Geodesic v4 (#961)

* Breaking changes
* Major new features

.coderabbit.yaml

@@ -0,0 +1,111 @@
+language: en-US
+tone_instructions: ''
+early_access: true
+enable_free_tier: true
+reviews:
+  profile: chill
+  request_changes_workflow: false
+  high_level_summary: true
+  high_level_summary_placeholder: '@coderabbitai summary'
+  high_level_summary_in_walkthrough: false
+  auto_title_placeholder: '@coderabbitai'
+  auto_title_instructions: ''
+  review_status: true
+  commit_status: true
+  fail_commit_status: false
+  collapse_walkthrough: true
+  changed_files_summary: true
+  sequence_diagrams: false
+  assess_linked_issues: true
+  related_issues: true
+  related_prs: true
+  suggested_labels: false
+  auto_apply_labels: false
+  suggested_reviewers: false
+  poem: false
+  labeling_instructions: []
+  path_filters: []
+  path_instructions: []
+  abort_on_close: true
+  auto_review:
+    enabled: true
+    auto_incremental_review: true
+    ignore_title_keywords: []
+    labels: []
+    drafts: false
+    base_branches: []
+  finishing_touches:
+    docstrings:
+      enabled: true
+  tools:
+    shellcheck:
+      enabled: true
+    ruff: # for Python
+      enabled: false
+    markdownlint:
+      enabled: true
+    github-checks:
+      enabled: true
+      timeout_ms: 90000
+    languagetool:
+      enabled: true
+      enabled_only: false
+      level: default
+    biome: # For JavaScript/TypeScript
+      enabled: false
+    hadolint:
+      enabled: true
+    swiftlint: # For Swift
+      enabled: false
+    phpstan: # For PHP
+      enabled: false
+      level: default
+    golangci-lint: # For Go
+      enabled: false
+    yamllint:
+      enabled: true
+    gitleaks:
+      enabled: true
+    checkov:
+      enabled: true
+    detekt: # For Kotlin
+      enabled: false
+    eslint: # For JavaScript/TypeScript
+      enabled: false
+    rubocop: # For Ruby
+      enabled: false
+    buf: # For Protobuf
+      enabled: false
+    regal: # For Rego
+      enabled: false
+    actionlint:
+      enabled: true
+    pmd: # For Java
+      enabled: false
+    cppcheck: # For C/C++
+      enabled: false
+    semgrep: # Static analysis. CodeRabbit recommends disabling this tool unless you configure specific rules for it.
+      enabled: false
+    circleci: # For CircleCI
+      enabled: false
+chat:
+  auto_reply: true
+  integrations:
+    jira:
+      usage: disabled
+    linear:
+      usage: disabled
+knowledge_base:
+  opt_out: false
+  learnings:
+    scope: auto
+  issues:
+    scope: auto
+  jira:
+    usage: disabled
+    project_keys: []
+  linear:
+    usage: disabled
+    team_keys: []
+  pull_requests:
+    scope: auto

.editorconfig

@@ -1,5 +1,12 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
 [*]
+end_of_line = lf
 insert_final_newline = true
+trim_trailing_whitespace = true
+charset = utf-8
 
 # Override for Makefile
 [{Makefile, makefile, GNUmakefile}]
@@ -13,7 +20,6 @@ indent_size = 4
 [*.yaml]
 indent_style = space
 indent_size = 2
-trim_trailing_whitespace = true
 
 [*.sh]
 indent_style = tab

Dockerfile.custom

@@ -17,7 +17,7 @@
 # We always recommend pinning versions where changes are likely to break things.
 # We put the versions up top here so they are easy to find and update.
 # Find the latest version at https://github.com/cloudposse/geodesic/releases
-ARG VERSION=2.11.0
+ARG VERSION=4.0.0
 # Changing base OS for Geodesic is possible by changing this arg, but
 # unfortunately, the package managers are different, so it is not that simple.
 ARG OS=debian
@@ -45,30 +45,18 @@ ENV AWS_REGION_ABBREVIATION_TYPE=fixed
 ENV AWS_DEFAULT_REGION=us-west-2
 ENV AWS_DEFAULT_SHORT_REGION=uw2
 
