From bb9f990b6164b984e4a72293c31b50dbf1c1d8ec Mon Sep 17 00:00:00 2001 From: alxndrsn Date: Sat, 5 Oct 2024 07:47:09 +0000 Subject: [PATCH] Dockerignore: convert to whitelist * convert dockerignore from blacklist-based to whitelist * decrease docker build context size significantly * make docker builds less dependent on local state (e.g. local node_modules in submodules) * add script for checking docker build context * add CI tests to monitor if surprisingly large changes are made to the build context --- .dockerignore | 30 ++++++- .github/workflows/test-docker-context.yml | 19 ++++ test/check-docker-context | 101 ++++++++++++++++++++++ 3 files changed, 148 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/test-docker-context.yml create mode 100755 test/check-docker-context diff --git a/.dockerignore b/.dockerignore index 93f13619..f0c56075 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,28 @@ -node_modules -npm-debug.log +** + +!/docs/ +!/files/ +!/test/files/ + +!/client/.browserslistrc +!/client/.eslintrc.js +!/client/.tx/config +!/client/icomoon.json +!/client/jsconfig.json +!/client/package.json +!/client/package-lock.json +!/client/vue.config.js +!/client/bin/ +!/client/docs/ +!/client/public/ +!/client/src/ +!/client/transifex/ + +!/server/.npmrc +!/server/package.json +!/server/package-lock.json +!/server/Makefile +!/server/pm2.config.js +!/server/config/ +!/server/docs/ +!/server/lib/ diff --git a/.github/workflows/test-docker-context.yml b/.github/workflows/test-docker-context.yml new file mode 100644 index 00000000..b23dad17 --- /dev/null +++ b/.github/workflows/test-docker-context.yml @@ -0,0 +1,19 @@ +name: Test docker context + +on: + push: + pull_request: + +jobs: + build: + timeout-minutes: 3 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + fetch-tags: true + submodules: recursive + # Some reasonable boundaries; these may change in future. Numbers outside + # these bounds indicate a misconfiguration, and should be investigated. + - run: ./test/check-docker-context --min-size 2000 --max-size 15000 --min-count 500 --max-count 1000 diff --git a/test/check-docker-context b/test/check-docker-context new file mode 100755 index 00000000..0e3bb0c6 --- /dev/null +++ b/test/check-docker-context @@ -0,0 +1,101 @@ +#!/bin/bash -eu +set -o pipefail +log() { echo "[$(basename "$0")] $*"; } + +# See: https://stackoverflow.com/a/71751097 + +while [[ $# -gt 0 ]]; do + case "$1" in + --report) skip_size=true; skip_count=true ;; + + --min-size) shift;min_size="$1" ;; + --max-size) shift;max_size="$1" ;; + --skip-size) skip_size=true ;; + + --min-count) shift;min_count="$1" ;; + --max-count) shift;max_count="$1" ;; + --skip-count) skip_count=true ;; + + *) log "!!! Unrecognised arg: $1"; exit 1 ;; + esac + shift +done + +tmp="$(mktemp)" + +log "Building docker image..." +( +docker build --no-cache --progress plain --file - . 2>&1 </dev/null +} +throw_err() { + log "!!!" + log "!!! $* !!!" + log "!!!" + cleanup + exit 1 +} + +for_humans() { + local size="$1" + if [[ "$size" -gt 999999 ]]; then + log "$((size / 1000000)) GB" + else + log "$((size / 1000)) MB" + fi +} + +log "File count: $file_count" +if [[ "${skip_count-}" != "true" ]]; then + if [[ "$file_count" -lt "$min_count" ]] || [[ "$file_count" -gt "$max_count" ]]; then + throw_err "This is a surprising number of files - expected between $min_count and $max_count" + fi +fi + +log "Total size: $(for_humans "$total_size")" +if [[ "${skip_size-}" != "true" ]]; then + # N.B. busybox `du` outputs in kB + # See: https://www.busybox.net/downloads/BusyBox.html#du + expected="- expected between $(for_humans "$min_size") and $(for_humans "$max_size")" + if [[ "$total_size" -lt "$min_size" ]]; then + throw_err "This is a surprisingly small total size $expected" + elif [[ "$total_size" -gt "$max_size" ]]; then + throw_err "This is a surprisingly large total size $expected" + fi +fi + +cleanup +log "Everything looks OK."