Skip to content

Commit

Permalink
Split java and bazel dependencies into a base build-tools image and c…
Browse files Browse the repository at this point in the history 
…onfigure image build separately

Use separate dockerhub account to test build and push of images

Add APT_KEY warning avoidance to base image

Pull from separate dockerhub account

Use conditional step in one workflow instead of alternate workflows

Use conditional step in one workflow instead of alternate workflows

Use conditional step in one workflow instead of alternate workflows

Use conditional step in one workflow instead of alternate workflows

Use conditional step in one workflow instead of alternate workflows

Use conditional step in one workflow instead of alternate workflows

Use conditional step in one workflow instead of alternate workflows

Revert all unnecessary changes

Move dependencies back into main image and only collect necessary ones for build tools

Use philomather dockerhub to test build and push

Test whether script fails for other reason

Test whether script fails for other reason

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in one commit

Test git diff command for changes in earlier commit

Test git diff command for changes in earlier commit

Test git diff command for changes outside directory

Test git diff command for changes inside directory

Test git diff command for changes inside directory

Test full build and push

Revert to using debricked dockerhub

Test moving remaining dependencies to other image

Test since squashing commits messes with diff

Test moving last required dependency

Final commit
  • Loading branch information
@philomather
philomather committed Aug 26, 2021
1 parent d0196a1 commit c66cdf7
Show file tree
Hide file tree
Showing 3 changed files with 184 additions and 160 deletions.
22 changes: 20 additions & 2 deletions .github/workflows/docker.yml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: Build and push Docker image
name: Build and push the docker image/s

on:
push:
Expand Down Expand Up @@ -29,7 +29,25 @@ jobs:
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build and push
name: Check for build-tools changes
id: git-diff
uses: technote-space/get-diff-action@v5
with:
PATTERNS: |
build-tools/**
-
name: Build and push build-tools image
if: steps.git-diff.outputs.count > 0
uses: docker/build-push-action@v2
with:
context: build-tools/
platforms: linux/amd64
push: true
tags: |
debricked/docker-image-build-tools:latest
ghcr.io/debricked/docker-image-build-tools:latest
-
name: Build and push full image
uses: docker/build-push-action@v2
with:
context: .
Expand Down
160 changes: 2 additions & 158 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
FROM php:8.0-fpm
FROM debricked/docker-image-build-tools:latest

ENV APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1
# Fixes problems with Puppeteer (Chromium API)
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD 1
# "fake" dbus address to prevent errors
Expand All @@ -24,7 +23,7 @@ RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - \
&& mkdir -p /usr/share/man/man1

RUN apt update && apt upgrade -y \
&& apt install unzip mariadb-client git zlibc zlib1g zlib1g-dev libzip-dev libicu-dev \
&& apt install unzip mariadb-client git zlib1g zlib1g-dev libzip-dev libicu-dev \
libpng-dev nodejs yarn libpcre3-dev optipng libxslt1-dev libxslt1.1 openjdk-11-jdk \
ca-certificates p11-kit libonig-dev libgcrypt20-dev \
sudo procps -y \
Expand Down Expand Up @@ -56,113 +55,6 @@ RUN cd /tmp \
&& cp src/cpulimit /usr/bin \
&& chmod +x /usr/bin/cpulimit

RUN curl -L -O https://download.java.net/openjdk/jdk7u75/ri/jdk_ri-7u75-b13-linux-x64-18_dec_2014.tar.gz \
&& tar -xvf jdk_ri-7u75-b13-linux-x64-18_dec_2014.tar.gz \
&& mkdir -p /usr/lib/jvm \
&& mv java-se-7u75-ri /usr/lib/jvm \
&& rm jdk_ri-7u75-b13-linux-x64-18_dec_2014.tar.gz

RUN curl -L -O https://download.java.net/openjdk/jdk8u40/ri/jdk_ri-8u40-b25-linux-x64-10_feb_2015.tar.gz \
&& tar -xvf jdk_ri-8u40-b25-linux-x64-10_feb_2015.tar.gz \
&& mv java-se-8u40-ri /usr/lib/jvm \
&& rm jdk_ri-8u40-b25-linux-x64-10_feb_2015.tar.gz

RUN curl -L -O https://download.java.net/java/GA/jdk9/9.0.4/binaries/openjdk-9.0.4_linux-x64_bin.tar.gz \
&& tar -xvf openjdk-9.0.4_linux-x64_bin.tar.gz \
&& mv jdk-9.0.4 /usr/lib/jvm \
&& rm openjdk-9.0.4_linux-x64_bin.tar.gz

RUN curl -L -O https://download.java.net/java/GA/jdk10/10.0.2/19aef61b38124481863b1413dce1855f/13/openjdk-10.0.2_linux-x64_bin.tar.gz \
&& tar -xvf openjdk-10.0.2_linux-x64_bin.tar.gz \
&& mv jdk-10.0.2 /usr/lib/jvm \
&& rm openjdk-10.0.2_linux-x64_bin.tar.gz

