Improve Dockerfile to reduce amount of config needed in docker-compose #723
Conversation
chrishoage
force-pushed
the
hoage/docker-improved
branch
from
1b23277 to
523016b
Compare
chrishoage
force-pushed
the
hoage/docker-improved
branch
from
523016b to
0f6cf6e
Compare
| # Add the hello_world.yaml file | ||
| COPY --chown=${USER}:${USER} <<EOF .config/dagu/dags/hello_world.yaml | ||
| schedule: "* * * * *" | ||
| steps: | ||
| - name: hello world | ||
| command: sh | ||
| script: | | ||
| echo "Hello, world!" | ||
| EOF |
There was a problem hiding this comment.
This could never work as when a user binds over /home/dagu/.config/dagu it will mount over this file at this location.
If there is a desire to have an automatically populated hello-world dag, it would have to happen during runtime on the first boot.
| if [ -d /home/dagu/.config/dagu ]; then | ||
| echo "WARNING: Using legacy /home/dagu directory. Please consider moving to /config" | ||
| usermod -d /home/dagu dagu | ||
| chown $PUID:$PGID -R /home/dagu | ||
| else |
There was a problem hiding this comment.
This check isn't the best, but it should cover most cases.
We mirror what the "init" part of the original docker-compose stack did by chowning the directory.
| - DOCKER_GID=999 # optional. default is -1 and it will be ignored | ||
| volumes: | ||
| - dagu_config:/config | ||
| - /var/run/docker.sock:/var/run/docker.sock # optional. required for docker in docker |
There was a problem hiding this comment.
I wasn't sure if this was worth including here. It maybe the comment should mention the socat alternative in the docs?
There was a problem hiding this comment.
Thank you for the great suggestion! I believe this would be a valuable addition to include here. I think mentioning socat would be nice, but I also like the current focus on the docker-compose configuration. So, let's leave it as it is for now.
| yarn install --frozen-lockfile --non-interactive; \ | ||
| yarn build | ||
| yarn install --frozen-lockfile --non-interactive; \ | ||
| yarn build |
There was a problem hiding this comment.
My editor kept formatting this - happy to revert if it is undesired.
| apk add --no-cache sudo tzdata; \ | ||
| addgroup -g ${USER_GID} ${USER}; \ | ||
| adduser ${USER} -h /home/${USER} -u ${USER_UID} -G ${USER} -D -s /bin/ash; \ | ||
| echo ${USER} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/${USER}; \ | ||
| chmod 0440 /etc/sudoers.d/${USER}; \ | ||
| mkdir -p .config/dagu/dags; \ | ||
| chown -R ${USER}:${USER} /home/${USER}; | ||
|
|
||
| COPY --from=go-builder /app/bin/dagu /usr/local/bin/ | ||
| COPY ./entrypoint.sh /entrypoint.sh | ||
|
|
||
| # Create user and set permissions | ||
| RUN apk update && \ | ||
| apk add --no-cache su-exec shadow tzdata && \ | ||
| addgroup -g ${USER_GID} ${USER} && \ | ||
| adduser ${USER} -h /config -u ${USER_UID} -G ${USER} -D -s /bin/ash && \ | ||
| chown -R ${USER}:${USER} /config && \ | ||
| chmod +x /entrypoint.sh; |
There was a problem hiding this comment.
Instead of sudo we rely on su-exec and allowing the user to run scripts in /etc/custom-init.d
Ideally sudo would not be added to docker containers, since it is easy to get root if you need it anyway (through docker exec)
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #723 +/- ##
=======================================
Coverage 61.67% 61.67%
=======================================
Files 53 53
Lines 5260 5260
=======================================
Hits 3244 3244
Misses 1762 1762
Partials 254 254 Continue to review full report in Codecov by Sentry.
|
Closes #715
This work significantly changes the Dockerfile and the required docker-compose.yaml configuration.
The changes include
/configdirectory usingDAGU_HOME. This relies on the resolver.go behavior that places all files together whenappHomeEnvis specified.entrypoint.shfile that does the following/home/daguinside the container - if so it uses itDAGU_HOME=/configif DAGU_HOME is not already set/etc/custom-init.dduring boot. This can be used to install things into the container - like python, node, etcsu-execIn order to test use the updated documentation. To test the "legacy" home behavior use the following compose file
Where
test-configandtest-datamap to the previous docker volume mounts.The "guessing" is best effort and it could be fooled, however I tried to make it as robust as I could.
This is a pretty large change, so please feel free to try to test this as thoroughly as possible. I'm happy to make more improvements or changes before merging.