-# Install specific versions of Terraform.
-# We patch specific patch versions because Terraform will not operate
-# on Terraform "states" that have been touched by later versions.
-ARG TF_014_VERSION=0.14.10
-ARG TF_015_VERSION=0.15.4
-ARG TF_1_VERSION=1.0.4
-RUN apt-get update && apt-get install -y -u \
-  terraform-0.14="${TF_014_VERSION}-*" terraform-0.15="${TF_015_VERSION}-*" \
-  terraform-1="${TF_1_VERSION}-*"
-# Set Terraform 0.14.x as the default `terraform`. You can still use
-# version 0.15.x by calling `terraform-0.15` or version 1.x as terraform-1
-RUN update-alternatives --set terraform /usr/share/terraform/0.14/bin/terraform
 
 # Pin kubectl minor version (must be within 1 minor version of cluster version)
 # Note, however, that due to Docker layer caching and the structure of this
 # particular Dockerfile, the patch version will not automatically update
 # until you change the minor version or change the base Geodesic version.
 # If you want, you can pin the patch level so you can update it when desired.
-ARG KUBECTL_VERSION=1.20
+ARG KUBECTL_VERSION=1.30
 RUN apt-get update && apt-get install kubectl-${KUBECTL_VERSION}
 
 # Install Atmos CLI (https://github.com/cloudposse/atmos)
 RUN apt-get install atmos
 
 COPY rootfs/ /
 
-WORKDIR /
+WORKDIR /workspace

Dockerfile.options

@@ -31,7 +31,7 @@ ENV MAKE_INCLUDES="Makefile Makefile.*"
 # This is separate so that updating it does not invalidate the Docker cache layer with all the packages installed above
 # https://cloud.google.com/sdk/docs/release-notes
 ARG GOOGLE_CLOUD_CLI_VERSION
-ENV CLOUDSDK_CONFIG=/localhost/.config/gcloud/
+ENV CLOUDSDK_CONFIG=/etc/xdg_config_home/.config/gcloud/
 
 RUN apt-get update && apt-get install -y google-cloud-cli=${GOOGLE_CLOUD_CLI_VERSION}-\*
 
@@ -43,95 +43,3 @@ RUN { gcloud config set core/disable_usage_reporting true --installation && \
 
 
 