RUN update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/java-se-7u75-ri/bin/java" 1 \
&& update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/java-se-8u40-ri/bin/java" 1 \
&& update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk-9.0.4/bin/java" 1 \
&& update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk-10.0.2/bin/java" 1

ENV JAVA_HOME="/usr/lib/jvm/jdk-9.0.4"
ENV JAVA_HOME7="/usr/lib/jvm/java-se-7u75-ri"
ENV JAVA_HOME8="/usr/lib/jvm/java-se-8u40-ri"
ENV JAVA_HOME9="/usr/lib/jvm/jdk-9.0.4"
ENV JAVA_HOME10="/usr/lib/jvm/jdk-10.0.2"
ENV JAVA_HOME11="/usr/lib/jvm/java-11-openjdk-amd64"

# update "cacerts" bundle to use Debian's CA certificates (and make sure it stays up-to-date with changes to Debian's store)
# see https://github.com/docker-library/openjdk/issues/327
# http://rabexc.org/posts/certificates-not-working-java#comment-4099504075
# https://salsa.debian.org/java-team/ca-certificates-java/blob/3e51a84e9104823319abeb31f880580e46f45a98/debian/jks-keystore.hook.in
# https://git.alpinelinux.org/aports/tree/community/java-cacerts/APKBUILD?id=761af65f38b4570093461e6546dcf6b179d2b624#n29
RUN echo "JAVA_HOME is set to: $JAVA_HOME" && set -eux; \
{ \
echo '#!/usr/bin/env bash'; \
echo 'set -Eeuo pipefail'; \
#echo 'JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::")'; \
echo 'if [ -z "${JAVA_HOME}" ]; then echo >&2 "error: missing JAVA_HOME environment variable"; exit 1; fi'; \
# 8-jdk uses "$JAVA_HOME/jre/lib/security/cacerts" and 8-jre and 11+ uses "$JAVA_HOME/lib/security/cacerts" directly (no "jre" directory)
echo 'cacertsFile=; for f in "$JAVA_HOME/lib/security/cacerts" "$JAVA_HOME/jre/lib/security/cacerts"; do if [ -e "$f" ]; then cacertsFile="$f"; break; fi; done'; \
echo 'if [ -z "$cacertsFile" ] || ! [ -f "$cacertsFile" ]; then echo >&2 "error: failed to find cacerts file in $JAVA_HOME"; exit 1; fi'; \
echo 'trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$cacertsFile"'; \
} > /etc/ca-certificates/update.d/docker-openjdk; \
chmod +x /etc/ca-certificates/update.d/docker-openjdk; \
/etc/ca-certificates/update.d/docker-openjdk; \
\
#Manually add certificates for some maven and gradle repositories to java 8 and 10 since they aren't added automatically
java_version=8; \
java_certificates="java-se-8u40-ri/jre/lib/security/cacerts jdk-10.0.2/lib/security/cacerts"; \
for java_certificate in ${java_certificates}; do \
openssl s_client -showcerts -connect repo.jfrog.org:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >jfrog.PEM; \
yes | keytool -import -alias "jfrogCert$java_version" -keystore "/usr/lib/jvm/$java_certificate" -file jfrog.PEM -storepass changeit; \
openssl s_client -showcerts -connect dl.google.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >dlGoogle.PEM; \
yes | keytool -import -alias "dlGoogleCert$java_version" -keystore "/usr/lib/jvm/$java_certificate" -file dlGoogle.PEM -storepass changeit; \
openssl s_client -showcerts -connect maven.fabric.io:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >mavenFabricIo.PEM; \
yes | keytool -import -alias "mavenFabricIoCert$java_version" -keystore "/usr/lib/jvm/$java_certificate" -file mavenFabricIo.PEM -storepass changeit; \
openssl s_client -showcerts -connect bintray.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >bintray.PEM; \
yes | keytool -import -alias "bintrayCert$java_version" -keystore "/usr/lib/jvm/$java_certificate" -file bintray.PEM -storepass changeit; \
openssl s_client -showcerts -connect jfrog.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >jfrogCom.PEM; \
yes | keytool -import -alias "jfrogComCert$java_version" -keystore "/usr/lib/jvm/$java_certificate" -file jfrogCom.PEM -storepass changeit; \
openssl s_client -showcerts -connect repo1.maven.org:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >mavenOrg.PEM; \
yes | keytool -import -alias "mavenOrgCert$java_version" -keystore "/usr/lib/jvm/$java_certificate" -file mavenOrg.PEM -storepass changeit; \
rm mavenOrg.PEM; \
rm jfrogCom.PEM; \
rm bintray.PEM; \
rm mavenFabricIo.PEM; \
rm dlGoogle.PEM; \
rm jfrog.PEM; \
java_version=10; \
done; \
# https://github.com/docker-library/openjdk/issues/331#issuecomment-498834472
find "$JAVA_HOME/lib" -name '*.so' -exec dirname '{}' ';' | sort -u > /etc/ld.so.conf.d/docker-openjdk.conf; \
ldconfig; \
# basic smoke test
javac --version; \
java --version

