Fighting with zypper, tagging our images (#1964)

* fighting weird build issues * labels are better outside * ugh that stupid linter * why do you always lint on me * neat * adding comments
2025-02-23 04:27:02 +01:00 · 2023-08-14 10:06:53 +10:00 · 2023-08-14 10:06:53 +10:00 · 9246293922
parent 84ac1168f6
commit 9246293922
6 changed files with 85 additions and 59 deletions
--- a/15
+++ b/15
@ -9,6 +9,7 @@ CONTAINER_TOOL ?= docker
 BUILDKIT_PROGRESS ?= plain
 TESTS ?=
 BOOK_VERSION ?= master
+GIT_COMMIT := $(shell git rev-parse HEAD)

 .DEFAULT: help
 .PHONY: help
@ -32,6 +33,8 @@ buildx/kanidmd:
 		--progress $(BUILDKIT_PROGRESS) \
 		--build-arg "KANIDM_BUILD_PROFILE=container_generic" \
 		--build-arg "KANIDM_FEATURES=" \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .

 .PHONY: buildx/kanidm_tools
@ -45,6 +48,8 @@ buildx/kanidm_tools:
 		--progress $(BUILDKIT_PROGRESS) \
 		--build-arg "KANIDM_BUILD_PROFILE=container_generic" \
 		--build-arg "KANIDM_FEATURES=" \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .

 .PHONY: buildx/radiusd
@ -54,6 +59,8 @@ buildx/radiusd:
 		--pull --push --platform $(IMAGE_ARCH) \
 		-f rlm_python/Dockerfile \
 		--progress $(BUILDKIT_PROGRESS) \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		-t $(IMAGE_BASE)/radius:$(IMAGE_VERSION) \
 		-t $(IMAGE_BASE)/radius:$(IMAGE_EXT_VERSION) .

@ -65,17 +72,19 @@ build/kanidmd:	## Build the kanidmd docker image locally
 build/kanidmd:
 	@$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) -f server/Dockerfile \
 		-t $(IMAGE_BASE)/server:$(IMAGE_VERSION) \
-		--platform $(IMAGE_ARCH) \
 		--build-arg "KANIDM_BUILD_PROFILE=container_generic" \
 		--build-arg "KANIDM_FEATURES=" \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .

 .PHONY: build/radiusd
 build/radiusd:	## Build the radiusd docker image locally
 build/radiusd:
 	@$(CONTAINER_TOOL) build $(CONTAINER_TOOL_ARGS) \
-		--platform $(IMAGE_ARCH) \
 		-f rlm_python/Dockerfile \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		-t $(IMAGE_BASE)/radius:$(IMAGE_VERSION) .

 .PHONY: build
@ -88,6 +97,8 @@ test/kanidmd:
 		$(CONTAINER_TOOL_ARGS) -f server/Dockerfile \
 		--target builder \
 		-t $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder \
+		--label "com.kanidm.git-commit=$(GIT_COMMIT)" \
+		--label "com.kanidm.version=$(IMAGE_EXT_VERSION)" \
 		$(CONTAINER_BUILD_ARGS) .
 	@$(CONTAINER_TOOL) run --rm $(IMAGE_BASE)/server:$(IMAGE_VERSION)-builder cargo test

--- a/examples/apache_oauth/Dockerfile
+++ b/examples/apache_oauth/Dockerfile
@ -10,3 +10,4 @@ RUN a2enmod ssl
 RUN rm /etc/apache2/sites-enabled/000-default.conf
 COPY index.html /var/www/html/index.html
 COPY oauth2.conf /etc/apache2/sites-enabled/oauth2.conf
+
--- a/rlm_python/Dockerfile
+++ b/rlm_python/Dockerfile
@ -1,12 +1,7 @@
 ARG BASE_IMAGE=opensuse/tumbleweed:latest
 FROM ${BASE_IMAGE} AS repos
-RUN \
-    --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper mr -k repo-oss; \
-    zypper mr -k repo-non-oss; \
-    zypper mr -k repo-update; \
-    zypper ref --force; \
-    zypper -v dup -y
+ADD ../scripts/zypper_fixing.sh /zypper_fixing.sh
+RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh

 # ======================
 FROM repos
--- a/scripts/zypper_fixing.sh
+++ b/scripts/zypper_fixing.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+# makes sure the repos are configured because the containers are derpy sometimes
+
+#disable the openh264 repo
+if [ "$(zypper lr | grep -ci 'repo-openh264')" -eq 1 ]; then
+    zypper mr -d -f -n 'repo-openh264'
+fi
+
+# add the non-oss repo if it doesn't exist
+if [ "$(zypper lr | grep -c 'repo-non-oss')" -eq 0 ]; then
+    zypper ar -f -n 'Non-OSS' http://download.opensuse.org/tumbleweed/repo/non-oss/ repo-non-oss
+fi
+
+# update the repos and make sure the ones we want are enabled
+zypper mr -k repo-oss
+zypper mr -k repo-non-oss
+zypper mr -k repo-update
+# force the refresh because zypper is too silly to work out it needs to do it itself
+zypper ref --force
+# show which mirror is failing if an error occurs (otherwise zypper shows the wrong mirror url)
+zypper -v dup -y
--- a/server/Dockerfile
+++ b/server/Dockerfile
@ -1,13 +1,9 @@
 # Build the main Kanidmd server
 ARG BASE_IMAGE=opensuse/tumbleweed:latest
+
 FROM ${BASE_IMAGE} AS repos
-RUN \
-    --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper mr -k repo-oss; \
-    zypper mr -k repo-non-oss; \
-    zypper mr -k repo-update; \
-    zypper ref --force ; \
-    zypper -v dup -y
+ADD scripts/zypper_fixing.sh /zypper_fixing.sh
+RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh

 # ======================
 FROM repos AS builder
@ -25,8 +21,11 @@ RUN \
        sccache \
        cargo \
        clang \
-        make automake autoconf \
-        libopenssl-3-devel pam-devel \
+        make \
+        automake \
+        autoconf \
+        libopenssl-3-devel \
+        pam-devel \
        sqlite3-devel \
        rsync \
        findutils \
@ -47,13 +46,12 @@ COPY . /usr/src/kanidm
 WORKDIR /usr/src/kanidm/kanidmd/daemon

 # Exports don't persist through RUN statements.
-RUN \
--mount=type=cache,id=cargo,target=/cargo \
--mount=type=cache,id=sccache,target=/sccache \
-export CARGO_HOME=/cargo; \
-export SCCACHE_DIR=/sccache; \
-export RUSTC_WRAPPER=/usr/bin/sccache; \
-export CC="/usr/bin/clang"; \
+RUN --mount=type=cache,id=cargo,target=/cargo \
+    --mount=type=cache,id=sccache,target=/sccache \
+    export CARGO_HOME=/cargo && \
+    export SCCACHE_DIR=/sccache && \
+    export RUSTC_WRAPPER=/usr/bin/sccache && \
+    export CC="/usr/bin/clang" && \
    cargo build -p daemon ${KANIDM_BUILD_OPTIONS} \
        --target-dir="/usr/src/kanidm/target/" \
        --features="${KANIDM_FEATURES}" \
@ -63,7 +61,6 @@ export CC="/usr/bin/clang"; \
 # ======================

 FROM repos
-
 RUN \
    --mount=type=cache,id=zypp,target=/var/cache/zypp \
    zypper install -y \
@ -80,4 +77,5 @@ EXPOSE 8443 3636
 VOLUME /data

 ENV RUST_BACKTRACE 1
+
 CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]
--- a/tools/Dockerfile
+++ b/tools/Dockerfile
@ -1,13 +1,8 @@
 # This builds the kanidm CLI tools
 ARG BASE_IMAGE=opensuse/tumbleweed:latest
 FROM ${BASE_IMAGE} AS repos
-RUN \
-    --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper mr -k repo-oss; \
-    zypper mr -k repo-non-oss; \
-    zypper mr -k repo-update; \
-    zypper ref --force; \
-    zypper -v dup -y
+ADD ../scripts/zypper_fixing.sh /zypper_fixing.sh
+RUN --mount=type=cache,id=zypp,target=/var/cache/zypp /zypper_fixing.sh

 FROM repos AS builder
 ARG KANIDM_FEATURES
@ -24,7 +19,9 @@ RUN \
        sccache \
        cargo \
        clang \
-        make automake autoconf \
+        make \
+        automake \
+        autoconf \
        libopenssl-3-devel \
        pam-devel \
        libudev-devel \
@ -38,20 +35,20 @@ WORKDIR /usr/src/kanidm/

 # build the CLI
 RUN \
--mount=type=cache,id=cargo,target=/cargo \
--mount=type=cache,id=sccache,target=/sccache \
-export CARGO_HOME=/cargo; \
-export SCCACHE_DIR=/sccache; \
-export RUSTC_WRAPPER=/usr/bin/sccache; \
-export CC="/usr/bin/clang"; \
+    --mount=type=cache,id=cargo,target=/cargo \
+    --mount=type=cache,id=sccache,target=/sccache \
+    export CARGO_HOME=/cargo; \
+    export SCCACHE_DIR=/sccache; \
+    export RUSTC_WRAPPER=/usr/bin/sccache; \
+    export CC="/usr/bin/clang"; \
    cargo build -p kanidm_tools ${KANIDM_BUILD_OPTIONS} \
        --target-dir="/usr/src/kanidm/target/" \
        --features="${KANIDM_FEATURES}" \
-        --release; \
+        --release && \
    cargo build -p kanidm-ipa-sync ${KANIDM_BUILD_OPTIONS} \
        --target-dir="/usr/src/kanidm/target/" \
        --features="${KANIDM_FEATURES}" \
-        --release; \
+        --release  && \
    sccache -s

 # == Construct the tools container
@ -61,7 +58,10 @@ ENV RUST_BACKTRACE 1

 RUN \
    --mount=type=cache,id=zypp,target=/var/cache/zypp \
-    zypper install -y timezone busybox-adduser openssl-3
+    zypper install -y \
+        timezone \
+        busybox-adduser \
+        openssl-3

 COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
 COPY --from=builder /usr/src/kanidm/target/release/kanidm-ipa-sync /sbin/
@ -75,4 +75,3 @@ RUN adduser -D -H kanidm && \
 USER kanidm

 CMD [ "/sbin/kanidm", "-h" ]
-