Skip to content

Update Docker build artifacts to new installer pattern #1629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
abernix merged 1 commit into from
Aug 26, 2022
Merged

Update Docker build artifacts to new installer pattern #1629

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions .circleci/config.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -492,12 +492,11 @@ jobs:
- run:
name: Docker build
command: |
ROUTER_RELEASE=${VERSION:1}
Copy link
Member Author

@abernix abernix Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was removing the letter v from the Git release tag (which is inclusive of the v) so that it could pass it to ROUTER_RELEASE below. The Docker image build now defaults to latest (and accepts --build-arg ROUTER_RELEASE=latest), so we can pass this value in opaquely now.

This does mean that users do pass --build-arg ROUTER_RELEASE=... they need to pass ROUTER_RELEASE=v0.16.0 or ROUTER_RELEASE=latest, but that actually seems intuitive to me in the context of the notion of "release".

It is a breaking change for current Router image builders, but this seems like a good time to make a breaking change of that sort!

Copy link
Contributor

@garypen garypen Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice to see all this dancing around to add/remove the "v" prefix is gone...

ROUTER_TAG=ghcr.io/apollographql/router
# Build debug image
docker build --build-arg ROUTER_RELEASE=${ROUTER_RELEASE} --build-arg DEBUG_IMAGE=":debug" -f dockerfiles/Dockerfile.router -t ${ROUTER_TAG}:v${ROUTER_RELEASE}-debug .
docker build --build-arg ROUTER_RELEASE=${VERSION} --build-arg DEBUG_IMAGE=":debug" -f dockerfiles/Dockerfile.router -t ${ROUTER_TAG}:${VERSION}-debug .
# Build release image
docker build --build-arg ROUTER_RELEASE=${ROUTER_RELEASE} -f dockerfiles/Dockerfile.router -t ${ROUTER_TAG}:${VERSION} .
docker build --build-arg ROUTER_RELEASE=${VERSION} -f dockerfiles/Dockerfile.router -t ${ROUTER_TAG}:${VERSION} .
# Note: GH Token owned by apollo-bot2, no expire
echo ${GITHUB_OCI_TOKEN} | docker login ghcr.io -u apollo-bot2 --password-stdin
# Push debug image
Expand Down
30 changes: 17 additions & 13 deletions dockerfiles/Dockerfile.router
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,39 +1,43 @@
ARG DEBUG_IMAGE
# Build is required to extract the release files
FROM --platform=linux/amd64 alpine:latest AS build
FROM --platform=linux/amd64 debian:bullseye-slim AS build
Copy link
Member Author

@abernix abernix Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As noted in the PR body, this accounts for the fact that the installer necessitates an architecture that we can actually run the Router on and switches alpine:latest for a specific version of debian:*slim images.

There is no material change on the outcome of the image — we were using the Alpine image to download a tarball for the next build stage, not to create a small output image, nor on account of producing a Router image that runs on Alpine. Today, the Router does not support running on Alpine for reasons we will solve in the future.


ARG ROUTER_RELEASE
ARG ROUTER_RELEASE=latest
Copy link
Member Author

@abernix abernix Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this default makes a lot of sense and offers a nice user experience and pairs nicely with the capability of our router install endpoint.


# Pull release from GH
ADD https://github.com/apollographql/router/releases/download/v${ROUTER_RELEASE}/router-${ROUTER_RELEASE}-x86_64-unknown-linux-gnu.tar.gz /tmp/router.tar.gz
WORKDIR /dist

WORKDIR /tmp
Copy link
Member Author

@abernix abernix Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We no longer need to work in a /tmp directory and then moving it to a /dist since the installer actually just takes care of the extraction itself.

# Install curl
RUN \
apt-get update -y \
&& apt-get install -y \
curl \
&& rm -rf /var/lib/apt/lists/*

# router.tar.gz extracts to "dist"
RUN tar xvzf router.tar.gz -C /
# Run the Router downloader which puts Router into current working directory
RUN curl -sSL https://router.apollo.dev/download/nix/${ROUTER_RELEASE}/ | sh
Copy link
Contributor

@garypen garypen Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm assuming no certificate issues with debian:bullseye-slim. i.e.: no need to install ca-certificates.

Copy link
Member Author

@abernix abernix Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think curl just actually brings in ca-certificates now.


