diff --git a/.github/workflows/builder.yml b/.github/workflows/builder.yml new file mode 100644 index 00000000000..37ed01972f3 --- /dev/null +++ b/.github/workflows/builder.yml @@ -0,0 +1,43 @@ +name: Create and publish a Docker image that can be used to build a deployable zipfile + +on: + push: + branches: ['main'] + paths: + - 'docker/builder/**' + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}-builder + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Log in to the Container registry + uses: docker/login-action@v3.0.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5.0.0 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + + - name: Build and push Docker image + uses: docker/build-push-action@v5.0.0 + with: + context: ./docker/builder/ + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/docker/builder/Dockerfile b/docker/builder/Dockerfile new file mode 100644 index 00000000000..1f3164d81d9 --- /dev/null +++ b/docker/builder/Dockerfile @@ -0,0 +1,35 @@ +FROM centos:7 + +# Ensure that the environment uses UTF-8 encoding by default +ENV LANG en_US.UTF-8 + +# Disables pip cache, which reduces build time, and suppresses warnings when +# run as non-root. +ENV PIP_NO_CACHE_DIR true + +ENV BUILD_DIR /src/consumerfinance.gov + +# Must be world writable since alternate uid:gid may be patched in at `docker +# run` time. +RUN mkdir -p ${BUILD_DIR} && chmod 777 ${BUILD_DIR} +WORKDIR ${BUILD_DIR} + +# Sets a consistent $HOME no matter which user the container runs under. This +# prevents permissions issues caused by Docker's default `/` home directory. +ENV HOME /tmp/dfd-home +RUN mkdir -p ${HOME} && chmod 777 ${HOME} + +# Install all build requirements including Python 3 and the latest +# versions of the Python packages pip, setuptools, and wheel. Configure +# Python 3 to be enabled at login. +RUN yum -y update && \ + yum install -y centos-release-scl && \ + yum install -y rh-python38 gcc git && \ + echo "source scl_source enable rh-python38" > /etc/profile.d/scl_python.sh && \ + source /etc/profile && \ + pip install --no-cache-dir -U pip setuptools wheel && \ + pip3 install --no-cache-dir -U pip setuptools wheel + +COPY _build.sh docker-entrypoint.sh ./ + +ENTRYPOINT ["./docker-entrypoint.sh"] diff --git a/docker/builder/_build.sh b/docker/builder/_build.sh new file mode 100755 index 00000000000..0da63be8b6f --- /dev/null +++ b/docker/builder/_build.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash + +# Fail when any command fails. +set -e + +# Echo commands. +set -x + +# Set GIT_COMMITTER_NAME to enable us to `pip -e` from git URLs +# git < 2.6.5 requires either these variables to be set or the user to exist +# in passwd file. +export GIT_COMMITTER_NAME="cf.gov build user" +export GIT_COMMITTER_EMAIL="tech@cfpb.gov" + +build_artifact_name=cfgov_current_build +build_artifact="$build_artifact_name.zip" +cfgov_refresh_volume=/cfgov +webfonts_path="$cfgov_refresh_volume/static.in/cfgov-fonts" + +# Verify that the source volume has been mapped. +if [ ! -d "$cfgov_refresh_volume" ]; then + echo "Source directory $cfgov_refresh_volume does not exist." + echo "Did you forget to mount the Docker volume?" + exit 1 +fi + +# Prepare arguments for the deployable zipfile build. +build_args=( + "$cfgov_refresh_volume/cfgov" + "$cfgov_refresh_volume/requirements/deployment.txt" + "$build_artifact_name" + "--extra-static" "$webfonts_path" +) + +# Build the deployable zipfile. +"$cfgov_refresh_volume/cfgov/deployable_zipfile/create.py" "${build_args[@]}" + +# Copy build artifact to source directory. +cp "$build_artifact" "$cfgov_refresh_volume" +echo "Generated $build_artifact in $cfgov_refresh_volume." diff --git a/docker/builder/docker-entrypoint.sh b/docker/builder/docker-entrypoint.sh new file mode 100755 index 00000000000..0c46a99ebe5 --- /dev/null +++ b/docker/builder/docker-entrypoint.sh @@ -0,0 +1,7 @@ +#!/bin/bash --login +# This entrypoint is used primarily as means of setting up a consistent +# shell environment no matter which user the process runs as. By using +# --login, it guarantees /etc/profile is always sourced, unlike the +# non-login, non-interactive shell you get by default with `docker run`. + +exec "$@"