#install Maven
ENV MAVEN_VERSION 3.6.3
ENV M2_HOME $BIN_DIRECTORY/maveninstallation
ENV MAVEN_HOME $BIN_DIRECTORY/maveninstallation
ENV PATH $MAVEN_HOME/bin:$PATH

RUN curl -L -O http://archive.apache.org/dist/maven/maven-3/$MAVEN_VERSION/binaries/apache-maven-$MAVEN_VERSION-bin.tar.gz \
&& tar -zxvf apache-maven-$MAVEN_VERSION-bin.tar.gz \
&& rm apache-maven-$MAVEN_VERSION-bin.tar.gz \
&& mv apache-maven-$MAVEN_VERSION $BIN_DIRECTORY/maveninstallation \
&& ln -s $BIN_DIRECTORY/maveninstallation/bin/mvn $BIN_DIRECTORY/mvn

#install Gradle
ENV GRADLE_VERSION 5.5.1

RUN cd / \
&& curl -L -O https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip \
&& unzip -d $BIN_DIRECTORY/gradleinstallation gradle-${GRADLE_VERSION}-bin.zip \
&& rm /gradle-${GRADLE_VERSION}-bin.zip \
&& ln -s $BIN_DIRECTORY/gradleinstallation/gradle-${GRADLE_VERSION}/bin/gradle $BIN_DIRECTORY/gradle

ENV GRADLE_HOME $BIN_DIRECTORY/gradleinstallation/gradle-${GRADLE_VERSION}
ENV PATH ${GRADLE_HOME}/bin:${PATH}

# Install python and pip and related dev packages.
RUN apt update && apt install python3 python3-dev python3-pip python3-venv libffi-dev libssl-dev -y \
&& pip3 install pipenv
Expand All @@ -174,54 +66,6 @@ RUN apt install -t buster-backports golang-go -y
RUN curl -L -O https://github.com/dougborg/gdub/zipball/master && unzip master && rm master \
&& gdubw-gdub-3a5eca5/install && rm -r gdubw-gdub-3a5eca5

# Set the environment and URL
ENV JAVA_OPTS='-XX:+IgnoreUnrecognizedVMOptions --add-modules java.se.ee'

ENV SDK_URL="https://dl.google.com/android/repository/sdk-tools-linux-4333796.zip" \
ANDROID_HOME="/usr/local/android-sdk" \
ANDROID_VERSION=29 \
ANDROID_BUILD_TOOLS_VERSION=29.0.1

# Download Android SDK
RUN mkdir "$ANDROID_HOME" .android \
&& cd "$ANDROID_HOME" \
&& curl -o sdk.zip $SDK_URL \
&& unzip sdk.zip \
&& rm sdk.zip \
&& yes | $ANDROID_HOME/tools/bin/sdkmanager --licenses

RUN echo "### User Sources for Android SDK Manager" > ~/.android/repositories.cfg && echo "#Fri Nov 03 10:11:27 CET 2017 count=0" >> ~/.android/repositories.cfg

# Install Android Build Tool and Libraries
RUN $ANDROID_HOME/tools/bin/sdkmanager --update

# Install Bazel build tool

ENV BAZEL1_VERSION 1.2.1
RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add - \
&& echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list \
&& apt update && apt install bazel-$BAZEL1_VERSION \
&& ln -s /usr/bin/bazel-$BAZEL1_VERSION $BIN_DIRECTORY/bazel1

ENV BAZEL2_VERSION 2.2.0
RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add - \
&& echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list \
&& apt update && apt install bazel-$BAZEL2_VERSION \
&& ln -s /usr/bin/bazel-$BAZEL2_VERSION $BIN_DIRECTORY/bazel2

ENV BAZEL3_VERSION 3.7.2
RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add - \
&& echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list \
&& apt update && apt install bazel-$BAZEL3_VERSION \
&& ln -s /usr/bin/bazel-$BAZEL3_VERSION $BIN_DIRECTORY/bazel3

ENV BAZEL4_VERSION 4.1.0
RUN curl https://bazel.build/bazel-release.pub.gpg | apt-key add - \
&& echo "deb [arch=amd64] https://storage.googleapis.com/bazel-apt stable jdk1.8" | tee /etc/apt/sources.list.d/bazel.list \
&& apt update && apt install bazel-$BAZEL4_VERSION \
&& ln -s /usr/bin/bazel-$BAZEL4_VERSION $BIN_DIRECTORY/bazel4
&& ln -s /usr/bin/bazel-$BAZEL4_VERSION $BIN_DIRECTORY/bazel

# Chromium dependencies
RUN apt install google-chrome-stable \
libgtk2.0-0 \
Expand Down
Loading

0 comments on commit c66cdf7

Please sign in to comment.