mirror of
https://github.com/balena-os/balena-supervisor.git
synced 2024-12-19 05:37:53 +00:00
91b119cbae
The supervisor had to chroot into the host root in order to read the journal logs. This won't be possible anymore once the supervisor becomes an app. This commit copies the journalctl binary and necessary libraries from a debian image into the supervisor image in order to be able to use the tool on runtime. Change-type: patch
207 lines
6.1 KiB
Docker
207 lines
6.1 KiB
Docker
ARG ARCH=%%BALENA_ARCH%%
|
|
|
|
# Used by livepush to support multi arch images in older
|
|
# balenaOS with buggy platform support
|
|
# see https://github.com/balena-os/balena-engine/issues/269
|
|
ARG PREFIX=library
|
|
ARG FATRW_VERSION=0.2.9
|
|
|
|
###################################################
|
|
# Build the supervisor dependencies
|
|
###################################################
|
|
FROM balenalib/${ARCH}-alpine-node:16-run as build-base
|
|
|
|
ARG ARCH
|
|
ARG PREFIX
|
|
ARG FATRW_VERSION
|
|
ARG FATRW_ARCHIVE="fatrw-${ARCH}.tar.gz"
|
|
ARG FATRW_LOCATION="https://github.com/balena-os/fatrw/releases/download/v${FATRW_VERSION}/${FATRW_ARCHIVE}"
|
|
# Sanity check to prevent a prefix for a non-official docker image being
|
|
# inserted. Only 'library' and 'arm32v6' are allowed right now
|
|
RUN for allowed in "library" "arm32v6"; do [ "${PREFIX}" = "${allowed}" ] && break; done
|
|
|
|
WORKDIR /usr/src/app
|
|
|
|
RUN apk add --no-cache \
|
|
g++ \
|
|
make \
|
|
python3 \
|
|
libgcc \
|
|
libuv \
|
|
sqlite-dev \
|
|
dbus-dev
|
|
|
|
COPY package*.json ./
|
|
|
|
RUN strip /usr/local/bin/node
|
|
|
|
# Install fatrw
|
|
RUN curl -SLO "${FATRW_LOCATION}" && \
|
|
ls -la "${FATRW_ARCHIVE}" && \
|
|
tar -xzf "${FATRW_ARCHIVE}" -C /usr/local/bin && \
|
|
rm -f "${FATRW_ARCHIVE}"
|
|
|
|
# Just install dev dependencies first
|
|
RUN npm ci --build-from-source --sqlite=/usr/lib
|
|
|
|
###################################################################
|
|
# Journal access.
|
|
# The supervisor is built on an alpine image but still needs
|
|
# to use journalctl (from systemd) which cannot be built for
|
|
# musl. We hack around this by copying the binary and its library
|
|
# dependencies to the final image
|
|
###################################################################
|
|
FROM balenalib/${ARCH}-debian:bullseye-run as journal
|
|
|
|
RUN apt-get update && apt-get install -y --no-install-recommends systemd
|
|
|
|
COPY ./build-utils/setup-journal.sh /
|
|
RUN /setup-journal.sh
|
|
|
|
|
|
###################################################
|
|
# Extra dependencies. This uses alpine 3.11 as the
|
|
# procmail package was removed on 3.12
|
|
###################################################
|
|
FROM ${PREFIX}/alpine:3.11 as extra
|
|
|
|
RUN apk add --update --no-cache procmail
|
|
|
|
###################################################
|
|
# Image with the final production dependencies.
|
|
# This image will also be be used for testing
|
|
###################################################
|
|
FROM ${PREFIX}/alpine:3.16 as runtime-base
|
|
|
|
WORKDIR /usr/src/app
|
|
|
|
# We just need the node binary in the final image
|
|
COPY --from=build-base /usr/local/bin/node /usr/local/bin/node
|
|
|
|
# Also copy the fatrw binary
|
|
COPY --from=build-base /usr/local/bin/fatrw /usr/local/bin/fatrw
|
|
|
|
# Similarly, from the procmail package we just need the lockfile binary
|
|
COPY --from=extra /usr/bin/lockfile /usr/bin/lockfile
|
|
|
|
# Copy journalctl and library dependecies to the final image
|
|
COPY --from=journal /sysroot /
|
|
|
|
# Runtime dependencies
|
|
RUN apk add --no-cache \
|
|
ca-certificates \
|
|
iptables \
|
|
ip6tables \
|
|
rsync \
|
|
dbus \
|
|
libstdc++ \
|
|
dmidecode \
|
|
sqlite-libs
|
|
|
|
ARG ARCH
|
|
ARG VERSION=master
|
|
ENV CONFIG_MOUNT_POINT=/boot/config.json \
|
|
LED_FILE=/dev/null \
|
|
SUPERVISOR_IMAGE=balena/$ARCH-supervisor \
|
|
VERSION=$VERSION
|
|
|
|
###############################################################
|
|
# Use the base image to run integration tests and for livepush
|
|
###############################################################
|
|
FROM runtime-base as test
|
|
|
|
WORKDIR /usr/src/app
|
|
|
|
# Copy node install from the build folder
|
|
COPY --from=build-base /usr/local/bin /usr/local/bin
|
|
COPY --from=build-base /usr/local/lib/node_modules /usr/local/lib/node_modules
|
|
|
|
# Copy build dependencies
|
|
COPY --from=build-base /usr/src/app/package.json ./
|
|
COPY --from=build-base /usr/src/app/node_modules ./node_modules
|
|
|
|
# Run livepush here
|
|
#dev-copy=entry.sh .
