From e9133f37fbb108838a9ceb0e094e5e8f763eb659 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 05:42:21 +0300 Subject: [PATCH 01/22] wip --- .dockerignore | 6 + dogfood/Dockerfile | 374 +++++---------------------------------------- flake.nix | 16 +- 3 files changed, 47 insertions(+), 349 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000000000..2eed142bc843e --- /dev/null +++ b/.dockerignore @@ -0,0 +1,6 @@ +# Ignore all files and folders +** + +# Include flake.nix and flake.lock +!flake.nix +!flake.lock diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile index 2b2bc8897d32f..2cb1b092010c1 100644 --- a/dogfood/Dockerfile +++ b/dogfood/Dockerfile @@ -1,355 +1,49 @@ -FROM rust:slim AS rust-utils -# Install rust helper programs -# ENV CARGO_NET_GIT_FETCH_WITH_CLI=true -ENV CARGO_INSTALL_ROOT=/tmp/ -RUN cargo install exa bat ripgrep typos-cli watchexec-cli +# Build stage +FROM nixos/nix:2.19.2 as nix -FROM ubuntu:jammy AS go +# enable --experimental-features 'nix-command flakes' globally +RUN mkdir -p /etc/nix && echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf -RUN apt-get update && apt-get install --yes curl gcc -# Install Go manually, so that we can control the version -ARG GO_VERSION=1.21.5 -RUN mkdir --parents /usr/local/go +# Copy the Nix related files into the Docker image +COPY flake.nix /app/flake.nix +COPY flake.lock /app/flake.lock -# Boring Go is needed to build FIPS-compliant binaries. -RUN curl --silent --show-error --location \ - "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ - -o /usr/local/go.tar.gz +# Install dependencies from flake and remove the flake +RUN nix profile install /app#all --priority 4 && rm -rf /app -RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 +# print all users and groups +RUN cp /etc/passwd /etc/passwd.nix && cp /etc/group /etc/group.nix -ENV PATH=$PATH:/usr/local/go/bin +# Final image +FROM codercom/enterprise-base:latest as final -# Install Go utilities. -ARG GOPATH="/tmp/" -RUN mkdir --parents "$GOPATH" && \ - # moq for Go tests. - go install github.com/matryer/moq@v0.2.3 && \ - # swag for Swagger doc generation - go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \ - # go-swagger tool to generate the go coder api client - go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \ - # goimports for updating imports - go install golang.org/x/tools/cmd/goimports@v0.1.7 && \ - # protoc-gen-go is needed to build sysbox from source - go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30 && \ - # drpc support for v2 - go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33 && \ - # migrate for migration support for v2 - go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \ - # goreleaser for compiling v2 binaries - go install github.com/goreleaser/goreleaser@v1.6.1 && \ - # Install the latest version of gopls for editors that support - # the language server protocol - go install golang.org/x/tools/gopls@latest && \ - # gotestsum makes test output more readable - go install gotest.tools/gotestsum@v1.9.0 && \ - # goveralls collects code coverage metrics from tests - # and sends to Coveralls - go install github.com/mattn/goveralls@v0.0.11 && \ - # kind for running Kubernetes-in-Docker, needed for tests - go install sigs.k8s.io/kind@v0.10.0 && \ - # helm-docs generates our Helm README based on a template and the - # charts and values files - go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \ - # sqlc for Go code generation - (CGO_ENABLED=1 go install github.com/sqlc-dev/sqlc/cmd/sqlc@v1.25.0) && \ - # gcr-cleaner-cli used by CI to prune unused images - go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \ - # ruleguard for checking custom rules, without needing to run all of - # golangci-lint. Check the go.mod in the release of golangci-lint that - # we're using for the version of go-critic that it embeds, then check - # the version of ruleguard in go-critic for that tag. - go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \ - # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest. - go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \ - go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \ - # go-releaser for building 'fat binaries' that work cross-platform - go install github.com/goreleaser/goreleaser@v1.6.1 && \ - go install mvdan.cc/sh/v3/cmd/shfmt@latest && \ - # nfpm is used with `make build` to make release packages - go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.1 && \ - # yq v4 is used to process yaml files in coder v2. Conflicts with - # yq v3 used in v1. - go install github.com/mikefarah/yq/v4@v4.30.6 && \ - mv /tmp/bin/yq /tmp/bin/yq4 && \ - go install go.uber.org/mock/mockgen@v0.4.0 +USER root -FROM gcr.io/coder-dev-1/alpine:3.18 as proto -WORKDIR /tmp -RUN apk add curl unzip -RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip -RUN unzip protoc.zip +# Copy the Nix related files into the Docker image +COPY --from=nix /nix /nix +COPY --from=nix /etc/nix /etc/nix +COPY --from=nix /root/.nix-profile /root/.nix-profile +COPY --from=nix /root/.nix-defexpr /root/.nix-defexpr +COPY --from=nix /root/.nix-channels /root/.nix-channels -FROM ubuntu:jammy +# Merge the passwd and group files +COPY --from=nix /etc/passwd.nix /etc/passwd.nix +COPY --from=nix /etc/group.nix /etc/group.nix +RUN cat /etc/passwd.nix >> /etc/passwd && cat /etc/group.nix >> /etc/group && rm /etc/passwd.nix && rm /etc/group.nix -SHELL ["/bin/bash", "-c"] +# Update the PATH to include the Nix stuff +ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH -# Updated certificates are necessary to use the teraswitch mirror. -# This must be ran before copying in configuration since the config replaces -# the default mirror with teraswitch. -RUN apt-get update && apt-get install --yes ca-certificates +# Install npm global packages +ENV DEBIAN_FRONTEND=noninteractive +RUN apt-get update && apt-get upgrade -y && \ + npm install -g pnpm playwright@1.36.2 && npx playwright install-deps && npm cache clean --force && \ + rm -rf /var/lib/apt/lists/* -COPY files / - -# Install packages from apt repositories -ARG DEBIAN_FRONTEND="noninteractive" - -RUN apt-get update --quiet && apt-get install --yes \ - apt-transport-https \ - apt-utils \ - bash \ - bash-completion \ - bats \ - bind9-dnsutils \ - build-essential \ - ca-certificates \ - cmake \ - crypto-policies \ - curl \ - fd-find \ - file \ - git \ - gnupg \ - graphviz \ - htop \ - httpie \ - inetutils-tools \ - iproute2 \ - iputils-ping \ - iputils-tracepath \ - jq \ - language-pack-en \ - less \ - lsb-release \ - man \ - meld \ - net-tools \ - openjdk-11-jdk-headless \ - openssh-server \ - openssl \ - libssl-dev \ - pkg-config \ - python3 \ - python3-pip \ - rsync \ - shellcheck \ - strace \ - sudo \ - tcptraceroute \ - termshark \ - traceroute \ - vim \ - wget \ - xauth \ - zip \ - ncdu \ - cargo \ - asciinema \ - zsh \ - ansible \ - neovim \ - google-cloud-sdk \ - google-cloud-sdk-datastore-emulator \ - kubectl \ - postgresql-13 \ - containerd.io \ - docker-ce \ - docker-ce-cli \ - docker-compose-plugin \ - packer \ - fish \ - unzip \ - zstd \ - screen \ - gettext-base && \ - # Delete package cache to avoid consuming space in layer - apt-get clean && \ - # Configure FIPS-compliant policies - update-crypto-policies --set FIPS - -# NOTE: In scripts/Dockerfile.base we specifically install Terraform version 1.5.7 -# as it is the last version licensed under the MPL. Installing the same version -# here for consistency. -RUN wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip" && \ - unzip /tmp/terraform.zip -d /usr/local/bin && \ - rm -f /tmp/terraform.zip && \ - chmod +x /usr/local/bin/terraform && \ - terraform --version - -# Install the docker buildx component. -RUN DOCKER_BUILDX_VERSION=$(curl -s "https://api.github.com/repos/docker/buildx/releases/latest" | grep '"tag_name":' | sed -E 's/.*"(v[^"]+)".*/\1/') && \ - mkdir -p /usr/local/lib/docker/cli-plugins && \ - curl -Lo /usr/local/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-amd64" && \ - chmod a+x /usr/local/lib/docker/cli-plugins/docker-buildx - -# See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof -# the apt repository is unreliable -RUN GH_CLI_VERSION=$(curl -s "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ - curl -L https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.deb -o gh.deb && \ - dpkg -i gh.deb && \ - rm gh.deb - -# Install Lazygit -# See https://github.com/jesseduffield/lazygit#ubuntu -RUN LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v*([^"]+)".*/\1/') && \ - curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \ - tar xf lazygit.tar.gz -C /usr/local/bin lazygit - -# Install frontend utilities -RUN apt-get update && \ - # Node.js (from nodesource) and Yarn (from yarnpkg) - apt-get install --yes --quiet \ - nodejs yarn \ - # Install browsers for e2e testing - google-chrome-stable microsoft-edge-beta && \ - # Pre-install system dependencies that Playwright needs. npx doesn't work here - # for some reason. See https://github.com/microsoft/playwright-cli/issues/136 - npm i -g playwright@1.36.2 pnpm@^8 corepack && playwright install-deps && \ - npm cache clean --force - -# Ensure PostgreSQL binaries are in the users $PATH. -RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/13/bin/initdb 100 && \ - update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100 - -# Create links for injected dependencies -RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \ - ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server - -# Disable the PostgreSQL systemd service. -# Coder uses a custom timescale container to test the database instead. -RUN systemctl disable \ - postgresql - -# Configure systemd services for CVMs -RUN systemctl enable \ - docker \ - ssh - -# Install tools with published releases, where that is the -# preferred/recommended installation method. -ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \ - DIVE_VERSION=0.10.0 \ - DOCKER_GCR_VERSION=2.1.8 \ - GOLANGCI_LINT_VERSION=1.55.2 \ - GRYPE_VERSION=0.61.1 \ - HELM_VERSION=3.12.0 \ - KUBE_LINTER_VERSION=0.6.3 \ - KUBECTX_VERSION=0.9.4 \ - STRIPE_VERSION=1.14.5 \ - TERRAGRUNT_VERSION=0.45.11 \ - TRIVY_VERSION=0.41.0 - -# cloud_sql_proxy, for connecting to cloudsql instances -# the upstream go.mod prevents this from being installed with go install -RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \ - chmod a=rx /usr/local/bin/cloud_sql_proxy && \ - # dive for scanning image layer utilization metrics in CI - curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- dive && \ - # docker-credential-gcr is a Docker credential helper for pushing/pulling - # images from Google Container Registry and Artifact Registry - curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \ - # golangci-lint performs static code analysis for our Go code - curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \ - # Anchore Grype for scanning container images for security issues - curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- grype && \ - # Helm is necessary for deploying Coder - curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \ - # kube-linter for linting Kubernetes objects, including those - # that Helm generates from our charts - curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \ - # kubens and kubectx for managing Kubernetes namespaces and contexts - curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \ - curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \ - # stripe for coder.com billing API - curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \ - # terragrunt for running Terraform and Terragrunt files - curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \ - chmod a=rx /usr/local/bin/terragrunt && \ - # AquaSec Trivy for scanning container images for security issues - curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/bin --file=- trivy - -# Add Vercel globally. We can't install it in packages.json, because it -# includes Go files which make golangci-lint unhappy. -RUN yarn global add --prefix=/usr/local \ - vercel \ - typescript \ - typescript-language-server \ - prettier && \ - yarn cache clean - -# We use yq during "make deploy" to manually substitute out fields in -# our helm values.yaml file. See https://github.com/helm/helm/issues/3141 -# -# TODO: update to 4.x, we can't do this now because it included breaking -# changes (yq w doesn't work anymore) -# RUN curl --silent --show-error --location "https://github.com/mikefarah/yq/releases/download/v4.9.0/yq_linux_amd64.tar.gz" | \ -# tar --extract --gzip --directory=/usr/local/bin --file=- ./yq_linux_amd64 && \ -# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq - -RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \ - chmod a=rx /usr/local/bin/yq - -# Install GoLand. -RUN mkdir --parents /usr/local/goland && \ - curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \ - tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \ - ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland - -# Install Antlrv4, needed to generate paramlang lexer/parser -RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar" -ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}" - -# Add coder user and allow use of docker/sudo -RUN useradd coder \ - --create-home \ - --shell=/bin/bash \ - --groups=docker \ - --uid=1000 \ - --user-group - -# Adjust OpenSSH config -RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \ - echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \ - echo "X11UseLocalhost no" >>/etc/ssh/sshd_config - -# We avoid copying the extracted directory since COPY slows to minutes when there -# are a lot of small files. -COPY --from=go /usr/local/go.tar.gz /usr/local/go.tar.gz -RUN mkdir /usr/local/go && \ - tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 - -ENV PATH=$PATH:/usr/local/go/bin - -RUN update-alternatives --install /usr/local/bin/gofmt gofmt /usr/local/go/bin/gofmt 100 - -COPY --from=go /tmp/bin /usr/local/bin -COPY --from=rust-utils /tmp/bin /usr/local/bin -COPY --from=proto /tmp/bin /usr/local/bin -COPY --from=proto /tmp/include /usr/local/bin/include - -USER coder - -# Ensure go bins are in the 'coder' user's path. Note that no go bins are -# installed in this docker file, as they'd be mounted over by the persistent -# home volume. -ENV PATH="/home/coder/go/bin:${PATH}" - -# This setting prevents Go from using the public checksum database for -# our module path prefixes. It is required because these are in private -# repositories that require authentication. -# -# For details, see: