Skip to content
This repository has been archived by the owner on Oct 5, 2024. It is now read-only.

Optimise dockerfiles, fix ci, release images #444

Merged
merged 23 commits into from
Dec 1, 2023
Merged
Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
7ce8d09
build(fix): change port for ui back to 5000
spwoodcock Nov 9, 2023
945f002
build: update labels & use /code dir over /opt
spwoodcock Nov 9, 2023
1d7505e
build: add debug and prod stage to underpass dockerfile
spwoodcock Nov 9, 2023
a6a0b24
build: allow port bind overrides in compose
spwoodcock Nov 9, 2023
ee9cd55
ci(release): add workflow to build release images
spwoodcock Nov 9, 2023
090bba1
build: add ci stage in dockerfile, use for tests
spwoodcock Nov 9, 2023
9ed590f
build: default to target: debug in local compose
spwoodcock Nov 9, 2023
dd72e02
ci: rename release image file --> yml
spwoodcock Nov 9, 2023
7b95f96
ci: update ci_local.sh to use compose v2, simplify
spwoodcock Nov 9, 2023
7315bb0
ci(tests): use reusable workflow test_compose for build & test
spwoodcock Nov 9, 2023
cb54001
test: add act config for local gh-workflow testing
spwoodcock Nov 9, 2023
bc4bd3a
build: add debug stages to dockerfiles for live reload
spwoodcock Nov 9, 2023
1558e77
ci: build release imgs to prod docker target
spwoodcock Nov 9, 2023
883040d
build: allow bind mounting code for debug images
spwoodcock Nov 9, 2023
ed9f68f
build: rename underpass/server image --> underpass
spwoodcock Nov 9, 2023
cb23f63
build(fix): underpass-ui image change build dir --> /code
spwoodcock Nov 9, 2023
4291222
fix: rebase conflicts for multistage dockerfiles
spwoodcock Nov 21, 2023
809fc4f
ci: update gh-workflow versions --> 1.3.0
spwoodcock Nov 21, 2023
29e2446
ci: rename build release img workflow
spwoodcock Nov 21, 2023
356cd33
ci: update workflow versions 1.3.0 --> 1.4.0
spwoodcock Nov 30, 2023
b8b4593
build: fix underpass-ui compose port mapping
spwoodcock Nov 30, 2023
e217b44
ci: update workflows 1.4.0 --> 1.4.1
spwoodcock Nov 30, 2023
06c131d
ci: allow manual trigger of test workflow
spwoodcock Dec 1, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# Ignore everything
**

# Allow files and directories

# Underpass
!src
!config
!setup
!docker/bzip2.pc
!autogen.sh
!configure.ac
!Makefile.am
!m4
!dist
!docs
!ABOUT-NLS
!config.rpath
!docker/ci-entrypoint.sh

# API
!python
29 changes: 29 additions & 0 deletions .github/workflows/release_img.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: 🔧 Build Release Image

on:
release:
types: [published]
# Allow manual trigger
workflow_dispatch:

jobs:
underpass-build:
uses: hotosm/gh-workflows/.github/workflows/image_build.yml@1.3.0
with:
dockerfile: docker/underpass.dockerfile
build_target: prod
image_name: ghcr.io/${{ github.repository }}

api-build:
uses: hotosm/gh-workflows/.github/workflows/image_build.yml@1.3.0
with:
dockerfile: docker/underpass-api.dockerfile
build_target: prod
image_name: ghcr.io/${{ github.repository }}/api

ui-build:
uses: hotosm/gh-workflows/.github/workflows/image_build.yml@1.3.0
with:
dockerfile: docker/underpass-ui.dockerfile
build_target: prod
image_name: ghcr.io/${{ github.repository }}/ui
32 changes: 14 additions & 18 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
@@ -1,29 +1,25 @@
name: 🧪 Build and test
name: 🧪 Build and Test

on:
push:
branches:
- master
pull_request:
branches:
- master
paths:
- src/**
- .github/workflows/**
- docker/**

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
# Relies on the master branch built docker image for build-deps
- name: Start Docker Compose & build
run: cd docker && docker-compose up -d underpass
# Build and run tests
- name: Build and run tests
run: |
docker-compose -f docker-compose.yml exec -T underpass sh -c "cd /code/build && make check -j `nproc`"
exit_code=$?
if [ $exit_code -ne 0 ]; then
echo "Test failed with exit code $exit_code"
exit $exit_code
fi
build-and-test:
uses: hotosm/gh-workflows/.github/workflows/test_compose.yml@1.3.0
with:
image_name: ghcr.io/${{ github.repository }}
build_dockerfile: docker/underpass.dockerfile
compose_service: underpass
compose_command: echo "Tests complete."
# TODO update postgis image to use github repo var ${{ vars.POSTGIS_TAG }}
cache_extra_imgs: |
"docker.io/postgis/postgis:15-3.3-alpine"
10 changes: 10 additions & 0 deletions .github/workflows/tests/pr_payload.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"pull_request": {
"head": {
"ref": "feat/some-new-thing"
},
"base": {
"ref": "master"
}
}
}
4 changes: 4 additions & 0 deletions .github/workflows/tests/push_payload.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
{
"base_ref ": "master",
"ref": "refs/heads/master"
}
19 changes: 19 additions & 0 deletions .github/workflows/tests/test_ci.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/bin/sh

set -e

########################################
# Note: run this from the repo root.
########################################