|
|
#dev-cmd-live=LIVEPUSH=1 ./entry.sh
|
|
|
|
# Copy build files
|
|
COPY build-utils ./build-utils
|
|
COPY webpack.config.js tsconfig.json tsconfig.release.json tsconfig.js.json .mochapodrc.yml ./
|
|
COPY typings ./typings
|
|
COPY src ./src
|
|
COPY test ./test
|
|
|
|
# Run type checking and unit tests here
|
|
# to prevent setting up a test environment that will
|
|
# most likely fail.
|
|
RUN npm run test
|
|
|
|
# When running tests from a container built from this stage,
|
|
# skip the mocha-pod setup
|
|
ENV MOCHAPOD_SKIP_SETUP=1
|
|
|
|
# This command will be used by default when running integration tests
|
|
# from this stage
|
|
CMD npm run test:integration
|
|
|
|
###################################################
|
|
# Build the production package
|
|
###################################################
|
|
FROM build-base as build-prod
|
|
|
|
WORKDIR /usr/src/app
|
|
|
|
# Copy build files
|
|
COPY build-utils ./build-utils
|
|
COPY webpack.config.js tsconfig.json tsconfig.release.json ./
|
|
COPY src ./src
|
|
COPY typings ./typings
|
|
|
|
# Compile the sources using the dev
|
|
# dependencies
|
|
RUN npm run build
|
|
|
|
# Run the production install here, to avoid the npm dependency on
|
|
# the later stage
|
|
RUN npm ci \
|
|
--production \
|
|
--no-optional \
|
|
--unsafe-perm \
|
|
--build-from-source \
|
|
--sqlite=/usr/lib \
|
|
&& npm cache clean --force \
|
|
# For some reason this doesn't get cleared with the other
|
|
# cache
|
|
&& rm -rf node_modules/.cache \
|
|
# Remove various uneeded filetypes in order to reduce space
|
|
# We also remove the spurious node.dtps, see https://github.com/mapbox/node-sqlite3/issues/861
|
|
&& find . -path '*/coverage/*' -o -path '*/test/*' -o -path '*/.nyc_output/*' \
|
|
-o -name '*.tar.*' -o -name '*.in' -o -name '*.cc' \
|
|
-o -name '*.c' -o -name "*.ts" -o -name '*.eslintrc' \
|
|
-o -name '*.h' -o -name '*.html' -o -name '*.markdown' \
|
|
-o -name '*.md' -o -name '*.patch' -o -name '*.png' \
|
|
-o -name '*.yml' \
|
|
-delete \
|
|
&& find . -type f -path '*/node_modules/sqlite3/deps*' -delete \
|
|
&& find . -type f -path '*/node_modules/knex/build*' -delete \
|
|
&& rm -rf node_modules/sqlite3/node.dtps
|
|
|
|
###################################################
|
|
# Build the production image
|
|
###################################################
|
|
FROM runtime-base
|
|
|
|
WORKDIR /usr/src/app
|
|
|
|
COPY --from=build-prod /usr/src/app/dist ./dist
|
|
COPY --from=build-prod /usr/src/app/package.json ./
|
|
COPY --from=build-prod /usr/src/app/node_modules ./node_modules
|
|
|
|
COPY entry.sh .
|
|
|
|
VOLUME /data
|
|
HEALTHCHECK --interval=5m --start-period=1m --timeout=30s --retries=3 \
|
|
CMD wget http://127.0.0.1:${LISTEN_PORT:-48484}/v1/healthy -O - -q
|
|
|
|
CMD ["/usr/src/app/entry.sh"]
|