-####################################################################################
-# kops support
-# If you are using Cloud Posse's kops reference architecture, you con configure it
-# in your Dockerfile like this (edit as desired)
-
-ENV KOPS_CLUSTER_NAME=example.foo.bar
-
-ENV KOPS_MANIFEST=/conf/kops/manifest.yaml
-ENV KOPS_TEMPLATE=/templates/kops/default.yaml
-ENV KOPS_STATE_STORE s3://undefined
-ENV KOPS_STATE_STORE_REGION us-east-1
-ENV KOPS_FEATURE_FLAGS=+DrainAndValidateRollingUpdate
-
-ENV KOPS_BASTION_PUBLIC_NAME="bastion"
-
-ENV KUBECONFIG=/dev/shm/kubecfg
-ENV KUBECONFIG_TEMPLATE=/templates/kops/kubecfg.yaml
-
-RUN /usr/bin/kops completion bash > /etc/bash_completion.d/kops.sh
-
-# Instance sizes for kops bastion, master nodes, and worker nodes
-ENV BASTION_MACHINE_TYPE "t3.small"
-ENV MASTER_MACHINE_TYPE "t3.medium"
-ENV NODE_MACHINE_TYPE "t3.medium"
-
-# Min/Max number of nodes (aka workers) per region
-ENV NODE_MAX_SIZE 2
-ENV NODE_MIN_SIZE 2
-
-# end of kops support section
-####################################################################################
-
-#### ALPINE ONLY ####
-# Alpine does not include the very common `glibc` GNU C Standard Library, which
-# causes compatibility problems. Among other things, AWS CLI v2 does not work
-# out of the box with Alpine. The following recipe installs `glibc` , and has to be run
-# before installing other packages, particularly `libc6-compat`, and then,
-# because it conflicts, you have to tweak a bit and then install `libc6-compat`.
-# So put this in Dockerfile.alpine after setting up the package repositories
-# but before installing any packages https://github.com/cloudposse/geodesic/blob/91336bf56fb7ff0d9812e01ceacc40ca59a17cce/os/alpine/Dockerfile.alpine#L81
-# (Not verified)
-
-# Install glibc and glibc-bin and the C.UTF-8 locale
-ENV LANG=C.UTF-8
-ARG ALPINE_GLIBC_PACKAGE_VERSION=2.33-r0
-RUN apk update && apk add -u curl && \
-  ALPINE_GLIBC_PACKAGE_VERSION="${ALPINE_GLIBC_PACKAGE_VERSION}" && \
-  curl -sSLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${ALPINE_GLIBC_PACKAGE_VERSION}/glibc-${ALPINE_GLIBC_PACKAGE_VERSION}.apk &&
-  apk add --allow-untrusted glibc-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && rm glibc-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && \
-  curl -sSLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${ALPINE_GLIBC_PACKAGE_VERSION}/glibc-bin-${ALPINE_GLIBC_PACKAGE_VERSION}.apk &&
-  apk add --allow-untrusted glibc-bin-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && rm glibc-bin-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && \
-  curl -sSLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${ALPINE_GLIBC_PACKAGE_VERSION}/glibc-i18n-${ALPINE_GLIBC_PACKAGE_VERSION}.apk &&
-  apk add --allow-untrusted glibc-i18n-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && rm glibc-i18n-${ALPINE_GLIBC_PACKAGE_VERSION}.apk && \
-  /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \
-  printf "export LANG=%s\n" "$LANG" > /etc/profile.d/locale.sh && \
-  apk del glibc-i18n && \
-  rm -f /usr/glibc-compat/lib/ld-linux-x86-64.so.2 && \
-  /usr/glibc-compat/sbin/ldconfig
-
-
-# Remove conflicting link, install libc6-compat, restore link to glibc
-RUN mv /lib64/ld-linux-x86-64.so.2 /lib64/glibc-ld-linux-x86-64.so.2 && \
-  apk add --force-overwrite libc6-compat && \
-  rm -f /lib64/ld-linux-x86-64.so.2 && \
-  mv /lib64/glibc-ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2  && \
-  /usr/glibc-compat/sbin/ldconfig
-
-
-# Now you can install packages
-# https://github.com/cloudposse/geodesic/blob/91336bf56fb7ff0d9812e01ceacc40ca59a17cce/os/alpine/Dockerfile.alpine#L81-L88
-
-
-# Now you can move AWS CLI v1 aside, keep it as an alternative, and install AWS CLI v2
-
-# Move AWS CLI v1 to aws1 and set up alternatives
-RUN mv /usr/bin/aws /usr/local/bin/aws1 && \
-    update-alternatives --install /usr/local/bin/aws aws /usr/local/bin/aws1 1
-
-
-# Install AWS CLI 2
-# Get version from https://github.com/aws/aws-cli/blob/v2/CHANGELOG.rst
-# We cannot automatically track the release versions, so we just install the latest
-# ARG AWS_CLI_VERSION=2.1.34
-RUN AWSTMPDIR=$(mktemp -d -t aws-inst-XXXXXXXXXX) && \
-    curl -sSsSL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64${AWS_CLI_VERSION:+-${AWS_CLI_VERSION}}.zip" -o "$AWSTMPDIR/awscliv2.zip" && \
-    cd $AWSTMPDIR && \
-    unzip -qq awscliv2.zip && \
-    ./aws/install -i /usr/share/aws/v2 -b /usr/share/aws/v2/bin && \
-    update-alternatives --install /usr/local/bin/aws aws /usr/share/aws/v2/bin/aws 2 && \
-    rm -rf $AWSTMPDIR
-
-

Makefile

@@ -47,17 +47,22 @@ build: $(DOCKER_BASE_OS).build
 install: $(DOCKER_BASE_OS).install
 
 run:
-	@geodesic
+	@$(APP_NAME)
+
+run/solo:
+	@$(APP_NAME) --solo
 
 %.run: %.build %.install
-	@geodesic
+	@$(APP_NAME)
 
 run/check:
 	@if [[ -n "$$(docker ps --format '{{ .Names }}' --filter name="^/$(APP_NAME)\$$")" ]]; then \
 		printf "**************************************************************************\n" ; \
 		printf "Not launching new container because old container is still running.\n"; \
-		printf "Exit all running container shells gracefully or kill the container with\n\n"; \
-		printf "  docker kill %s\n\n" "$(APP_NAME)" ; \
+		printf "Exit all running container shells gracefully or quit the container with\n\n"; \
+		printf "  %s stop\n\n" "$(APP_NAME)" ; \
+		printf "Then, all new shells will be running in the same new container.\n\n" ; \
+		printf "Alternately, run \`make run/solo\` or \`$(APP_NAME) --solo\` to start a new container.\n" ; \
 		printf "**************************************************************************\n" ; \
 		exit 9 ; \
 	fi

README.md

@@ -76,6 +76,20 @@ We recommend starting by using `geodesic` as a Docker base image (e.g. `FROM clo
 > Starting with Geodesic 2.0, we distributed Geodesic as a multi-platform (`linux/amd64`, `linux/arm64`) Debian-based Docker image and a single-platform (`linux/amd64`) Alpine-based image.
 > We moved the `cloudposse/geodesic:latest` Docker image tag from the Alpine version to the Debian version at that time.
 