https://golang.org/ref/mod#private-modules +# Set environment variables ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" # Increase memory allocation to NodeJS ENV NODE_OPTIONS="--max-old-space-size=8192" + +USER coder diff --git a/flake.nix b/flake.nix index e7671015c79f2..b74dfd34ca373 100644 --- a/flake.nix +++ b/flake.nix @@ -10,14 +10,8 @@ outputs = { self, nixpkgs, flake-utils, drpc }: flake-utils.lib.eachDefaultSystem (system: let - # Workaround for: terraform has an unfree license (‘bsl11’), refusing to evaluate. pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; formatter = pkgs.nixpkgs-fmt; - # Check in https://search.nixos.org/packages to find new packages. - # Use `nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update` - # to update the lock file if packages are out-of-date. - - # From https://nixos.wiki/wiki/Google_Cloud_SDK gdk = pkgs.google-cloud-sdk.withExtraComponents ([pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin]); devShellPackages = with pkgs; [ @@ -42,7 +36,6 @@ kubectx kubernetes-helm less - # Needed for many LD system libs! libuuid mockgen nfpm @@ -64,7 +57,6 @@ shellcheck shfmt sqlc - # strace is not available on OSX (if pkgs.stdenv.hostPlatform.isDarwin then null else strace) terraform typos @@ -76,10 +68,16 @@ zsh zstd ]; + + allPackages = pkgs.buildEnv { + name = "all-packages"; + paths = devShellPackages; + }; in { - defaultPackage = formatter; # or replace it with your desired default package. + defaultPackage = formatter; devShell = pkgs.mkShell { buildInputs = devShellPackages; }; + packages.all = allPackages; } ); } From e6ec40ff378fa5cda3b16cbf734950178dde602b Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 06:21:09 +0300 Subject: [PATCH 02/22] wip --- dogfood/Dockerfile | 374 +++++++++++++++++++++++++++++++++++---- dogfood/Dockerfile.nix | 49 +++++ dogfood/main.tf | 20 ++- site/static/icon/nix.svg | 89 ++++++++++ 4 files changed, 497 insertions(+), 35 deletions(-) create mode 100644 dogfood/Dockerfile.nix create mode 100644 site/static/icon/nix.svg diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile index 2cb1b092010c1..2b2bc8897d32f 100644 --- a/dogfood/Dockerfile +++ b/dogfood/Dockerfile @@ -1,49 +1,355 @@ -# Build stage -FROM nixos/nix:2.19.2 as nix +FROM rust:slim AS rust-utils +# Install rust helper programs +# ENV CARGO_NET_GIT_FETCH_WITH_CLI=true +ENV CARGO_INSTALL_ROOT=/tmp/ +RUN cargo install exa bat ripgrep typos-cli watchexec-cli -# enable --experimental-features 'nix-command flakes' globally -RUN mkdir -p /etc/nix && echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf +FROM ubuntu:jammy AS go -# Copy the Nix related files into the Docker image -COPY flake.nix /app/flake.nix -COPY flake.lock /app/flake.lock +RUN apt-get update && apt-get install --yes curl gcc +# Install Go manually, so that we can control the version +ARG GO_VERSION=1.21.5 +RUN mkdir --parents /usr/local/go -# Install dependencies from flake and remove the flake -RUN nix profile install /app#all --priority 4 && rm -rf /app +# Boring Go is needed to build FIPS-compliant binaries. +RUN curl --silent --show-error --location \ + "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \ + -o /usr/local/go.tar.gz -# print all users and groups -RUN cp /etc/passwd /etc/passwd.nix && cp /etc/group /etc/group.nix +RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 -# Final image -FROM codercom/enterprise-base:latest as final +ENV PATH=$PATH:/usr/local/go/bin -USER root +# Install Go utilities. +ARG GOPATH="/tmp/" +RUN mkdir --parents "$GOPATH" && \ + # moq for Go tests. + go install github.com/matryer/moq@v0.2.3 && \ + # swag for Swagger doc generation + go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \ + # go-swagger tool to generate the go coder api client + go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \ + # goimports for updating imports + go install golang.org/x/tools/cmd/goimports@v0.1.7 && \ + # protoc-gen-go is needed to build sysbox from source + go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30 && \ + # drpc support for v2 + go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33 && \ + # migrate for migration support for v2 + go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \ + # goreleaser for compiling v2 binaries + go install github.com/goreleaser/goreleaser@v1.6.1 && \ + # Install the latest version of gopls for editors that support + # the language server protocol + go install golang.org/x/tools/gopls@latest && \ + # gotestsum makes test output more readable + go install gotest.tools/gotestsum@v1.9.0 && \ + # goveralls collects code coverage metrics from tests + # and sends to Coveralls + go install github.com/mattn/goveralls@v0.0.11 && \ + # kind for running Kubernetes-in-Docker, needed for tests + go install sigs.k8s.io/kind@v0.10.0 && \ + # helm-docs generates our Helm README based on a template and the + # charts and values files + go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \ + # sqlc for Go code generation + (CGO_ENABLED=1 go install github.com/sqlc-dev/sqlc/cmd/sqlc@v1.25.0) && \ + # gcr-cleaner-cli used by CI to prune unused images + go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \ + # ruleguard for checking custom rules, without needing to run all of + # golangci-lint. Check the go.mod in the release of golangci-lint that + # we're using for the version of go-critic that it embeds, then check + # the version of ruleguard in go-critic for that tag. + go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \ + # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest. + go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \ + go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \ + # go-releaser for building 'fat binaries' that work cross-platform + go install github.com/goreleaser/goreleaser@v1.6.1 && \ + go install mvdan.cc/sh/v3/cmd/shfmt@latest && \ + # nfpm is used with `make build` to make release packages + go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.1 && \ + # yq v4 is used to process yaml files in coder v2. Conflicts with + # yq v3 used in v1. + go install github.com/mikefarah/yq/v4@v4.30.6 && \ + mv /tmp/bin/yq /tmp/bin/yq4 && \ + go install go.uber.org/mock/mockgen@v0.4.0 -# Copy the Nix related files into the Docker image -COPY --from=nix /nix /nix -COPY --from=nix /etc/nix /etc/nix -COPY --from=nix /root/.nix-profile /root/.nix-profile -COPY --from=nix /root/.nix-defexpr /root/.nix-defexpr -COPY --from=nix /root/.nix-channels /root/.nix-channels +FROM gcr.io/coder-dev-1/alpine:3.18 as proto +WORKDIR /tmp +RUN apk add curl unzip +RUN curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip +RUN unzip protoc.zip -# Merge the passwd and group files -COPY --from=nix /etc/passwd.nix /etc/passwd.nix -COPY --from=nix /etc/group.nix /etc/group.nix -RUN cat /etc/passwd.nix >> /etc/passwd && cat /etc/group.nix >> /etc/group && rm /etc/passwd.nix && rm /etc/group.nix +FROM ubuntu:jammy -# Update the PATH to include the Nix stuff -ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH +SHELL ["/bin/bash", "-c"] -# Install npm global packages -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get upgrade -y && \ - npm install -g pnpm playwright@1.36.2 && npx playwright install-deps && npm cache clean --force && \ - rm -rf /var/lib/apt/lists/* +# Updated certificates are necessary to use the teraswitch mirror. +# This must be ran before copying in configuration since the config replaces +# the default mirror with teraswitch. +RUN apt-get update && apt-get install --yes ca-certificates -# Set environment variables +COPY files / + +# Install packages from apt repositories +ARG DEBIAN_FRONTEND="noninteractive" + +RUN apt-get update --quiet && apt-get install --yes \ + apt-transport-https \ + apt-utils \ + bash \ + bash-completion \ + bats \ + bind9-dnsutils \ + build-essential \ + ca-certificates \ + cmake \ + crypto-policies \ + curl \ + fd-find \ + file \ + git \ + gnupg \ + graphviz \ + htop \ + httpie \ + inetutils-tools \ + iproute2 \ + iputils-ping \ + iputils-tracepath \ + jq \ + language-pack-en \ + less \ + lsb-release \ + man \ + meld \ + net-tools \ + openjdk-11-jdk-headless \ + openssh-server \ + openssl \ + libssl-dev \ + pkg-config \ + python3 \ + python3-pip \ + rsync \ + shellcheck \ + strace \ + sudo \ + tcptraceroute \ + termshark \ + traceroute \ + vim \ + wget \ + xauth \ + zip \ + ncdu \ + cargo \ + asciinema \ + zsh \ + ansible \ + neovim \ + google-cloud-sdk \ + google-cloud-sdk-datastore-emulator \ + kubectl \ + postgresql-13 \ + containerd.io \ + docker-ce \ + docker-ce-cli \ + docker-compose-plugin \ + packer \ + fish \ + unzip \ + zstd \ + screen \ + gettext-base && \ + # Delete package cache to avoid consuming space in layer + apt-get clean && \ + # Configure FIPS-compliant policies + update-crypto-policies --set FIPS + +# NOTE: In scripts/Dockerfile.base we specifically install Terraform version 1.5.7 +# as it is the last version licensed under the MPL. Installing the same version +# here for consistency. +RUN wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.5.7/terraform_1.5.7_linux_amd64.zip" && \ + unzip /tmp/terraform.zip -d /usr/local/bin && \ + rm -f /tmp/terraform.zip && \ + chmod +x /usr/local/bin/terraform && \ + terraform --version + +# Install the docker buildx component. +RUN DOCKER_BUILDX_VERSION=$(curl -s "https://api.github.com/repos/docker/buildx/releases/latest" | grep '"tag_name":' | sed -E 's/.*"(v[^"]+)".*/\1/') && \ + mkdir -p /usr/local/lib/docker/cli-plugins && \ + curl -Lo /usr/local/lib/docker/cli-plugins/docker-buildx "https://github.com/docker/buildx/releases/download/${DOCKER_BUILDX_VERSION}/buildx-${DOCKER_BUILDX_VERSION}.linux-amd64" && \ + chmod a+x /usr/local/lib/docker/cli-plugins/docker-buildx + +# See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof +# the apt repository is unreliable +RUN GH_CLI_VERSION=$(curl -s "https://api.github.com/repos/cli/cli/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/') && \ + curl -L https://github.com/cli/cli/releases/download/v${GH_CLI_VERSION}/gh_${GH_CLI_VERSION}_linux_amd64.deb -o gh.deb && \ + dpkg -i gh.deb && \ + rm gh.deb + +# Install Lazygit +# See https://github.com/jesseduffield/lazygit#ubuntu +RUN LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v*([^"]+)".*/\1/') && \ + curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \ + tar xf lazygit.tar.gz -C /usr/local/bin lazygit + +# Install frontend utilities +RUN apt-get update && \ + # Node.js (from nodesource) and Yarn (from yarnpkg) + apt-get install --yes --quiet \ + nodejs yarn \ + # Install browsers for e2e testing + google-chrome-stable microsoft-edge-beta && \ + # Pre-install system dependencies that Playwright needs. npx doesn't work here + # for some reason. See https://github.com/microsoft/playwright-cli/issues/136 + npm i -g playwright@1.36.2 pnpm@^8 corepack && playwright install-deps && \ + npm cache clean --force + +# Ensure PostgreSQL binaries are in the users $PATH. +RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/13/bin/initdb 100 && \ + update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100 + +# Create links for injected dependencies +RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \ + ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server + +# Disable the PostgreSQL systemd service. +# Coder uses a custom timescale container to test the database instead. +RUN systemctl disable \ + postgresql + +# Configure systemd services for CVMs +RUN systemctl enable \ + docker \ + ssh + +# Install tools with published releases, where that is the +# preferred/recommended installation method. +ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \ + DIVE_VERSION=0.10.0 \ + DOCKER_GCR_VERSION=2.1.8 \ + GOLANGCI_LINT_VERSION=1.55.2 \ + GRYPE_VERSION=0.61.1 \ + HELM_VERSION=3.12.0 \ + KUBE_LINTER_VERSION=0.6.3 \ + KUBECTX_VERSION=0.9.4 \ + STRIPE_VERSION=1.14.5 \ + TERRAGRUNT_VERSION=0.45.11 \ + TRIVY_VERSION=0.41.0 + +# cloud_sql_proxy, for connecting to cloudsql instances +# the upstream go.mod prevents this from being installed with go install +RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \ + chmod a=rx /usr/local/bin/cloud_sql_proxy && \ + # dive for scanning image layer utilization metrics in CI + curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- dive && \ + # docker-credential-gcr is a Docker credential helper for pushing/pulling + # images from Google Container Registry and Artifact Registry + curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \ + # golangci-lint performs static code analysis for our Go code + curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \ + # Anchore Grype for scanning container images for security issues + curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- grype && \ + # Helm is necessary for deploying Coder + curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \ + # kube-linter for linting Kubernetes objects, including those + # that Helm generates from our charts + curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \ + # kubens and kubectx for managing Kubernetes namespaces and contexts + curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \ + curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \ + # stripe for coder.com billing API + curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \ + # terragrunt for running Terraform and Terragrunt files + curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \ + chmod a=rx /usr/local/bin/terragrunt && \ + # AquaSec Trivy for scanning container images for security issues + curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- trivy + +# Add Vercel globally. We can't install it in packages.json, because it +# includes Go files which make golangci-lint unhappy. +RUN yarn global add --prefix=/usr/local \ + vercel \ + typescript \ + typescript-language-server \ + prettier && \ + yarn cache clean + +# We use yq during "make deploy" to manually substitute out fields in +# our helm values.yaml file. See https://github.com/helm/helm/issues/3141 +# +# TODO: update to 4.x, we can't do this now because it included breaking +# changes (yq w doesn't work anymore) +# RUN curl --silent --show-error --location "https://github.com/mikefarah/yq/releases/download/v4.9.0/yq_linux_amd64.tar.gz" | \ +# tar --extract --gzip --directory=/usr/local/bin --file=- ./yq_linux_amd64 && \ +# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq + +RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \ + chmod a=rx /usr/local/bin/yq + +# Install GoLand. +RUN mkdir --parents /usr/local/goland && \ + curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \ + ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland + +# Install Antlrv4, needed to generate paramlang lexer/parser +RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar" +ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}" + +# Add coder user and allow use of docker/sudo +RUN useradd coder \ + --create-home \ + --shell=/bin/bash \ + --groups=docker \ + --uid=1000 \ + --user-group + +# Adjust OpenSSH config +RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \ + echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \ + echo "X11UseLocalhost no" >>/etc/ssh/sshd_config + +# We avoid copying the extracted directory since COPY slows to minutes when there +# are a lot of small files. +COPY --from=go /usr/local/go.tar.gz /usr/local/go.tar.gz +RUN mkdir /usr/local/go && \ + tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 + +ENV PATH=$PATH:/usr/local/go/bin + +RUN update-alternatives --install /usr/local/bin/gofmt gofmt /usr/local/go/bin/gofmt 100 + +COPY --from=go /tmp/bin /usr/local/bin +COPY --from=rust-utils /tmp/bin /usr/local/bin +COPY --from=proto /tmp/bin /usr/local/bin +COPY --from=proto /tmp/include /usr/local/bin/include + +USER coder + +# Ensure go bins are in the 'coder' user's path. Note that no go bins are +# installed in this docker file, as they'd be mounted over by the persistent +# home volume. +ENV PATH="/home/coder/go/bin:${PATH}" + +# This setting prevents Go from using the public checksum database for +# our module path prefixes. It is required because these are in private +# repositories that require authentication. +# +# For details, see: https://golang.org/ref/mod#private-modules ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" # Increase memory allocation to NodeJS ENV NODE_OPTIONS="--max-old-space-size=8192" - -USER coder diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix new file mode 100644 index 0000000000000..02435b262cf34 --- /dev/null +++ b/dogfood/Dockerfile.nix @@ -0,0 +1,49 @@ +# Build stage +FROM nixos/nix:2.19.2 as nix + +# enable --experimental-features 'nix-command flakes' globally +RUN mkdir -p /etc/nix && echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf + +# Copy the Nix related files into the Docker image +COPY flake.nix /app/flake.nix +COPY flake.lock /app/flake.lock + +# Install dependencies from flake and remove the flake +RUN nix profile install /app#all --priority 4 && rm -rf /app + +# print all users and groups +RUN cp /etc/passwd /etc/passwd.nix && cp /etc/group /etc/group.nix + +# Final image +FROM codercom/enterprise-base:latest as final + +USER root + +# Copy the Nix related files into the Docker image +COPY --from=nix /nix /nix +COPY --from=nix /etc/nix /etc/nix +COPY --from=nix /root/.nix-profile /root/.nix-profile +COPY --from=nix /root/.nix-defexpr /root/.nix-defexpr +COPY --from=nix /root/.nix-channels /root/.nix-channels + +# Merge the passwd and group files +COPY --from=nix /etc/passwd.nix /etc/passwd.nix +COPY --from=nix /etc/group.nix /etc/group.nix +RUN cat /etc/passwd.nix >> /etc/passwd && cat /etc/group.nix >> /etc/group && rm /etc/passwd.nix && rm /etc/group.nix + +# Update the PATH to include the Nix stuff +ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH + +# Install playwright dependencies, playwright deps need apt-get to be installed, thats why we install it here +ENV DEBIAN_FRONTEND=noninteractive +RUN apt-get update && apt-get upgrade -y && \ + npm install -g pnpm playwright@1.36.2 && npx playwright install-deps && npm cache clean --force && \ + rm -rf /var/lib/apt/lists/* + +# Set environment variables +ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" + +# Increase memory allocation to NodeJS +ENV NODE_OPTIONS="--max-old-space-size=8192" + +USER coder diff --git a/dogfood/main.tf b/dogfood/main.tf index 4154070329e58..fc2ecf56a57dc 100644 --- a/dogfood/main.tf +++ b/dogfood/main.tf @@ -45,6 +45,23 @@ data "coder_parameter" "repo_dir" { mutable = true } +data "coder_parameter" "image_tag" { + type = "string" + name = "Coder Image" + default = "latest" + description = "The Docker image used to run your workspace. Choose between nix and non-nix images." + option { + icon = "/icon/coder.svg" + name = "Non-Nix" + value = "latest" + } + option { + icon = "/icons/nix.svg" + name = "Nix" + value = "nix" + } +} + data "coder_parameter" "region" { type = "string" name = "Region" @@ -279,7 +296,7 @@ resource "docker_volume" "home_volume" { } data "docker_registry_image" "dogfood" { - name = "${local.registry_name}:latest" + name = "${local.registry_name}:${data.coder_parameter.image_tag.value}" } resource "docker_image" "dogfood" { @@ -288,6 +305,7 @@ resource "docker_image" "dogfood" { data.docker_registry_image.dogfood.sha256_digest, sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])), filesha1("Dockerfile"), + filesha1("Dockerfile.nix"), ] keep_locally = true } diff --git a/site/static/icon/nix.svg b/site/static/icon/nix.svg new file mode 100644 index 0000000000000..a40c4f7418440 --- /dev/null +++ b/site/static/icon/nix.svg @@ -0,0 +1,89 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file From 5c5fe7db4c1638932acdeb983dad8c79987dc274 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 06:27:13 +0300 Subject: [PATCH 03/22] `make fmt && make gen` --- .github/workflows/dogfood.yaml | 13 ++++++++++++- dogfood/main.tf | 15 +++++++-------- site/src/theme/icons.json | 1 + 3 files changed, 20 insertions(+), 9 deletions(-) diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index be349833a60e4..003edf0e2dc28 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -45,7 +45,7 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: Build and push + - name: Build and push Non-Nix image uses: depot/build-push-action@v1 with: project: b4q6ltmpzh @@ -56,6 +56,17 @@ jobs: push: ${{ github.ref == 'refs/heads/main' }} tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest" + - name: Build and push Nix image + uses: depot/build-push-action@v1 + with: + project: b4q6ltmpzh + token: ${{ secrets.DEPOT_TOKEN }} + buildx-fallback: true + context: "{{defaultContext}}:dogfood" + pull: true + push: ${{ github.ref == 'refs/heads/main' }} + tags: "codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood-nix:latest" + deploy_template: needs: build_image if: github.ref == 'refs/heads/main' diff --git a/dogfood/main.tf b/dogfood/main.tf index fc2ecf56a57dc..0ab3a74fbc5c3 100644 --- a/dogfood/main.tf +++ b/dogfood/main.tf @@ -33,7 +33,6 @@ locals { repo_dir = replace(data.coder_parameter.repo_dir.value, "/^~\\//", "/home/coder/") container_name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}" - registry_name = "codercom/oss-dogfood" jfrog_host = replace(var.jfrog_url, "https://", "") } @@ -45,20 +44,20 @@ data "coder_parameter" "repo_dir" { mutable = true } -data "coder_parameter" "image_tag" { - type = "string" - name = "Coder Image" - default = "latest" +data "coder_parameter" "image_type" { + type = "string" + name = "Coder Image" + default = "codercom/oss-dogfood:latest" description = "The Docker image used to run your workspace. Choose between nix and non-nix images." option { icon = "/icon/coder.svg" name = "Non-Nix" - value = "latest" + value = "codercom/oss-dogfood:latest" } option { icon = "/icons/nix.svg" name = "Nix" - value = "nix" + value = "codercom/oss-dogfood-nix:latest" } } @@ -296,7 +295,7 @@ resource "docker_volume" "home_volume" { } data "docker_registry_image" "dogfood" { - name = "${local.registry_name}:${data.coder_parameter.image_tag.value}" + name = data.coder_parameter.image_type.value } resource "docker_image" "dogfood" { diff --git a/site/src/theme/icons.json b/site/src/theme/icons.json index 7ea2f49323b73..de791cdd0c122 100644 --- a/site/src/theme/icons.json +++ b/site/src/theme/icons.json @@ -54,6 +54,7 @@ "matlab.svg", "memory.svg", "microsoft.svg", + "nix.svg", "node.svg", "nodejs.svg", "nomad.svg", From d06d7413b1a12e48408193c042e497a61bc31571 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 03:43:45 +0000 Subject: [PATCH 04/22] set context as root for nix build --- .github/workflows/dogfood.