Skip to content

chore(dogfood): update dogfood template to use artifactory #11452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jan 5, 2024
Merged

chore(dogfood): update dogfood template to use artifactory #11452

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d90bf31
chore(dogfood): update to use artifactory
matifali Jan 5, 2024
7f2b357
Update main.tf
matifali Jan 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 42 additions & 15 deletions dogfood/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,16 @@ terraform {
}
}

variable "jfrog_url" {
type = string
description = "Artifactory URL. e.g. https://myartifactory.example.com"
# ensue the URL is HTTPS or HTTP
validation {
condition = can(regex("^(https|http)://", var.jfrog_url))
error_message = "jfrog_url must be a valid URL starting with either 'https://' or 'http://'"
}
}

locals {
// These are cluster service addresses mapped to Tailscale nodes. Ask Dean or
// Kyle for help.
Expand All @@ -21,7 +31,10 @@ locals {
"sa-saopaulo" = "tcp://oberstein-sao-cdr-dev.tailscale.svc.cluster.local:2375"
}

repo_dir = replace(data.coder_parameter.repo_dir.value, "/^~\\//", "/home/coder/")
repo_dir = replace(data.coder_parameter.repo_dir.value, "/^~\\//", "/home/coder/")
container_name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
registry_name = "codercom/oss-dogfood"
jfrog_host = replace(var.jfrog_url, "https://", "")
}

data "coder_parameter" "repo_dir" {
Expand Down Expand Up @@ -61,6 +74,11 @@ data "coder_parameter" "region" {

provider "docker" {
host = lookup(local.docker_host, data.coder_parameter.region.value)
registry_auth {
address = var.jfrog_url
username = module.jfrog.username
password = module.jfrog.access_token
}
}

provider "coder" {}
Expand Down Expand Up @@ -125,6 +143,20 @@ module "coder-login" {
agent_id = coder_agent.dev.id
}

module "jfrog" {
source = "https://registry.coder.com/modules/jfrog-oauth"
agent_id = coder_agent.dev.id
jfrog_url = var.jfrog_url
configure_code_server = true
username_field = "username"
package_managers = {
"npm" : "npm",
"go" : "go",
"pypi" : "pypi",
"docker" : "docker"
}
}

resource "coder_agent" "dev" {
arch = "amd64"
os = "linux"
Expand Down Expand Up @@ -219,8 +251,9 @@ resource "coder_agent" "dev" {
startup_script_timeout = 60
startup_script = <<-EOT
set -eux -o pipefail
# Start Docker service
sudo service docker start
EOT
EOT
}

resource "docker_volume" "home_volume" {
Expand Down Expand Up @@ -250,22 +283,16 @@ resource "docker_volume" "home_volume" {
}
}

locals {
container_name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
registry_name = "codercom/oss-dogfood"
}
data "docker_registry_image" "dogfood" {
name = "${local.registry_name}:latest"
resource "null_resource" "update_trigger" {
triggers = {
always_run = "${timestamp()}"
}
}

resource "docker_image" "dogfood" {
name = "${local.registry_name}@${data.docker_registry_image.dogfood.sha256_digest}"
pull_triggers = [
data.docker_registry_image.dogfood.sha256_digest,
sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])),
filesha1("Dockerfile"),
]
keep_locally = true
name = "${local.jfrog_host}/docker/${local.registry_name}:latest"
pull_triggers = [null_resource.update_trigger.id]
keep_locally = true
}
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was not working nicely with a private docker registry, so I had to resort to this hack,
I filed an issue with the docker provider.
kreuzwerker/terraform-provider-docker#593

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is also not working, and terraform is not pulling the latest image even though Artifactory has it.
There are open issues regarding this: kreuzwerker/terraform-provider-docker#172

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can skip pulling from the satisfactory in Terraform or use a new tag on each build. Probably short git sha.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After talking to @Emyrk, we decided not to use Artifactory to fetch pull docker image.


resource "docker_container" "workspace" {
Expand Down