From 65d5bdff0815f743cb63f474be53ef2d92486f15 Mon Sep 17 00:00:00 2001
From: Kyle Harding <kyle@balena.io>
Date: Mon, 8 Mar 2021 13:32:15 -0500
Subject: [PATCH] docker: Add Docker images with the CLI and Docker-in-Docker

Add Dockerfiles for alpine and debian images, based on
balenalib/arch-distro-node images.

Change-type: minor
Signed-off-by: Kyle Harding <kyle@balena.io>
---
 .dockerignore            | 37 ++++++++++++++++++++
 .gitignore               | 69 ++++++++++++++++---------------------
 .resinci.yml             | 73 +++++++++++++++++++++++++++++++++++++++-
 docker/alpine/Dockerfile | 43 +++++++++++++++++++++++
 docker/debian/Dockerfile | 43 +++++++++++++++++++++++
 docker/docker-init.sh    | 30 +++++++++++++++++
 6 files changed, 254 insertions(+), 41 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 docker/alpine/Dockerfile
 create mode 100644 docker/debian/Dockerfile
 create mode 100644 docker/docker-init.sh

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..46502c4e
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,37 @@
+# Reminders:
+# * Matching rules are different to `.gitignore`
+# * A pattern without '**' matches in the project's root directory only
+# * Leading and trailing '/' are discarded (it is not possible to
+#   distinguish between files and directories)
+# * More details: https://github.com/balena-io-modules/dockerignore
+
+# development and testing tools or IDEs
+**/*.log
+**/*.pid
+**/*.seed
+.idea
+.lock-wscript
+.nvmrc
+.nyc_output
+.vscode
+coverage
+lib-cov
+logs
+pids
+
+# OS cache files
+**/.DS_Store
+
+# balena CLI config and build files
+**/.balenaconf
+**/.fast-boot.json
+**/.resinconf
+balenarc.yml
+build
+build-bin
+dist
+node_modules
+oclif.manifest.json
+package-lock.json
+resinrc.yml
+tmp
diff --git a/.gitignore b/.gitignore
index 95c25e05..8f146b5a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,47 +1,36 @@
-# Logs
-logs
-*.log
+# Reminders:
+# * A pattern without '/' matches in subdirectories as well (files and directories)
+# * A leading '/' anchors matching to the directory where `.gitignore` is defined
+# * A trailing '/' makes the pattern match against directories only
+# More details: https://git-scm.com/docs/gitignore
 
-# Runtime data
-pids
+# development and testing tools or IDEs
+*.log
 *.pid
 *.seed
+/.idea/
+/.lock-wscript
+/.nvmrc
+/.nyc_output/
+/.vscode/
+/coverage/
+/lib-cov/
+/logs
+/pids
 
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
-# Coverage directory used by tools like istanbul
-coverage
-.nyc_output
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (http://nodejs.org/api/addons.html)
-build/Release
-
-# Dependency directory
-# Commenting this out is preferred by some people, see
-# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git-
-node_modules
-
-package-lock.json
-.resinconf
-.balenaconf
-resinrc.yml
-balenarc.yml
-
+# OS cache files
 .DS_Store
-.idea
-.nvmrc
-.vscode
 
-/tmp
-build/
-build-bin/
-build-zip/
-dist/
-
-# Ignore fast-boot cache file
-**/.fast-boot.json
+# balena CLI config and build files
+.balenaconf
+.fast-boot.json
+.resinconf
+/balenarc.yml
+/build/
+/build-bin/
+/dist/
+/node_modules
 /oclif.manifest.json
+/package-lock.json
+/resinrc.yml
+/tmp/
diff --git a/.resinci.yml b/.resinci.yml
index aef9cb0e..65c1f32e 100644
--- a/.resinci.yml
+++ b/.resinci.yml
@@ -17,4 +17,75 @@ npm:
         - "14"
 