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index 003edf0e2dc28..b79ff0cd448fd 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -62,7 +62,7 @@ jobs: project: b4q6ltmpzh token: ${{ secrets.DEPOT_TOKEN }} buildx-fallback: true - context: "{{defaultContext}}:dogfood" + context: "." pull: true push: ${{ github.ref == 'refs/heads/main' }} tags: "codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood-nix:latest" From 95351275ef2d38e9df0c4a4e97556a454023ce78 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 03:50:21 +0000 Subject: [PATCH 05/22] use correct dockerfile --- .github/workflows/dogfood.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index b79ff0cd448fd..23a8cf5fc9c21 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -52,6 +52,7 @@ jobs: token: ${{ secrets.DEPOT_TOKEN }} buildx-fallback: true context: "{{defaultContext}}:dogfood" + file: "dogfood/Dockerfile.nix" pull: true push: ${{ github.ref == 'refs/heads/main' }} tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest" From a1a6dfe94e372d4188798e126f6ba9066eb4410f Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 03:52:29 +0000 Subject: [PATCH 06/22] fixup! --- .github/workflows/dogfood.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index 23a8cf5fc9c21..8d4ec519f774f 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -52,7 +52,6 @@ jobs: token: ${{ secrets.DEPOT_TOKEN }} buildx-fallback: true context: "{{defaultContext}}:dogfood" - file: "dogfood/Dockerfile.nix" pull: true push: ${{ github.ref == 'refs/heads/main' }} tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest" @@ -64,6 +63,7 @@ jobs: token: ${{ secrets.DEPOT_TOKEN }} buildx-fallback: true context: "." + file: "dogfood/Dockerfile.nix" pull: true push: ${{ github.ref == 'refs/heads/main' }} tags: "codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood-nix:latest" From 13d539074ad61b3f64b388dec2ce23cdac2bbb63 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 03:59:41 +0000 Subject: [PATCH 07/22] save --- .github/workflows/dogfood.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index 8d4ec519f774f..71c4aa7aa7f3e 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -53,6 +53,7 @@ jobs: buildx-fallback: true context: "{{defaultContext}}:dogfood" pull: true + save: true push: ${{ github.ref == 'refs/heads/main' }} tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest" @@ -65,6 +66,7 @@ jobs: context: "." file: "dogfood/Dockerfile.nix" pull: true + save: true push: ${{ github.ref == 'refs/heads/main' }} tags: "codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood-nix:latest" From 0792190b5a9c024d86d319cdcb7be40f55daaa26 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 13:53:52 +0300 Subject: [PATCH 08/22] Update Dockerfile.nix --- dogfood/Dockerfile.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix index 02435b262cf34..de307ad4ea7fd 100644 --- a/dogfood/Dockerfile.nix +++ b/dogfood/Dockerfile.nix @@ -2,6 +2,8 @@ FROM nixos/nix:2.19.2 as nix # enable --experimental-features 'nix-command flakes' globally +# nix does not enbale these features by default these are required to run commands like +# nix develop -c 'some command' or to use falke.nix RUN mkdir -p /etc/nix && echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf # Copy the Nix related files into the Docker image From 0e5f2e0122c11070be6fd94ec4cd57031b5d318a Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 13:57:48 +0300 Subject: [PATCH 09/22] Update flake.nix --- flake.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index b74dfd34ca373..a82e98a496a3d 100644 --- a/flake.nix +++ b/flake.nix @@ -10,8 +10,14 @@ outputs = { self, nixpkgs, flake-utils, drpc }: flake-utils.lib.eachDefaultSystem (system: let + # Workaround for: terraform has an unfree license (‘bsl11’), refusing to evaluate. pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; formatter = pkgs.nixpkgs-fmt; + # Check in https://search.nixos.org/packages to find new packages. + # Use `nix --extra-experimental-features nix-command --extra-experimental-features flakes flake update` + # to update the lock file if packages are out-of-date. + + # From https://nixos.wiki/wiki/Google_Cloud_SDK gdk = pkgs.google-cloud-sdk.withExtraComponents ([pkgs.google-cloud-sdk.components.gke-gcloud-auth-plugin]); devShellPackages = with pkgs; [ @@ -36,6 +42,7 @@ kubectx kubernetes-helm less + # Needed for many LD system libs! libuuid mockgen nfpm @@ -57,6 +64,7 @@ shellcheck shfmt sqlc + # strace is not available on OSX (if pkgs.stdenv.hostPlatform.isDarwin then null else strace) terraform typos @@ -75,7 +83,7 @@ }; in { - defaultPackage = formatter; + defaultPackage = formatter; # or replace it with your desired default package. devShell = pkgs.mkShell { buildInputs = devShellPackages; }; packages.all = allPackages; } From e9c56b175cd5ae550058e04903576585d9d9c3f2 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 14:43:43 +0300 Subject: [PATCH 10/22] run on changes to flake --- .github/workflows/dogfood.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index 71c4aa7aa7f3e..5fa69adf7ae7b 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -7,10 +7,14 @@ on: paths: - "dogfood/**" - ".github/workflows/dogfood.yaml" + - "flake.lock" + - "flake.nix" pull_request: paths: - "dogfood/**" - ".github/workflows/dogfood.yaml" + - "flake.lock" + - "flake.nix" workflow_dispatch: jobs: From 5c116ba01d1322ee4a52869ef99bc2c8a58c15c9 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 15:20:28 +0300 Subject: [PATCH 11/22] format and remove playwright --- dogfood/Dockerfile.nix | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix index de307ad4ea7fd..e50bfe7f9d072 100644 --- a/dogfood/Dockerfile.nix +++ b/dogfood/Dockerfile.nix @@ -11,10 +11,11 @@ COPY flake.nix /app/flake.nix COPY flake.lock /app/flake.lock # Install dependencies from flake and remove the flake -RUN nix profile install /app#all --priority 4 && rm -rf /app +RUN nix profile install "/app#all" --priority 4 && rm -rf /app # print all users and groups -RUN cp /etc/passwd /etc/passwd.nix && cp /etc/group /etc/group.nix +RUN cp /etc/passwd /etc/passwd.nix && \ + cp /etc/group /etc/group.nix # Final image FROM codercom/enterprise-base:latest as final @@ -29,19 +30,17 @@ COPY --from=nix /root/.nix-defexpr /root/.nix-defexpr COPY --from=nix /root/.nix-channels /root/.nix-channels # Merge the passwd and group files +# We need all nix users