+
+### What’s Changed in Geodesic 4.0
+
+Geodesic 4.0 is a major release that brings many new features and improvements. The most notable changes are:
+
+- The first launched shell is no longer special. All shells are now equal, and you can quit them in any order.
+  The geodesic container remains running until the last shell exits.
+- The `geodesic` command now has a `--solo` option that allows you to launch a new Geodesic container for just that one shell.
+- Geodesic no longer mounts the host user's entire home directory into the container. Instead, it mounts only selected directories.
+- The `geodesic stop` command has been enhanced to shut down the Geodesic container gracefully, rather than forcefully, allowing,
+  among other things, shell scripts to run their exit handlers.
+
+See extensive release notes for Geodesic 4.0 [here](ReleaseNotes-v4.md).
+
 ### What’s Changed in Geodesic 3.0
 
 Rather than bringing new features, Geodesic 3.0 is focused on slimming down the Docker image and removing outdated tools.
@@ -136,9 +150,9 @@ The `latest` tag points to the latest Debian-based image, although we recommend
 
 ### Quickstart
 
-#### docker run
+#### Installing Geodesic
 
-Launching Gedoesic is a bit complex, so we recommend you install a launch script by running
+Launching Geodesic is a bit complex, so we recommend you install a launch script by running
 ```
 docker run --rm cloudposse/geodesic:latest-debian init | bash
 ```
@@ -147,14 +161,28 @@ After that, you should be able to launch Geodesic just by typing
 geodesic
 ```
 
+Alternately, customize the Makefile as described below and use `make install` to build your custom image
+and install the launch script.
+
+#### Running Geodesic
+
+Geodesic has only a few commands and command-line options. The most important command is `geodesic`, which launches the Geodesic shell.
+The only other command you might normally use is `geodesic stop`, which stops the Geodesic container, but
+Geodesic automatically quits (and removes the Docker container) when you exit the last shell, so you should rarely need to use `geodesic stop`.
+
+Run `geodesic help` for a list of command-line options.
+
+See [customization](/docs/customization.md) documentation for information on how to customize your Geodesic environment.
+Geodesic has many customization options, but they are most commonly set in configuration files, not on the command line.
+
 ### Customizing your Docker image
 
 In general we recommend creating a customized version of Geodesic by creating your own `Dockerfile` starting with
 ```
 # We always recommend pinning versions to avoid surprises and breaking changes.
 # We put the version up top here so it is easy to find and update.
 # Find the latest version at https://github.com/cloudposse/geodesic/releases
-ARG VERSION=3.0.0
+ARG VERSION=4.0.0
 # If you don't want to bothered with updating the version, you can use `latest` instead,
 # but keep in mind that as long as you have a local image with the `latest` tag,
 # it will not be updated by `docker run`. You will have to explicitly pull the latest image.
@@ -170,6 +198,17 @@ ENV BANNER="my-custom-geodesic"
 
 You can see some example configuration options to include in [Dockerfile.options](./Dockerfile.options).
 
+#### Makefile customizations
+
+We also recommend creating a `Makefile` to simplify building and running your custom image.
+You can use the [Makefile](/Makefile) in this repository with minimal modifications.
+
+- Update `DOCKER_ORG` and `DOCKER_IMAGE` to match your Docker Hub username and the name of your custom image.
+- Update `DOCKER_FILE` to match the path to your custom `Dockerfile`.
+- Update `APP_NAME` to give the command to launch your custom image a custom name.
+
+Then you can build your custom image with `make build` and run it with `make run`.
+
 #### Multi-platform gotchas
 
 Although the Geodesic base image is provided in 2 architectures, when you do a local build
@@ -324,7 +363,7 @@ All other trademarks referenced herein are the property of their respective owne
 
 
 ---
-Copyright © 2017-2024 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2025 [Cloud Posse, LLC](https://cpco.io/copyright)
 
 
 <a href="https://cloudposse.com/readme/footer/link?utm_source=github&utm_medium=readme&utm_campaign=cloudposse/geodesic&utm_content=readme_footer_link"><img alt="README footer" src="https://cloudposse.com/readme/footer/img"/></a>