++------------------------ dev/Dockerfile | 91 +++++++++++++++++++++------------------- dev/docker-entrypoint.sh | 13 +++--- 3 files changed, 106 insertions(+), 105 deletions(-) diff --git a/dev-cluster/Dockerfile b/dev-cluster/Dockerfile index 0166050..c89c104 100644 --- a/dev-cluster/Dockerfile +++ b/dev-cluster/Dockerfile @@ -12,63 +12,69 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:jessie AS runtime +FROM debian:stretch -LABEL maintainer="CouchDB Developers <[email protected]>" +MAINTAINER CouchDB Developers [email protected] # Add CouchDB user account RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ - libicu52 \ + curl \ + dirmngr \ + gnupg \ + haproxy \ + libicu57 \ libmozjs185-1.0 \ openssl \ - && rm -rf /var/lib/apt/lists/* + python && \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch";; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc";; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch";; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc";; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch";; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc";; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget - -# Dependencies only needed during build time. This layer will also be cached -# unless for each clone_url. -FROM runtime AS build_dependencies + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch";; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc";; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + apt-get purge -y --auto-remove wget RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ - gcc \ - g++ \ - curl \ + build-essential \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -76,9 +82,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - make \ - python \ - python-pip + python-setuptools \ + python-pip \ + python-wheel RUN pip install \ sphinx \ @@ -87,8 +93,8 @@ RUN pip install \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli @@ -99,28 +105,21 @@ RUN git clone $clone_url /usr/src/couchdb WORKDIR /usr/src/couchdb RUN ./configure -# This layer performs the actual build of a relocatable, self-contained -# release of CouchDB. It pulls down the latest changes from the remote -# origin (because the layer above will be cached) and switches to the -# branch specified in the build_arg (defaults to master) -FROM build_dependencies AS build - ARG checkout_branch=master ARG configure_options -WORKDIR /usr/src/couchdb +WORKDIR /usr/src/couchdb/ RUN git fetch origin \ && git checkout $checkout_branch \ && ./configure $configure_options \ - && make couch - -# we skip any finalisation of this image since this is purely for testing + && make all # Setup directories and permissions RUN chown -R couchdb:couchdb /usr/src/couchdb -WORKDIR /usr/src/couchdb -EXPOSE 5984 4369 9100 +WORKDIR /opt/couchdb +EXPOSE 5984 15984 25984 35984 +VOLUME ["/usr/src/couchdb/dev/lib"] ENTRYPOINT ["tini", "--", "/usr/src/couchdb/dev/run"] CMD ["--with-haproxy"] diff --git a/dev/Dockerfile b/dev/Dockerfile index ba3e259..1b43ba7 100644 --- a/dev/Dockerfile +++ b/dev/Dockerfile @@ -12,63 +12,71 @@ # Base layer containing dependencies needed at runtime. This layer will be # cached after the initial build. -FROM debian:jessie AS runtime +FROM debian:stretch as runtime -LABEL maintainer="CouchDB Developers <[email protected]>" +MAINTAINER CouchDB Developers [email protected] # Add CouchDB user account RUN groupadd -r couchdb && useradd -d /opt/couchdb -g couchdb couchdb RUN apt-get update -y && apt-get install -y --no-install-recommends \ ca-certificates \ - libicu52 \ + curl \ + dirmngr \ + gnupg \ + libicu57 \ libmozjs185-1.0 \ openssl \ - && rm -rf /var/lib/apt/lists/* + python && \ + rm -rf /var/lib/apt/lists/* # grab gosu for easy step-down from root and tini for signal handling # see https://github.com/apache/couchdb-docker/pull/28#discussion_r141112407 ENV GOSU_VERSION 1.10 ENV TINI_VERSION 0.16.1 RUN set -ex; \ - \ - apt-get update; \ - apt-get install -y --no-install-recommends wget; \ - rm -rf /var/lib/apt/lists/*; \ - \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - \ + apt-get update; \ + apt-get install -y --no-install-recommends wget; \ + rm -rf /var/lib/apt/lists/*; \ + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ # install gosu - wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch";; \ - wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc";; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - chmod +x /usr/local/bin/gosu; \ - gosu nobody