and groups to be available in the final image COPY --from=nix /etc/passwd.nix /etc/passwd.nix COPY --from=nix /etc/group.nix /etc/group.nix -RUN cat /etc/passwd.nix >> /etc/passwd && cat /etc/group.nix >> /etc/group && rm /etc/passwd.nix && rm /etc/group.nix +RUN cat /etc/passwd.nix >> /etc/passwd && \ + cat /etc/group.nix >> /etc/group && \ + rm /etc/passwd.nix && \ + rm /etc/group.nix # Update the PATH to include the Nix stuff ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH -# Install playwright dependencies, playwright deps need apt-get to be installed, thats why we install it here -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get upgrade -y && \ - npm install -g pnpm playwright@1.36.2 && npx playwright install-deps && npm cache clean --force && \ - rm -rf /var/lib/apt/lists/* - # Set environment variables ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" @@ -49,3 +48,5 @@ ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" ENV NODE_OPTIONS="--max-old-space-size=8192" USER coder + +WORKDIR /home/coder From d9ceed7debebff64eff4d5227a517c33086c0f41 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Thu, 18 Jan 2024 16:39:56 +0300 Subject: [PATCH 12/22] install playwright from `site/packages.json` --- dogfood/main.tf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dogfood/main.tf b/dogfood/main.tf index 0ab3a74fbc5c3..533e2f3add4f6 100644 --- a/dogfood/main.tf +++ b/dogfood/main.tf @@ -171,7 +171,7 @@ module "jfrog" { resource "coder_agent" "dev" { arch = "amd64" os = "linux" - dir = data.coder_parameter.repo_dir.value + dir = local.repo_dir env = { GITHUB_TOKEN : data.coder_external_auth.github.access_token, OIDC_TOKEN : data.coder_workspace.me.owner_oidc_access_token, @@ -264,6 +264,9 @@ resource "coder_agent" "dev" { set -eux -o pipefail # Start Docker service sudo service docker start + # Install playwright dependencies + # We want to use the playwright version from site/package.json + cd ${local.repo_dir} && pnpm install && pnpm playwright:install EOT } From 26a325711161c2345fae24c34c965076faecfc62 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Fri, 19 Jan 2024 13:02:54 +0300 Subject: [PATCH 13/22] fix typo --- dogfood/Dockerfile.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix index e50bfe7f9d072..b226a4d96eb6e 100644 --- a/dogfood/Dockerfile.nix +++ b/dogfood/Dockerfile.nix @@ -2,7 +2,7 @@ FROM nixos/nix:2.19.2 as nix # enable --experimental-features 'nix-command flakes' globally -# nix does not enbale these features by default these are required to run commands like +# nix does not enable these features by default these are required to run commands like # nix develop -c 'some command' or to use falke.nix RUN mkdir -p /etc/nix && echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf From 416c3ce50f7d7565d9d38c220367fdb4d9f2f0a9 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 23 Jan 2024 13:20:23 +0300 Subject: [PATCH 14/22] wip --- dogfood/Dockerfile.nix | 51 +++++++++++++++++++---------------------- flake.lock | 52 ++++++++++++++++++++++++++++-------------- flake.nix | 4 ++-- 3 files changed, 61 insertions(+), 46 deletions(-) diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix index b226a4d96eb6e..e0cf58dc30c7a 100644 --- a/dogfood/Dockerfile.nix +++ b/dogfood/Dockerfile.nix @@ -4,49 +4,46 @@ FROM nixos/nix:2.19.2 as nix # enable --experimental-features 'nix-command flakes' globally # nix does not enable these features by default these are required to run commands like # nix develop -c 'some command' or to use falke.nix -RUN mkdir -p /etc/nix && echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf - -# Copy the Nix related files into the Docker image -COPY flake.nix /app/flake.nix -COPY flake.lock /app/flake.lock - -# Install dependencies from flake and remove the flake -RUN nix profile install "/app#all" --priority 4 && rm -rf /app - -# print all users and groups -RUN cp /etc/passwd /etc/passwd.nix && \ +RUN mkdir -p /etc/nix && \ + echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf && \ + cp /etc/passwd /etc/passwd.nix && \ cp /etc/group /etc/group.nix +# Copy Nix flake and install dependencies +COPY flake.* /app/ +RUN nix profile install "/app#all" --priority 4 && \ + rm -rf /app && \ + nix-garbage-collect -d + # Final image FROM codercom/enterprise-base:latest as final +# Set the non-root user USER root # Copy the Nix related files into the Docker image COPY --from=nix /nix /nix COPY --from=nix /etc/nix /etc/nix -COPY --from=nix /root/.nix-profile /root/.nix-profile -COPY --from=nix /root/.nix-defexpr /root/.nix-defexpr -COPY --from=nix /root/.nix-channels /root/.nix-channels +COPY --from=nix /root/.nix-* /home/coder/.nix-* +COPY --from=nix /etc/passwd.nix /etc/passwd.nix +COPY --from=nix /etc/group.nix /etc/group.nix + +# Change permissions on Nix directories +RUN chown -R coder:coder /nix && \ + chown -R coder:coder /etc/nix && \ + chown -R coder:coder /home/coder # Merge the passwd and group files # We need all nix users and groups to be available in the final image -COPY --from=nix /etc/passwd.nix /etc/passwd.nix -COPY --from=nix /etc/group.nix /etc/group.nix RUN cat /etc/passwd.nix >> /etc/passwd && \ cat /etc/group.nix >> /etc/group && \ - rm /etc/passwd.nix && \ - rm /etc/group.nix + rm /etc/passwd.nix /etc/group.nix -# Update the PATH to include the Nix stuff -ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH - -# Set environment variables -ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" - -# Increase memory allocation to NodeJS -ENV NODE_OPTIONS="--max-old-space-size=8192" +# Set environment variables and PATH +ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH \ + GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" \ + NODE_OPTIONS="--max-old-space-size=8192" +# Set the user to 'coder' USER coder - WORKDIR /home/coder diff --git a/flake.lock b/flake.lock index 91839d2745781..6cd97b2792fce 100644 --- a/flake.lock +++ b/flake.lock @@ -6,27 +6,30 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1655479430, - "narHash": "sha256-ZQgJFlrddH2uQDQepDFYy3C+Ik/geMQgGWkLVhA9wss=", + "lastModified": 1682005581, + "narHash": "sha256-mPaQg6bN1I6160RG4Yi3CjKNJ0oHoGYYxOSpOWHWXK0=", "owner": "storj", "repo": "drpc", - "rev": "0a6ae7bccab6f01ca6390a7a5bf9abeee71624d2", + "rev": "9716137f6037cde2f813985fcee00409b4101ed2", "type": "github" }, "original": { "owner": "storj", - "ref": "v0.0.32", + "ref": "v0.0.33", "repo": "drpc", "type": "github" } }, "flake-utils": { + "inputs": { + "systems": "systems" + }, "locked": { - "lastModified": 1634851050, - "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", + "lastModified": 1681202837, + "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "owner": "numtide", "repo": "flake-utils", - "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935", + "rev": "cfacdce06f30d2b68473a46042957675eebb3401", "type": "github" }, "original": { @@ -37,14 +40,14 @@ }, "flake-utils_2": { "inputs": { - "systems": "systems" + "systems": "systems_2" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "type": "github" }, "original": { @@ -55,11 +58,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1635797866, - "narHash": "sha256-e3vqt720wyb1PPNcGXej8wwip2/tgO1JsSGYK1NptSw=", + "lastModified": 