# Make directories for config and schema
RUN mkdir /dist/config && mkdir /dist/schema
RUN mkdir config schema

# Copy configuration for docker image
COPY dockerfiles/router.yaml /dist/config
COPY dockerfiles/router.yaml config
Comment on lines -16 to +23
Copy link
Member Author

@abernix abernix Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Effectively using WORKDIR like a variable here to DRY up the repetition of /dist/


# Required so we can copy in libz.so.1
FROM --platform=linux/amd64 gcr.io/distroless/java17-debian11${DEBUG_IMAGE} as libz-required

# Final image uses distroless
FROM --platform=linux/amd64 gcr.io/distroless/cc-debian11${DEBUG_IMAGE}

LABEL org.opencontainers.image.authors="ApolloGraphQL https://github.com/apollographql/router"
LABEL org.opencontainers.image.authors="Apollo Graph, Inc. https://github.com/apollographql/router"

# Copy in the extracted/created files
COPY --from=libz-required /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1

# Copy in the extracted/created files
COPY --from=build --chown=root:root /dist /dist

WORKDIR /dist

# Copy in the extracted/created files
COPY --from=build --chown=root:root /dist .

ENV APOLLO_ROUTER_CONFIG_PATH="/dist/config/router.yaml"

# Default executable is the router
Expand Down
5 changes: 2 additions & 3 deletions dockerfiles/diy/build_docker_image.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ cp ../router.yaml "${BUILD_DIR}" || terminate "Couldn't copy ../router.yaml to $

# Change to our build directory
cd "${BUILD_DIR}" || terminate "Couldn't cd to ${BUILD_DIR}";

# If we are building, clone our repo
if [ "${BUILD_IMAGE}" = true ]; then
git clone https://github.com/apollographql/router.git > /dev/null 2>&1 || terminate "Couldn't clone repository"
Expand All @@ -131,9 +131,8 @@ if [ "${BUILD_IMAGE}" = true ]; then
else
# Let the user know what we are going to do
echo "Building image: ${ROUTER_VERSION}" from released tarballs""
ROUTER_RELEASE="$(echo "${ROUTER_VERSION}" | cut -c2-)"
Copy link
Member Author

@abernix abernix Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the same spirit as the change in the .circleci/config.yml above, this transformation of the ROUTER_VERSION to remove the v character is no longer necessary and we can treat this like an opaque value.

docker build -q -t "router:${ROUTER_VERSION}" \
--build-arg ROUTER_RELEASE="${ROUTER_RELEASE}" \
--build-arg ROUTER_RELEASE="${ROUTER_VERSION}" \
--no-cache -f Dockerfile.release . \
|| terminate "Couldn't build router image"
fi
Expand Down
30 changes: 17 additions & 13 deletions dockerfiles/diy/dockerfiles/Dockerfile.release
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,40 +3,44 @@
# builds to work on platforms such as Mac OS X/M1 (with some help from
Copy link
Member Author

@abernix abernix Aug 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This file is almost fully identical to the Dockerfile.router above, now more than ever. The only notable difference is that the other file above supports the debug build argument. We should align these in the future?

# rosetta)
# Build is required to extract the release files
FROM --platform=linux/amd64 alpine:latest AS build
FROM --platform=linux/amd64 debian:bullseye-slim AS build

ARG ROUTER_RELEASE
ARG ROUTER_RELEASE=latest

# Pull release from GH
ADD https://github.com/apollographql/router/releases/download/v${ROUTER_RELEASE}/router-${ROUTER_RELEASE}-x86_64-linux.tar.gz /tmp/router.tar.gz
WORKDIR /dist

WORKDIR /tmp
# Install curl
RUN \
apt-get update -y \
&& apt-get install -y \
curl \
&& rm -rf /var/lib/apt/lists/*

# router.tar.gz extracts to "dist"
RUN tar xvzf router.tar.gz -C /
# Run the Router downloader which puts Router into current working directory
RUN curl -sSL https://router.apollo.dev/download/nix/${ROUTER_RELEASE}/ | sh

# Make directories for config and schema
RUN mkdir /dist/config && mkdir /dist/schema
RUN mkdir config schema

# Copy configuration for docker image
COPY router.yaml /dist/config
COPY router.yaml config

# Required so we can copy in libz.so.1
FROM --platform=linux/amd64 gcr.io/distroless/java17-debian11 as libz-required

# Final image uses distroless. Feel free to change this to an image that suits your needs.
FROM --platform=linux/amd64 gcr.io/distroless/cc-debian11

LABEL org.opencontainers.image.authors="ApolloGraphQL https://github.com/apollographql/router"
LABEL org.opencontainers.image.authors="Apollo Graph, Inc. https://github.com/apollographql/router"

# Copy in the extracted/created files
COPY --from=libz-required /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1

# Copy in the extracted/created files
COPY --from=build --chown=root:root /dist /dist

WORKDIR /dist

# Copy in the extracted/created files
COPY --from=build --chown=root:root /dist .

ENV APOLLO_ROUTER_CONFIG_PATH="/dist/config/router.yaml"

# Default executable is the router
Expand Down