Open Source the production OneDocker Dockerfile. (#1924)

Summary: Pull Request resolved: #1924 ## Context We are in the process of trying to both release the OneDocker image as part of our normal build and release process, and publish the image to a new [public ECR repository](https://docs.google.com/document/d/1XDnnMCQ6IhyKq9VUhaxat8ns5ddyBqGQSgpbubitpz8/edit?usp=sharing). This stack of changes will set up that process so in 2023 we can move to weekly releases of the production OneDocker image. ## This diff This diff updates the production OneDocker image to be open sourced as part of the FBPCS Repository. Reviewed By: marksliva Differential Revision: D41227167 fbshipit-source-id: abc299852961994bcbb8ee3575fd4ebabba0fecd
facebookresearch · Jan 11, 2023 · 1d49651 · 1d49651
1 parent cbc3065
commit 1d49651
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 2 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -19,7 +19,7 @@ on:
 env:
   DISTRO: ubuntu
   REGISTRY: ghcr.io
-  LOCAL_IMAGE_NAME: fbpcs/onedocker
+  LOCAL_IMAGE_NAME: fbpcs/onedocker/test
   RC_REGISTRY_IMAGE_NAME: ghcr.io/${{ github.repository }}/rc/onedocker
   PROD_REGISTRY_IMAGE_NAME: ghcr.io/${{ github.repository }}/onedocker
   COORDINATOR_IMAGE: ghcr.io/facebookresearch/fbpcs/coordinator

diff --git a/build-docker.sh b/build-docker.sh
@@ -90,7 +90,7 @@ fi
 
 # Local Docker Image Dependencies
 if [ "$PACKAGE" = "onedocker" ]; then
- PACKAGE="emp_games data_processing onedocker"
+ PACKAGE="emp_games data_processing onedocker/test"
 fi
 
 # Include optional parameters

diff --git a/docker/onedocker/prod/Dockerfile.ubuntu b/docker/onedocker/prod/Dockerfile.ubuntu
@@ -0,0 +1,47 @@
+ARG os_release="20.04"
+
+FROM ubuntu:${os_release}
+
+ENV TZ=America/Los_Angeles
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+RUN useradd -ms /bin/bash onedocker
+
+USER onedocker
+RUN mkdir -p /home/onedocker/package
+
+USER root
+RUN mkdir -p /root/onedocker/package
+WORKDIR /root
+
+RUN apt-get update && apt-get install -y \
+  git \
+  wget \
+  software-properties-common \
+  python3.8 \
+  python3-pip \
+  ca-certificates \
+  libboost-regex1.71.0 \
+  libcurl4 \
+  libdouble-conversion3 \
+  libgflags2.2 \
+  libgmp10 \
+  libgoogle-glog0v5 \
+  libssl1.1 \
+  libre2-5 \
+  zlib1g \
+  sudo
+
+# installing pip requirements
+RUN mkdir -p /home/onedocker/src
+ADD pip_requirements.txt /home/onedocker/src
+RUN python3.8 -m pip install -r /home/onedocker/src/pip_requirements.txt
+
+# limit execution permission only to the directory where binaries are downloaded
+RUN chown -R onedocker /home/onedocker/package/
+RUN chmod -R u-x ~/
+RUN chmod -R u+rw /tmp
+RUN chmod -R u+rwx /home/onedocker/package/
+
+CMD ["/bin/bash"]
+WORKDIR /home/onedocker
diff --git a/docker/onedocker/prod/pip_requirements.txt b/docker/onedocker/prod/pip_requirements.txt
@@ -0,0 +1,4 @@
+fbpcp == 0.3.4
+jmespath ~= 0.10
+s3transfer ~= 0.3
+parameterized ~= 0.7
diff --git a/docker/onedocker/Dockerfile.ubuntu → docker/onedocker/test/Dockerfile.ubuntu b/docker/onedocker/Dockerfile.ubuntu → docker/onedocker/test/Dockerfile.ubuntu