Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CI action to push images to Docker Hub #1917

Draft
wants to merge 32 commits into
base: qa/1.x
Choose a base branch
from

Conversation

DanielCosme
Copy link

@DanielCosme DanielCosme commented Mar 14, 2024

This PR creates a Github Action that builds and push docker images to Docker Hub. For now the trigger to this workflow will be manual and will be tagged only with latest. We expect to do a second pass on this workflow so that we have multiple tags that relate to different versions of AM. We will do this once we have a better understanding on how a dockerised production grade deployment of AM looks like.

Also, the Dockerfile has been reworked a little bit to make the resulting images smaller in the registry. We did this by only using dependencies that are strictly needed for all components of AM. Before all 3 components shared dependencies that where not really needed.

I expect to do an additional pass on this file in the future, once I have a better understanding on how the dependencies work. As for the archivematica-tests target I left it as it was originally.

@DanielCosme DanielCosme added the AMAUAT Issues relating to the improvement of the AM Automated Acceptance tests label Mar 14, 2024
@DanielCosme DanielCosme force-pushed the dev/trim-dockerfile branch from 97499bd to 6bcc277 Compare March 18, 2024 14:27
@DanielCosme DanielCosme self-assigned this Mar 18, 2024
@DanielCosme DanielCosme added AMAUAT Issues relating to the improvement of the AM Automated Acceptance tests and removed AMAUAT Issues relating to the improvement of the AM Automated Acceptance tests labels Mar 18, 2024
Copy link
Member

@replaceafill replaceafill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DanielCosme great progress! The new workflow for publishing images looks good to me. I haven't tested the Dockerfile in the PR yet, but I left a few questions and suggestions.

on: workflow_dispatch
jobs:
build:
name: "Builds images and push them to Docker Hub"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
name: "Builds images and push them to Docker Hub"
name: "Build and push images"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

.github/workflows/push-images.yml Show resolved Hide resolved
load: true
file: ./hack/Dockerfile
target: "archivematica-mcp-server"
tags: artefactual/archivematica-mcp-server:latest
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we add a newline at the end of the file?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

hack/Dockerfile Outdated
Comment on lines 158 to 159
libldap2-dev \
libsasl2-dev \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could these be removed since they're already installed in the base-builder?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

hack/Dockerfile Outdated
&& apt-get update \
&& apt-get install -y --no-install-recommends \
coreutils \
clamav \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I might be wrong, but I think the clamav package and the:

# Download ClamAV virus signatures
RUN freshclam --quiet

instruction below are only necessary in the MCPClient stage.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll try it.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Nothing broke in the tests.

hack/Dockerfile Outdated
RUN set -ex \
&& apt-get update \
&& apt-get install -y --no-install-recommends \
coreutils \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I noticed the ansible-archivematica-src vars set this as a dashboard dependency. Should it be moved there?

Copy link
Author

@DanielCosme DanielCosme Apr 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember. I decided to leave coreutils here just because I don't understand the components and dependencies enough. coreutils contains (sometimes) essential packages for the OS. And since AM is so reliant on OS dependencies I left it in the base-builder step. Should I remove it?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can try moving coreutils to the dashboard stage and let the Acceptance Test workflow to tell you if anything breaks.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

coreutils removed. nothing broke :)

@@ -283,7 +296,75 @@ ENTRYPOINT ["pyenv", "exec", "python3", "-m", "gunicorn", "--config=/src/src/das

# -----------------------------------------------------------------------------

FROM base AS archivematica-tests
FROM base-builder as archivematica-tests
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the archivematica-tests stage can be much more simple. It's needed for running tox and building its virtual environments, so it only needs Python, the common development libraries base-builder already has and from a quick local test based on the qa/1.x branch the following dependencies:

  • gcc for building C dependencies for the virtual environment.
  • media-types, p7zip-full, rsync and unar for being able to run the Storage Service tests from the hack/Makefile.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it works, thank you. Done.

