Updates for Dockerfile templates#1616
Conversation
Updated Docker build workflow to include checks for builder stage and validate image properties.
Add permissions for pull requests and contents.
Added validation steps for metadata labels, working directory, non-root user, and Nextflow dependencies. Included a report generation step to summarize validation results and image sizes.
Updated Hadolint action version and improved error messages for various checks in the Dockerfile linting workflow.
Add workflow_dispatch support for Dockerfile changes
Added has_changes output to detect-changes job and updated logic for handling changes in pull requests.
Update ga
Add validation step for Nextflow dependencies in Dockerfile workflow.
Updated Hadolint configuration to ignore additional linting rules and enabled continue-on-error for several checks.
Updated validation steps to check for additional Nextflow dependencies and added error handling for missing utilities.
Added DL3047 to the list of ignored Hadolint checks.
Reduced the ignored linting rules in the Dockerfile linting workflow.
Updated cache scope to include version and modified image size reporting to list built images.
Updated the bot's trigger conditions and parameter extraction logic.
Refactor matrix generation logic to use PR_FILES environment variable for transforming PR file list into JSON structure.
Updated the workflow to handle escaped quotes in PR file input and renamed the environment variable for clarity.
Updated workflow to push images to both Docker Hub and Quay. Adjusted cache requirements and improved README update steps.
Removed 'dockerfile.version' from required labels in the workflow.
Refactor Dockerfile to streamline build stages and improve clarity.
Updated Dockerfile template with improved comments and structure.
Updated README with additional details on installed tools and usage instructions.
Updated metadata labels in Dockerfile for better clarity and compliance with OCI Image Spec.
Updated metadata labels in Dockerfile to reflect new base image and additional information.
| # The date this image was last updated (Manually update this!) | ||
| org.opencontainers.image.created="2024-05-20" \ | ||
| # The exact base image used for the 'app' stage (Must match the FROM instruction above) | ||
| org.opencontainers.image.base.name="ubuntu:jammy" \ |
There was a problem hiding this comment.
Looks like most of the org.opencontainer.image.base.name were incorrect. I think they are all fixed now.
|
This is what these look like in action: erinyoung#8 |
oh, that's awesome! |
| IMAGE="${{ inputs.tool_name }}:app" | ||
|
|
||
| FAILED=0 | ||
| if docker run --rm $IMAGE ps --version > /dev/null 2>&1; then |
There was a problem hiding this comment.
for this line and similar lines below, would it be helpful to remove /dev/null 2>&1? Just thinking that it might be useful to see that output in the github actions log in case we need to see the error message (or conversely, see the version of ps, sed, etc.
There was a problem hiding this comment.
The error has to be routed to stdout instead of stderr, or the step fails at docker run --rm $IMAGE ps --version and won't continue on.
| # Where users can find instructions or manuals for the software | ||
| org.opencontainers.image.documentation="https://github.com/StaPH-B/docker-builds" \ | ||
| # Link to the source code used to build the image (which is often a GitHub url) | ||
| org.opencontainers.image.source="https://github.com/StaPH-B/docker-builds" \ |
There was a problem hiding this comment.
reminder to double-check that this label org.opencontainers.image.source as well as the label org.opencontainers.image.url are accurate
If one of them will always link back to this github repo, we should state that in the comment so users know to keep it static
| @@ -1,3 +1,5 @@ | |||
| # syntax=docker/dockerfile:1 | |||
There was a problem hiding this comment.
Just curious - what does this comment line do? Is there a meaning behind this?
There was a problem hiding this comment.
We can remove this if we want to. Our Dockerfiles are pretty basic.
This tells Docker which parser/feature set to use when reading the Dockerfile, specifically it instructs Docker to use the BuildKit Dockerfile frontend (docker/dockerfile). The :1 means version 1 of that syntax.
It must appear at the very top of the Dockerfile before any other instructions.
I am not clear about all the features of using this line, but it enables modern Dockerfile features that aren’t available in the legacy parser, such as - RUN --mount=type=cache.
There's supposed to be improved performance with BuildKit.
3 participants
This PR contains
a. The templates include a CMD line, new labels, creation of a non-root user, and other updates.
b. There's a LOT more of them for images built in rust, R, and java
a. Build to test is now split into three sections to assist in code review : builder (optional), app, and test
b. Adjusted for new labels
c. Explicit testing for nextflow deps
d. Added linting and security testing (set up to be ignored right now)
e. Created a bot to assist in comparing two files