true; \ - \ + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-$dpkgArch";; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc";; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ + chmod +x /usr/local/bin/gosu; \ + gosu nobody true; \ # install tini - wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch";; \ - wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc";; \ - export GNUPGHOME="$(mktemp -d)"; \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7; \ - gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ - rm -r "$GNUPGHOME" /usr/local/bin/tini.asc; \ - chmod +x /usr/local/bin/tini; \ - tini --version; \ - \ - apt-get purge -y --auto-remove wget + wget -O /usr/local/bin/tini "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch";; \ + wget -O /usr/local/bin/tini.asc "https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-$dpkgArch.asc";; \ + export GNUPGHOME="$(mktemp -d)"; \ + for server in $(shuf -e ha.pool.sks-keyservers.net \ + hkp://p80.pool.sks-keyservers.net:80 \ + keyserver.ubuntu.com \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu) ; do \ + gpg --keyserver "$server" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && break || : ; \ + done; \ + gpg --batch --verify /usr/local/bin/tini.asc /usr/local/bin/tini; \ + rm -rf "$GNUPGHOME" /usr/local/bin/tini.asc; \ + chmod +x /usr/local/bin/tini; \ + tini --version; \ + apt-get purge -y --auto-remove wget # Dependencies only needed during build time. This layer will also be cached -# unless for each clone_url. FROM runtime AS build_dependencies RUN apt-get update -y && apt-get install -y --no-install-recommends \ apt-transport-https \ - gcc \ - g++ \ - curl \ + build-essential \ erlang-nox \ erlang-reltool \ erlang-dev \ @@ -76,14 +84,9 @@ RUN apt-get update -y && apt-get install -y --no-install-recommends \ libcurl4-openssl-dev \ libicu-dev \ libmozjs185-dev \ - make \ - python \ + python-setuptools \ python-pip \ - texinfo \ - texlive-base \ - texlive-fonts-extra \ - texlive-fonts-recommended \ - texlive-latex-extra + python-wheel RUN pip install \ sphinx \ @@ -92,8 +95,8 @@ RUN pip install \ # Node is special RUN set -ex; \ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -; \ - echo 'deb https://deb.nodesource.com/node_6.x jessie main' > /etc/apt/sources.list.d/nodesource.list; \ - echo 'deb-src https://deb.nodesource.com/node_6.x jessie main' >> /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb https://deb.nodesource.com/node_6.x stretch main' > /etc/apt/sources.list.d/nodesource.list; \ + echo 'deb-src https://deb.nodesource.com/node_6.x stretch main' >> /etc/apt/sources.list.d/nodesource.list; \ apt-get update -y && apt-get install -y nodejs; \ npm install -g grunt-cli @@ -121,7 +124,7 @@ RUN git fetch origin \ # This results in a single layer image (or at least skips the build stuff?) FROM runtime -COPY --from=build /usr/src/couchdb/rel/couchdb /opt/ +COPY --from=build /usr/src/couchdb/rel/couchdb /opt/couchdb # Add configuration COPY local.ini /opt/couchdb/etc/default.d/ diff --git a/dev/docker-entrypoint.sh b/dev/docker-entrypoint.sh index dda823d..718779e 100755 --- a/dev/docker-entrypoint.sh +++ b/dev/docker-entrypoint.sh @@ -26,13 +26,12 @@ fi if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then # we need to set the permissions here because docker mounts volumes as root - chown -R couchdb:couchdb /opt/couchdb + chown -fR couchdb:couchdb /opt/couchdb || true - chmod -R 0770 /opt/couchdb/data + chmod -fR 0770 /opt/couchdb/data || true - chmod 664 /opt/couchdb/etc/*.ini - chmod 664 /opt/couchdb/etc/local.d/*.ini - chmod 775 /opt/couchdb/etc/*.d + find /opt/couchdb/etc -name \*.ini -exec chmod -f 664 {} \; + chmod -f 775 /opt/couchdb/etc/*.d || true if [ ! -z "$NODENAME" ] && ! grep "couchdb@" /opt/couchdb/etc/vm.args; then echo "-name couchdb@$NODENAME" >> /opt/couchdb/etc/vm.args @@ -41,13 +40,13 @@ if [ "$1" = '/opt/couchdb/bin/couchdb' ]; then if [ "$COUCHDB_USER" ] && [ "$COUCHDB_PASSWORD" ]; then # Create admin printf "[admins]\n%s = %s\n" "$COUCHDB_USER" "$COUCHDB_PASSWORD" > /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi if [ "$COUCHDB_SECRET" ]; then # Set secret printf "[couch_httpd_auth]\nsecret = %s\n" "$COUCHDB_SECRET" >> /opt/couchdb/etc/local.d/docker.ini - chown couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini + chown -f couchdb:couchdb /opt/couchdb/etc/local.d/docker.ini || true fi # if we don't find an [admins] section followed by a non-comment, display a warning