hack/Dockerfile Outdated
Comment on lines 355 to 318
RUN set -ex \
&& groupadd --gid ${GROUP_ID} --system archivematica \
&& useradd --uid ${USER_ID} --gid ${GROUP_ID} --home-dir /var/archivematica --system archivematica \
&& mkdir -p /var/archivematica/sharedDirectory \
&& chown -R archivematica:archivematica /var/archivematica

# Download ClamAV virus signatures
RUN freshclam --quiet

USER archivematica

COPY --chown=${USER_ID}:${GROUP_ID} --from=pyenv-builder --link ${PYENV_DIR} ${PYENV_DIR}
COPY --chown=${USER_ID}:${GROUP_ID} --link . /src
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if it makes sense, but I think if you end up moving all the OS dependencies out of base to their corresponding stages, this block might be inherited from the base stage instead.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So what I think you are saying is that this block is not really needed because it already happens in base. So by having this block here is just redundant, doing the same work again, right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's correct.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

file: ./hack/Dockerfile
target: "archivematica-dashboard"
tags: artefactual/archivematica-dashboard:latest
- name: "Build and Push MCP-client"
Copy link
Member

@sevein sevein Mar 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: "Build and Push MCP-client"
- name: "Build and push MCPClient"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

file: ./hack/Dockerfile
target: "archivematica-mcp-client"
tags: artefactual/archivematica-mcp-client:latest
- name: "Build and Push MCP-server"
Copy link
Member

@sevein sevein Mar 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: "Build and Push MCP-server"
- name: "Build and push MCPServer"

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

hack/Dockerfile Outdated
Comment on lines 301 to 303
ARG USER_ID=1000
ARG GROUP_ID=1000
ARG PYENV_DIR=/pyenv
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the docs, we don't need to redefine the default again when pulling the argument, e.g.:

Suggested change
ARG USER_ID=1000
ARG GROUP_ID=1000
ARG PYENV_DIR=/pyenv
ARG USER_ID
ARG GROUP_ID
ARG PYENV_DIR

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@DanielCosme DanielCosme added AMAUAT Issues relating to the improvement of the AM Automated Acceptance tests and removed AMAUAT Issues relating to the improvement of the AM Automated Acceptance tests labels Apr 3, 2024
@DanielCosme
Copy link
Author

DanielCosme commented Apr 3, 2024

@replaceafill I think I addressed all feedback. All tests are passing, if you have any further feedback, let me know.

@DanielCosme DanielCosme force-pushed the dev/trim-dockerfile branch from 86dcdbc to 4e772f4 Compare April 15, 2024 16:05
@DanielCosme DanielCosme force-pushed the dev/trim-dockerfile branch from 4e772f4 to b3f5b83 Compare April 30, 2024 16:59
replaceafill and others added 18 commits May 31, 2024 12:04
orjson is significantly faster and comes with native serialization of some
types like datetime or UUID.
This commit modifies the MCPServer to encode the `createdDate` of tasks using
`datetime` which is natively supported by our JSONDataEncoder. The conversion
to the METS-compliant format now occurs during the decoding process on the
client side. This change ensures consistent use of RFC 3339 format across all
communications.
MySQL uses mbind to bind processes and threads to CPUs which is not allowed by
the default configuration of Docker's seccomp profile. This causes MySQL to log
the following error repeatedly:

    mbind: Operation not permitted

Adding the `SYS_NICE` capability to the container forces Docker to adjust the
default seccomp profile to include the necessary permissions. For more details,
visit docker-library/mysql#303.

It looks like MySQL fixed the problem in [v8.0.13] but Percona doesn't seem to
have received this update.

[v8.0.13]: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-13.html
This replaces the black, pyupgrade, reorder-python-imports and flake8           
hooks in pre-commit with ruff.                                                  

It also upgrades the django-upgrade and markdownlint-cli hooks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
AMAUAT Issues relating to the improvement of the AM Automated Acceptance tests
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants