Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build a docker image for running ONCE - Part 2 #5014

Merged
merged 24 commits into from
Feb 20, 2025
Merged

Build a docker image for running ONCE - Part 2 #5014

merged 24 commits into from
Feb 20, 2025

Conversation

louischan-oursky
Copy link
Collaborator

No description provided.

tung2744
tung2744 reviewed Feb 19, 2025
View reviewed changes
once/Dockerfile Outdated
@@ -151,7 +151,7 @@ COPY ./custombuild/ ./custombuild/
# Let //go:embed to embed the built static files
COPY --from=authgear-portal-stage-0 /usr/src/app/resources/authgear/ ./resources/authgear/
COPY --from=authgear-portal-stage-1 /usr/src/app/dist/ ./resources/portal/static/
RUN make build BIN_NAME=authgear-portal TARGET=portal GIT_HASH=$GIT_HASH
RUN make build AUTHGEARONCE=1 BIN_NAME=authgear-portal TARGET=portal GIT_HASH=$GIT_HASH
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this should be done by ARG
https://docs.docker.com/reference/dockerfile/#arg

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this is the Dockerfile to build once, AUTHGEARONCE should always be set. If it is a ARG, then it depends on the caller to set it correctly, which is no good.

Copy link
Contributor

@tung2744 tung2744 Feb 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have this comment because I saw this file is generated from the authgear & portal dockerfile, with some string replacement which looks like easy to break. And modifier of authgear Dockerfile & portal Dockerfile might not know this command is related to the once Dockerfile.

Another suggestion:
Use ENV AUTHGEARONCE=1 on top of the once Dockerfile, so that the builds automatically have AUTHGEARONCE=1 set and we don't have to do string replacements.

Normal Dockerfile

ENV AUTHGEARONCE=0 # Or can be omitted
...

RUN make build ...

Once Dockerfile

ENV AUTHGEARONCE=1
...

RUN make build ...

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added two commits to address this.

I review the official doc on Dockerfile again, and it is better to use ARG with default value.

@louischan-oursky
Document the listing ports in dockerfiles
796a1a7
@louischan-oursky
Fix indentation in docker-entrypoint.sh
1bd40b1
@louischan-oursky
Remove set -eux in docker-entrypoint.sh
4a9d098 
We do not want to print out the sensitive environment variables
accidentally.
@louischan-oursky
Source ~/.bashrc in docker-entrypoint.sh
8887d92
@louischan-oursky
Hard-code the username in docker-entrypoint.sh
bd7918b 
Changing the user with `docker run --user` is not supported.
So let's hard-code the username to make things more predictable.
@louischan-oursky
Fix postgres is not listening on 5432 in temp start
f4bc9d8
@louischan-oursky
Install pg_partman
b963f24
@louischan-oursky
Run database migrations in docker-entrypoint.sh
904dd0c
@louischan-oursky
Improve the caching of building authui
ad74a3f
@louischan-oursky
Improve caching in building the go binary
c958394
@louischan-oursky
Improve caching in authgear-once-stage-wrapper
a0aeb1c
@louischan-oursky
Resolve internal hosts in /etc/hosts
f76a40c
@louischan-oursky
Write authgear.secrets.yaml
6c4cde0
@louischan-oursky
Start authgear and authgear-portal in wrapper
5211e5b
@louischan-oursky
Rename certbot.ini to certbot.ini.example
1663556 
So that people who see this in the home directory knows it is not
the actual config file being used.
@louischan-oursky
Move nginx files to once/nginx
1116522
@louischan-oursky
Set up location blocks in nginx
8adc350
@louischan-oursky
Start authgear images in wrapper
fe3828d
@louischan-oursky
Make IssueJWTAccessToken true in authgear init
84e3797 
The client created in portal has this enabled by default already.
@louischan-oursky
Create project accounts
8254907
@louischan-oursky
Use a simpler mechanism to append to GO_BUILD_TAGS
9cb3ff4
@louischan-oursky
Set build tag authgearonce
6b0b70f
@louischan-oursky
Tidy up the usage of ARG in non-once dockerfiles
bd22914 
1. If ARG GIT_HASH is unused, remove it from the stage.
2. Remove explicit GIT_HASH assignment in the commandline.
3. Declare ARG AUTHGEARLITE and ARG AUTHGEARONCE before invoking make.
@louischan-oursky
Avoid non-trivial string substitution in composing once/Dockerfile
51ec0af
@louischan-oursky louischan-oursky force-pushed the dev-2412-build-once-docker-image-part-2 branch from 68ce325 to 51ec0af Compare February 20, 2025 07:19
@tung2744 tung2744 merged commit f3380ae into authgear:main Feb 20, 2025
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tung2744 tung2744 tung2744 approved these changes

Assignees

@tung2744 tung2744

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@louischan-oursky @tung2744