publish docker image

[marcpawl]

One of the problems with docker images is that it is hard to lock down all the dependencies, and as the dependencies change for example the .deb files the docker image can no longer be built.

Can you publish the docker image, either as a file in github or at hub.docker.com or ....

[marcpawl]

Error I am getting
#15 3.466 E: The repository 'https://apt.kitware.com/ubuntu focal InRelease' is not signed.
when I worked past it, I found that I needed to install pkg-config and xutils-dev

marcpawl@gamer:/mnt/c/Users/marcp/GitHub/cpp_starter_project$ git bisect good
eb61f63bce3c187e382d17aaad28c59ea26f7a03 is the first bad commit
commit eb61f63bce3c187e382d17aaad28c59ea26f7a03
Author: Iason <[email protected]>
Date:   Thu Dec 9 09:28:42 2021 +0000

    Update LLVM version to 13 since it is also supported by IWYU

 .devcontainer/Dockerfile        |  4 ++--
 .devcontainer/devcontainer.json | 15 +++++++++------
 2 files changed, 11 insertions(+), 8 deletions(-)

git bisect start
# bad: [2b9c3c9d25ae4df32b4b79abed6c08c09a52df54] Merge github.com:cpp-best-practices/cpp_boilerplate_project
git bisect bad 2b9c3c9d25ae4df32b4b79abed6c08c09a52df54
# good: [08020d234a3705218d2aef27d112928c7d3bf3f2] Move Dockerfile under .devcontainer
git bisect good 08020d234a3705218d2aef27d112928c7d3bf3f2
# good: [4f9676672e512c9fdff2adaf55b9d2b059bec8e0] After code review
git bisect good 4f9676672e512c9fdff2adaf55b9d2b059bec8e0
# bad: [eb61f63bce3c187e382d17aaad28c59ea26f7a03] Update LLVM version to 13 since it is also supported by IWYU
git bisect bad eb61f63bce3c187e382d17aaad28c59ea26f7a03
# good: [a90ab4003f3f1414c9b6334df6fe144b5bb4e3ee] - Add gdb to have a debug session (supported by VSCode) - Install 
text editors in a different Docker layer to improve chaching - Comment out the post create command that prints the user 
since you log as root
git bisect good a90ab4003f3f1414c9b6334df6fe144b5bb4e3ee
# first bad commit: [eb61f63bce3c187e382d17aaad28c59ea26f7a03] Update LLVM version to 13 since it is also supported by IWYU

[ddalcino]

One of the problems with docker images is that it is hard to lock down all the dependencies, and as the dependencies change for example the .deb files the docker image can no longer be built.

Can you publish the docker image, either as a file in github or at hub.docker.com or ....

That's a good suggestion, and I agree that we should do something like this. It would be great to have some pre-built images that users can download and easily extend, rather than having to build themselves.

I published an older version of the docker image here on Docker Hub, but I did not publicize it. I built the container manually, and it's not totally transparent how I built it. I could have thrown all kinds of malware into it and there would be no easy way for a user to know. I think that in the open source world, it's unacceptable to release software this way.

Here's what I propose:
1. We start a new cpp_dockerfile project (I'm open to names) under the cpp_best_practices organization umbrella. Edit: on second thought, I think this can be done in a subfolder; no need to use a separate project.
2. This project will include CI scripts that build the Dockerfile, in several different configurations (different versions of Ubuntu, different compiler versions, basically anything that's optional). These CI scripts will automatically push new releases to the Github Container Registry, or to DockerHub, in an easily observable way, with no opportunity for a rogue developer like me to jam malware into it. (I don't trust me, why should you?)
3. [Optional] We start a new cpp_best_practices organization account at DockerHub that we can use to publish new versions of the Docker image, also via CI script.
4. We rip out anything in the Dockerfile that doesn't absolutely need to be in there, that could easily be added back in by users that want to extend it.
5. We base .devcontainer/Dockerfile off of one of the images that we publish, and add back in anything that needs to be there that we removed in step 4.

[ddalcino]

For what it's worth, Kitware's instructions for installing CMake on Ubuntu have changed: https://apt.kitware.com/

Also, for what it's worth, most users can get away with ripping out that whole block that installs CMake and just running pip install cmake. The CMake package available at pypi is usually very up-to-date. The Kitware repo is nice because it always has the latest version and it includes ccmake; not all of our users actually need this.