 docker:
-  publish: false
+  builds:
+    - path: .
+      dockerfile: ./docker/alpine/Dockerfile
+      docker_repo: balenalib/amd64-alpine-balenacli
+      args:
+        - BUILD_BASE=balenalib/amd64-alpine-node:12.19.1-build-20201211
+        - RUN_BASE=balenalib/amd64-alpine-node:12.19.1-run-20201211
+      publish: true
+
+    - path: .
+      dockerfile: ./docker/alpine/Dockerfile
+      docker_repo: balenalib/armv7hf-alpine-balenacli
+      args:
+        - BUILD_BASE=balenalib/armv7hf-alpine-node:12.19.1-build-20201211
+        - RUN_BASE=balenalib/armv7hf-alpine-node:12.19.1-run-20201211
+      publish: true
+        
+    - path: .
+      dockerfile: ./docker/alpine/Dockerfile
+      docker_repo: balenalib/i386-alpine-balenacli
+      args:
+        - BUILD_BASE=balenalib/i386-alpine-node:12.19.1-build-20201211
+        - RUN_BASE=balenalib/i386-alpine-node:12.19.1-run-20201211
+      publish: true
+
+    - path: .
+      dockerfile: ./docker/alpine/Dockerfile
+      docker_repo: balenalib/rpi-alpine-balenacli
+      args:
+        - BUILD_BASE=balenalib/rpi-alpine-node:12.19.1-build-20201211
+        - RUN_BASE=balenalib/rpi-alpine-node:12.19.1-run-20201211
+      publish: true
+
+    - path: .
+      dockerfile: ./docker/debian/Dockerfile
+      docker_repo: balenalib/aarch64-debian-balenacli
+      args:
+        - BUILD_BASE=balenalib/aarch64-debian-node:12.19.1-build-20201118
+        - RUN_BASE=balenalib/aarch64-debian-node:12.19.1-run-20201118
+      publish: true
+
+    - path: .
+      dockerfile: ./docker/debian/Dockerfile
+      docker_repo: balenalib/amd64-debian-balenacli
+      args:
+        - BUILD_BASE=balenalib/amd64-debian-node:12.19.1-build-20201211
+        - RUN_BASE=balenalib/amd64-debian-node:12.19.1-run-20201211
+      publish: true
+
+    - path: .
+      dockerfile: ./docker/debian/Dockerfile
+      docker_repo: balenalib/armv7hf-debian-balenacli
+      args:
+        - BUILD_BASE=balenalib/armv7hf-debian-node:12.19.1-build-20201211
+        - RUN_BASE=balenalib/armv7hf-debian-node:12.19.1-run-20201211
+      publish: true
+        
+    - path: .
+      dockerfile: ./docker/debian/Dockerfile
+      docker_repo: balenalib/i386-debian-balenacli
+      args:
+        - BUILD_BASE=balenalib/i386-debian-node:12.16.3-build-20200518
+        - RUN_BASE=balenalib/i386-debian-node:12.16.3-build-20200518
+      publish: true
+
+    - path: .
+      dockerfile: ./docker/debian/Dockerfile
+      docker_repo: balenalib/rpi-debian-balenacli
+      args:
+        - BUILD_BASE=balenalib/rpi-debian-node:12.19.1-build-20201211
+        - RUN_BASE=balenalib/rpi-debian-node:12.19.1-run-20201211
+      publish: true
diff --git a/docker/alpine/Dockerfile b/docker/alpine/Dockerfile
new file mode 100644
index 00000000..3ccb9d8f
--- /dev/null
+++ b/docker/alpine/Dockerfile
@@ -0,0 +1,43 @@
+ARG BUILD_BASE=balenalib/amd64-alpine-node:12.19.1-build
+ARG RUN_BASE=balenalib/amd64-alpine-node:12.19.1-run
+
+FROM ${BUILD_BASE} as build
+
+WORKDIR /usr/src/app
+
+COPY . .
+
+# dev dependencies are required for build:fast
+# --unsafe-perm is not needed because of global /usr/local/etc/npmrc
