Add CI action to push images to Docker Hub #1917
Conversation
DanielCosme
added
the
AMAUAT
DanielCosme
force-pushed
the
dev/trim-dockerfile
branch
from
97499bd
to
6bcc277
Compare
DanielCosme
added
AMAUAT
There was a problem hiding this comment.
@DanielCosme great progress! The new workflow for publishing images looks good to me. I haven't tested the Dockerfile in the PR yet, but I left a few questions and suggestions.
.github/workflows/push-images.yml
Outdated
| on: workflow_dispatch | ||
| jobs: | ||
| build: | ||
| name: "Builds images and push them to Docker Hub" |
There was a problem hiding this comment.
| name: "Builds images and push them to Docker Hub" | |
| name: "Build and push images" |
.github/workflows/push-images.yml
Outdated
| load: true | ||
| file: ./hack/Dockerfile | ||
| target: "archivematica-mcp-server" | ||
| tags: artefactual/archivematica-mcp-server:latest |
There was a problem hiding this comment.
Could we add a newline at the end of the file?
hack/Dockerfile
Outdated
| libldap2-dev \ | ||
| libsasl2-dev \ |
There was a problem hiding this comment.
Could these be removed since they're already installed in the base-builder?
hack/Dockerfile
Outdated
| && apt-get update \ | ||
| && apt-get install -y --no-install-recommends \ | ||
| coreutils \ | ||
| clamav \ |
There was a problem hiding this comment.
I might be wrong, but I think the clamav package and the:
# Download ClamAV virus signatures
RUN freshclam --quiet
instruction below are only necessary in the MCPClient stage.
There was a problem hiding this comment.
Done. Nothing broke in the tests.
hack/Dockerfile
Outdated
| RUN set -ex \ | ||
| && apt-get update \ | ||
| && apt-get install -y --no-install-recommends \ | ||
| coreutils \ |
There was a problem hiding this comment.
I noticed the ansible-archivematica-src vars set this as a dashboard dependency. Should it be moved there?
There was a problem hiding this comment.
I remember. I decided to leave coreutils here just because I don't understand the components and dependencies enough. coreutils contains (sometimes) essential packages for the OS. And since AM is so reliant on OS dependencies I left it in the base-builder step. Should I remove it?
There was a problem hiding this comment.
I think you can try moving coreutils to the dashboard stage and let the Acceptance Test workflow to tell you if anything breaks.
There was a problem hiding this comment.
coreutils removed. nothing broke :)
| @@ -283,7 +296,75 @@ ENTRYPOINT ["pyenv", "exec", "python3", "-m", "gunicorn", "--config=/src/src/das | |||
|
|
|||
| # ----------------------------------------------------------------------------- | |||
|
|
|||
| FROM base AS archivematica-tests | |||
| FROM base-builder as archivematica-tests | |||
There was a problem hiding this comment.
I think the archivematica-tests stage can be much more simple. It's needed for running tox and building its virtual environments, so it only needs Python, the common development libraries base-builder already has and from a quick local test based on the qa/1.x branch the following dependencies:
gccfor building C dependencies for the virtual environment.media-types,p7zip-full,rsyncandunarfor being able to run the Storage Service tests from thehack/Makefile.
There was a problem hiding this comment.
Yeah, it works, thank you. Done.
hack/Dockerfile
Outdated
| RUN set -ex \ | ||
| && groupadd --gid ${GROUP_ID} --system archivematica \ | ||
| && useradd --uid ${USER_ID} --gid ${GROUP_ID} --home-dir /var/archivematica --system archivematica \ | ||
| && mkdir -p /var/archivematica/sharedDirectory \ | ||
| && chown -R archivematica:archivematica /var/archivematica | ||
|
|
||
| # Download ClamAV virus signatures | ||
| RUN freshclam --quiet | ||
|
|
||
| USER archivematica | ||
|
|
||
| COPY --chown=${USER_ID}:${GROUP_ID} --from=pyenv-builder --link ${PYENV_DIR} ${PYENV_DIR} | ||
| COPY --chown=${USER_ID}:${GROUP_ID} --link . /src |
There was a problem hiding this comment.