# Tests
act pull_request -W .github/workflows/tests.yml \
-e .github/workflows/tests/pr_payload.json

# Docs
act push -W .github/workflows/docs.yml \
-e .github/workflows/tests/pr_payload.json

# Release
act release -W .github/workflows/release_img.yml \
-e .github/workflows/tests/push_payload.json
20 changes: 4 additions & 16 deletions ci/ci_local.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,12 @@ cd ${TEMP_DIR}
make distclean -j `nproc` || true
make clean -j `nproc` || true

DOCKER_DIR="${TEMP_DIR}"
DOCKER_COMPOSE_FILE="${DOCKER_DIR}/docker-compose.yml"
DOCKER_BASE_COMMAND="docker-compose -f ${DOCKER_COMPOSE_FILE}"
# Run CI
APP_VERSION=ci docker compose run underpass --exit-code-from=underpass

# Run the composition
${DOCKER_BASE_COMMAND} up -d
# Shut down containers
APP_VERSION=ci docker compose down

# Build Underpass Library and Binaries
${DOCKER_BASE_COMMAND} exec -T underpass sh -c "cd /code && git clean -fx && git clean -f -d && ./autogen.sh && (rm -rf build || true) && mkdir build && cd build && ../configure --enable-shared && make -j `nproc`"

# Build and Run Underpass Tests - broken: alway succeeds
${DOCKER_BASE_COMMAND} exec -T underpass sh -c "cd /code/build/src/testsuite/libunderpass.all && make check -j `nproc`"

# Comment the cleanup lines below or exit here if you want to run additional
# tests from a console in the temp container, for instance with:
${DOCKER_BASE_COMMAND} exec underpass bash

${DOCKER_BASE_COMMAND} down
echo "Remove temporary folder ${TEMP_DIR}"
sudo rm -rf ${TEMP_DIR}

Expand Down
35 changes: 25 additions & 10 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,10 @@ version: "3"
services:
# Database
postgis:
image: postgis/postgis:15-3.3
# image: arm64v8/postgres:15.3-alpine3.18
image: postgis/postgis:${POSTGIS_TAG:-15-3.3-alpine}
container_name: "underpass_postgis"
ports:
- "5439:5432"
- "${DB_PORT:-5439}:5432"
environment:
- POSTGRES_DB=underpass
- POSTGRES_USER=underpass
Expand All @@ -44,10 +43,15 @@ services:

# Underpass
underpass:
image: "ghcr.io/hotosm/underpass:${APP_VERSION:-debug}"
container_name: "underpass"
build:
context: .
dockerfile: docker/underpass.dockerfile
target: debug
args:
APP_VERSION: ${APP_VERSION:-debug}
depends_on: [postgis]
environment:
- REPLICATOR_UNDERPASS_DB_URL=underpass:underpass@postgis/underpass
command: tail -f /dev/null
Expand All @@ -58,30 +62,41 @@ services:
internal:

# Underpass API
underpass-api:
api:
image: "ghcr.io/hotosm/underpass/api:${APP_VERSION:-debug}"
container_name: "underpass_api"
build:
context: .
dockerfile: docker/underpass-api.dockerfile
# volumes:
# - ./python:/code/api
target: debug
args:
APP_VERSION: ${APP_VERSION:-debug}
depends_on: [underpass]
volumes:
- ./python:/code
ports:
- "8000:8000"
- "${API_PORT:-8000}:8000"
networks:
internal:
environment:
- UNDERPASS_API_DB=postgresql://underpass:underpass@postgis/underpass

# Underpass UI
underpass-ui:
ui:
image: "ghcr.io/hotosm/underpass/ui:${APP_VERSION:-debug}"
container_name: "underpass_ui"
build:
context: .
dockerfile: docker/underpass-ui.dockerfile
target: debug
args:
APP_VERSION: ${APP_VERSION:-debug}
# # Mount underpass-ui repo
# volumes:
# - js:/code
# - ../underpass-ui/src:/code/src
# - ../underpass-ui/playground:/code/playground
ports:
- "5000:5000"
- "${UI_PORT:-5000}:8080"
spwoodcock marked this conversation as resolved.
Show resolved Hide resolved
networks:
internal:

Expand Down
40 changes: 40 additions & 0 deletions docker/ci-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
#!/bin/bash

set -euo pipefail

yellow_echo() {
local message="$1"
local separator="--------------------------------------------------------"
local sep_length=${#separator}
local pad_length=$(( (sep_length - ${#message}) / 2 ))
local pad=""

for ((i=0; i<pad_length; i++)); do
pad="$pad "
done

echo ""
echo -e "\e[0;33m$separator\e[0m"
echo -e "\e[0;33m$pad$message$pad\e[0m"
echo -e "\e[0;33m$separator\e[0m"
echo ""
}

# Generate makefiles
yellow_echo "Generating Makefiles"
./autogen.sh

echo
echo "Entering 'build' directory"
cd build

# Test build works
yellow_echo "Building Underpass"
../configure
make -j $(nproc)
make install

# Run tests
yellow_echo "Running Tests"
cd /code/build/src/testsuite/libunderpass.all
make check -j `nproc`
88 changes: 80 additions & 8 deletions docker/underpass-api.dockerfile
Original file line number Diff line number Diff line change
@@ -1,20 +1,92 @@
FROM python:3.9
ARG PYTHON_TAG=${PYTHON_TAG:-3.10}

LABEL maintainer="Humanitarian OpenStreetMap Team" Description="This image provides the Underpass API" Vendor="HOT" Version="dev"

FROM docker.io/python:${PYTHON_TAG}-slim-bookworm as base
ARG APP_VERSION
ARG COMMIT_REF
LABEL org.hotosm.underpass.app-name="underpass-api" \
org.hotosm.underpass.app-version="${APP_VERSION}" \
org.hotosm.underpass.git-commit-ref="${COMMIT_REF:-none}" \
org.hotosm.underpass.maintainer="sysadmin@hotosm.org"
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends "locales" "ca-certificates" \
&& DEBIAN_FRONTEND=noninteractive apt-get upgrade -y \
&& rm -rf /var/lib/apt/lists/* \
&& update-ca-certificates
# Set locale
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8

WORKDIR /code

RUN apt-get update && apt-get -y install \
postgresql \
libpq-dev

COPY ./python/dbapi /code/api/dbapi
COPY ./python/restapi /code/api/restapi
FROM base as build
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends \
"build-essential" \
"libpq-dev" \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /opt/python
COPY python/dbapi/requirements.txt /opt/python/requirements.txt
COPY python/restapi/requirements.txt /opt/python/requirements2.txt
RUN pip install --user --no-warn-script-location --no-cache-dir \
-r /opt/python/requirements.txt -r /opt/python/requirements2.txt



FROM base as runtime
ARG PYTHON_TAG
ENV PYTHONDONTWRITEBYTECODE=1 \
PYTHONUNBUFFERED=1 \
PYTHONFAULTHANDLER=1 \
PATH="/home/appuser/.local/bin:$PATH" \
PYTHONPATH="/opt/restapi" \
PYTHON_LIB="/home/appuser/.local/lib/python$PYTHON_TAG/site-packages" \
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt \
CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
RUN set -ex \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install \
-y --no-install-recommends \
"postgresql-client" \
&& rm -rf /var/lib/apt/lists/*
COPY --from=build \
/root/.local \
/home/appuser/.local
COPY /python/dbapi /code/dbapi
COPY /python/restapi /code/restapi
WORKDIR /code/restapi
# Add non-root user, permissions
RUN useradd -r -u 1001 -m -c "hotosm account" -d /home/appuser -s /bin/false appuser \
&& chown -R appuser:appuser /code /home/appuser
# Change to non-root user
USER appuser
# Add Healthcheck
HEALTHCHECK --start-period=10s --interval=5s --retries=12 --timeout=5s \
CMD curl --fail http://localhost:8000 || exit 1



RUN pip3 install -r /code/api/dbapi/requirements.txt
RUN pip3 install -r /code/api/restapi/requirements.txt
FROM runtime as debug
CMD ["uvicorn", "main:app", \
"--host", "0.0.0.0", "--port", "8000", \
"--reload", "--log-level", "critical", "--no-access-log"]

WORKDIR /code/api/restapi

ENTRYPOINT ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

FROM runtime as prod
# Pre-compile packages to .pyc (init speed gains)
RUN python -c "import compileall; compileall.compile_path(maxlevels=10, quiet=1)"
# Note: 4 uvicorn workers as running with docker, change to 1 worker for Kubernetes
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", \
"--workers", "4", "--log-level", "critical", "--no-access-log"]
Loading
Loading