+RUN npm install
+
+RUN npm run build:fast
+
+# remove dev dependencies after build:fast
+RUN npm prune --production
+
+FROM ${RUN_BASE}
+
+WORKDIR /usr/src/app
+
+COPY --from=build /usr/src/app/ .
+
+ENV PATH $PATH:/usr/src/app/bin
+
+# fail early if balena binary won't run
+RUN balena --version
+
+# https://github.com/balena-io/balena-cli/blob/master/INSTALL-LINUX.md#additional-dependencies
+RUN install_packages avahi bash ca-certificates docker jq openssh
+
+COPY docker/docker-init.sh init.sh
+
+RUN CLI_CMDS=$(jq -r '.commands | keys | map(.[0:index(":")]) | unique | join("\\ ")' < oclif.manifest.json); \
+    sed -ie "s/CLI_CMDS=\"help\"/CLI_CMDS=\"help\\ ${CLI_CMDS}\"/" init.sh && \
+    chmod +x init.sh
+
+ENTRYPOINT [ "./init.sh" ]
+
+CMD [ "help" ]
+
+ENV SSH_AUTH_SOCK "/ssh-agent"
diff --git a/docker/debian/Dockerfile b/docker/debian/Dockerfile
new file mode 100644
index 00000000..1bd80c93
--- /dev/null
+++ b/docker/debian/Dockerfile
@@ -0,0 +1,43 @@
+ARG BUILD_BASE=balenalib/amd64-debian-node:12.19.1-build
+ARG RUN_BASE=balenalib/amd64-debian-node:12.19.1-run
+
+FROM ${BUILD_BASE} as build
+
+WORKDIR /usr/src/app
+
+COPY . .
+
+# dev dependencies are required for build:fast
+# --unsafe-perm is not needed because of global /usr/local/etc/npmrc
+RUN npm install
+
+RUN npm run build:fast
+
+# remove dev dependencies after build:fast
+RUN npm prune --production
+
+FROM ${RUN_BASE}
+
+WORKDIR /usr/src/app
+
+COPY --from=build /usr/src/app/ .
+
+ENV PATH $PATH:/usr/src/app/bin
+
+# fail early if balena binary won't run
+RUN balena --version
+
+# https://github.com/balena-io/balena-cli/blob/master/INSTALL-LINUX.md#additional-dependencies
+RUN install_packages avahi-daemon ca-certificates docker.io jq openssh-client
+
+COPY docker/docker-init.sh init.sh
+
+RUN CLI_CMDS=$(jq -r '.commands | keys | map(.[0:index(":")]) | unique | join("\\ ")' < oclif.manifest.json); \
+    sed -ie "s/CLI_CMDS=\"help\"/CLI_CMDS=\"help\\ ${CLI_CMDS}\"/" init.sh && \
+    chmod +x init.sh
+
+ENTRYPOINT [ "./init.sh" ]
+
+CMD [ "help" ]
+
+ENV SSH_AUTH_SOCK "/ssh-agent"
diff --git a/docker/docker-init.sh b/docker/docker-init.sh
new file mode 100644
index 00000000..12b60505
--- /dev/null
+++ b/docker/docker-init.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+# start dockerd if env var is set
+if [ "${DOCKERD}" = "1" ]
+then
+    [ -e /var/run/docker.sock ] && rm /var/run/docker.sock
+    dockerd &
+fi
+
+# load private ssh key if one is provided
+if [ -n "${SSH_PRIVATE_KEY}" ]
+then
+    # if an ssh agent socket was not provided, start our own agent
+    [ -e "${SSH_AUTH_SOCK}" ] || eval "$(ssh-agent -s)"
+    echo "${SSH_PRIVATE_KEY}" | tr -d '\r' | ssh-add -
+fi
+
+# space-separated list of balena CLI commands (filled in through `sed`
+# in a Dockerfile RUN instruction)
+CLI_CMDS="help"
+
+# treat the provided command as a balena CLI arg...
+# 1. if the first word matches a known entry in CLI_CMDS
+# 2. OR if the first character is a hyphen (eg. -h or --debug)
+if [[ " ${CLI_CMDS} " =~ " ${1} " ]] || [ "${1:0:1}" = "-" ]
+then
+    exec balena "$@"
+else
+    exec "$@"
+fi