Not sure if it makes sense, but I think if you end up moving all the OS dependencies out of base to their corresponding stages, this block might be inherited from the base stage instead.
There was a problem hiding this comment.
So what I think you are saying is that this block is not really needed because it already happens in base. So by having this block here is just redundant, doing the same work again, right?
.github/workflows/push-images.yml
Outdated
| file: ./hack/Dockerfile | ||
| target: "archivematica-dashboard" | ||
| tags: artefactual/archivematica-dashboard:latest | ||
| - name: "Build and Push MCP-client" |
There was a problem hiding this comment.
| - name: "Build and Push MCP-client" | |
| - name: "Build and push MCPClient" |
.github/workflows/push-images.yml
Outdated
| file: ./hack/Dockerfile | ||
| target: "archivematica-mcp-client" | ||
| tags: artefactual/archivematica-mcp-client:latest | ||
| - name: "Build and Push MCP-server" |
There was a problem hiding this comment.
| - name: "Build and Push MCP-server" | |
| - name: "Build and push MCPServer" |
hack/Dockerfile
Outdated
| ARG USER_ID=1000 | ||
| ARG GROUP_ID=1000 | ||
| ARG PYENV_DIR=/pyenv |
There was a problem hiding this comment.
According to the docs, we don't need to redefine the default again when pulling the argument, e.g.:
| ARG USER_ID=1000 | |
| ARG GROUP_ID=1000 | |
| ARG PYENV_DIR=/pyenv | |
| ARG USER_ID | |
| ARG GROUP_ID | |
| ARG PYENV_DIR |
DanielCosme
added
AMAUAT
|
@replaceafill I think I addressed all feedback. All tests are passing, if you have any further feedback, let me know. |
DanielCosme
force-pushed
the
dev/trim-dockerfile
branch
from
86dcdbc
to
4e772f4
Compare
DanielCosme
force-pushed
the
dev/trim-dockerfile
branch
from
4e772f4
to
b3f5b83
Compare
This adds a data migration for replacing the existing command with a fixed version of its Python script.
orjson is significantly faster and comes with native serialization of some types like datetime or UUID.
This commit modifies the MCPServer to encode the `createdDate` of tasks using `datetime` which is natively supported by our JSONDataEncoder. The conversion to the METS-compliant format now occurs during the decoding process on the client side. This change ensures consistent use of RFC 3339 format across all communications.
MySQL uses mbind to bind processes and threads to CPUs which is not allowed by
the default configuration of Docker's seccomp profile. This causes MySQL to log
the following error repeatedly:
mbind: Operation not permitted
Adding the `SYS_NICE` capability to the container forces Docker to adjust the
default seccomp profile to include the necessary permissions. For more details,
visit docker-library/mysql#303.
It looks like MySQL fixed the problem in [v8.0.13] but Percona doesn't seem to
have received this update.
[v8.0.13]: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-13.html
This replaces the black, pyupgrade, reorder-python-imports and flake8 hooks in pre-commit with ruff. It also upgrades the django-upgrade and markdownlint-cli hooks.
This PR creates a Github Action that builds and push docker images to Docker Hub. For now the trigger to this workflow will be manual and will be tagged only with
latest. We expect to do a second pass on this workflow so that we have multiple tags that relate to different versions of AM. We will do this once we have a better understanding on how a dockerised production grade deployment of AM looks like.Also, the Dockerfile has been reworked a little bit to make the resulting images smaller in the registry. We did this by only using dependencies that are strictly needed for all components of AM. Before all 3 components shared dependencies that where not really needed.
I expect to do an additional pass on this file in the future, once I have a better understanding on how the dependencies work. As for the
archivematica-teststarget I left it as it was originally.