1681823821, + "narHash": "sha256-LGm3j7hW2C3T28q2/r49tX01zIyoaaQAJRi7rlISbr0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6751e7428f20328fed076acfcbb340d0f4aa0c07", + "rev": "9b419c67cfeb210d333fc0c34ae6e8c7a987d443", "type": "github" }, "original": { @@ -70,11 +73,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1704538339, - "narHash": "sha256-1734d3mQuux9ySvwf6axRWZRBhtcZA9Q8eftD6EZg6U=", + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46ae0210ce163b3cba6c7da08840c1d63de9c701", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", "type": "github" }, "original": { @@ -105,6 +108,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index da124ddeea904..7b6eb9bfedfbb 100644 --- a/flake.nix +++ b/flake.nix @@ -4,7 +4,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; flake-utils.url = "github:numtide/flake-utils"; - drpc.url = "github:storj/drpc/v0.0.32"; + drpc.url = "github:storj/drpc/v0.0.33"; }; outputs = { self, nixpkgs, flake-utils, drpc }: @@ -45,7 +45,7 @@ kubernetes-helm less # Needed for many LD system libs! - libuuid + util-linux mockgen nfpm nodejs From bdcbbf2831c81a94d8e26a7b578903ef3ece4c3c Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 23 Jan 2024 13:29:02 +0300 Subject: [PATCH 15/22] fixup! --- dogfood/Dockerfile.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix index e0cf58dc30c7a..f04b06d029f45 100644 --- a/dogfood/Dockerfile.nix +++ b/dogfood/Dockerfile.nix @@ -13,7 +13,7 @@ RUN mkdir -p /etc/nix && \ COPY flake.* /app/ RUN nix profile install "/app#all" --priority 4 && \ rm -rf /app && \ - nix-garbage-collect -d + nix-collect-garbage -d # Final image FROM codercom/enterprise-base:latest as final From 1bf482a3686f43f2d4185b37d33d93d6ac8aac66 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 23 Jan 2024 13:54:54 +0300 Subject: [PATCH 16/22] optimize --- dogfood/Dockerfile.nix | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix index f04b06d029f45..c87f8bd4c1fd3 100644 --- a/dogfood/Dockerfile.nix +++ b/dogfood/Dockerfile.nix @@ -5,9 +5,7 @@ FROM nixos/nix:2.19.2 as nix # nix does not enable these features by default these are required to run commands like # nix develop -c 'some command' or to use falke.nix RUN mkdir -p /etc/nix && \ - echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf && \ - cp /etc/passwd /etc/passwd.nix && \ - cp /etc/group /etc/group.nix + echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf # Copy Nix flake and install dependencies COPY flake.* /app/ @@ -22,16 +20,11 @@ FROM codercom/enterprise-base:latest as final USER root # Copy the Nix related files into the Docker image -COPY --from=nix /nix /nix +COPY --from=nix --chown=coder:coder /nix /nix COPY --from=nix /etc/nix /etc/nix -COPY --from=nix /root/.nix-* /home/coder/.nix-* -COPY --from=nix /etc/passwd.nix /etc/passwd.nix -COPY --from=nix /etc/group.nix /etc/group.nix - -# Change permissions on Nix directories -RUN chown -R coder:coder /nix && \ - chown -R coder:coder /etc/nix && \ - chown -R coder:coder /home/coder +COPY --from=nix --chown=coder:coder /root/.nix-profile /home/coder/.nix-profile +COPY --from=nix /etc/passwd /etc/passwd.nix +COPY --from=nix /etc/group /etc/group.nix # Merge the passwd and group files # We need all nix users and groups to be available in the final image From bcaea398f3ebea6e8ba054df6fc3e508a3d537fe Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Tue, 23 Jan 2024 15:36:40 +0300 Subject: [PATCH 17/22] fixup! --- dogfood/Dockerfile.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix index c87f8bd4c1fd3..3e87edfe709f3 100644 --- a/dogfood/Dockerfile.nix +++ b/dogfood/Dockerfile.nix @@ -33,7 +33,7 @@ RUN cat /etc/passwd.nix >> /etc/passwd && \ rm /etc/passwd.nix /etc/group.nix # Set environment variables and PATH -ENV PATH=/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH \ +ENV PATH=/home/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH \ GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" \ NODE_OPTIONS="--max-old-space-size=8192" From 11e000adf6f3160a61db5bf146dae2d035afa5a7 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 31 Jan 2024 16:21:48 +0300 Subject: [PATCH 18/22] fix statyp_script --- dogfood/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dogfood/main.tf b/dogfood/main.tf index 14d67c5bc6bcf..c28195d1516c7 100644 --- a/dogfood/main.tf +++ b/dogfood/main.tf @@ -266,7 +266,7 @@ resource "coder_agent" "dev" { sudo service docker start # Install playwright dependencies # We want to use the playwright version from site/package.json - cd ${local.repo_dir} && pnpm install && pnpm playwright:install + cd "${local.repo_dir}/site" && pnpm install && pnpm playwright:install EOT } From bd270068b9385c971844759ec44910d007bed5de Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 31 Jan 2024 16:28:12 +0300 Subject: [PATCH 19/22] fixup! --- dogfood/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dogfood/main.tf b/dogfood/main.tf index c28195d1516c7..8a638d314c7da 100644 --- a/dogfood/main.tf +++ b/dogfood/main.tf @@ -302,7 +302,7 @@ data "docker_registry_image" "dogfood" { } resource "docker_image" "dogfood" { - name = "${local.registry_name}@${data.docker_registry_image.dogfood.sha256_digest}" + name = "${data.coder_parameter.image_type.value}@${data.docker_registry_image.dogfood.sha256_digest}" pull_triggers = [ data.docker_registry_image.dogfood.sha256_digest, sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])), From ae9b07cca5970a453a4e1e8b10d2b4bc971777b9 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 31 Jan 2024 16:50:34 +0300 Subject: [PATCH 20/22] Update Dockerfile.nix --- dogfood/Dockerfile.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dogfood/Dockerfile.nix b/dogfood/Dockerfile.nix index 3e87edfe709f3..40729eb9c5005 100644 --- a/dogfood/Dockerfile.nix +++ b/dogfood/Dockerfile.nix @@ -33,7 +33,7 @@ RUN cat /etc/passwd.nix >> /etc/passwd && \ rm /etc/passwd.nix /etc/group.nix # Set environment variables and PATH -ENV PATH=/home/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH \ +ENV PATH=/home/coder/.nix-profile/bin:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:$PATH \ GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" \ NODE_OPTIONS="--max-old-space-size=8192" From 216460e134e0562afbdde5ff867ac5a4a5911eb4 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 31 Jan 2024 17:11:53 +0300 Subject: [PATCH 21/22] remove prettier and typescript --- flake.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/flake.nix b/flake.nix index 7b6eb9bfedfbb..08f9e5d7eccdb 100644 --- a/flake.nix +++ b/flake.nix @@ -50,9 +50,6 @@ nfpm nodejs nodejs.pkgs.pnpm - nodejs.pkgs.prettier - nodejs.pkgs.typescript - nodejs.pkgs.typescript-language-server openssh openssl pango From 413d23cc91ba07bc75d85a7adfd91b54b84870c5 Mon Sep 17 00:00:00 2001 From: Muhammad Atif Ali Date: Wed, 31 Jan 2024 17:21:06 +0300 Subject: [PATCH 22/22] `update flake` --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 6cd97b2792fce..fe4bb7c34f7b6 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1705856552, - "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "lastModified": 1706550542, + "narHash": "sha256-UcsnCG6wx++23yeER4Hg18CXWbgNpqNXcHIo5/1Y+hc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "rev": "97b17f32362e475016f942bbdfda4a4a72a8a652", "type": "github" }, "original": {