docker/babashka-pod-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Slim/flake (#16)

Browse Source 
* flake plus docker cli metadata
This commit is contained in:
Jim Clark
2023-08-09 23:10:57 -07:00
committed by GitHub
parent dd29e41dd1
commit d8c86b4c99
8 changed files with 310 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
.dockerignore
View File

@@ -1 +1,32 @@
pod-atomisthq-tools.docker
# Include any files or directories that you don't want to be copied to your
# container here (e.g., local build artifacts, temporary files, etc.).
#
# For more help, visit the .dockerignore file reference guide at
# https://docs.docker.com/engine/reference/builder/#dockerignore-file
**/.DS_Store
**/.classpath
**/.dockerignore
**/.env
**/.git
**/.gitignore
**/.project
**/.settings
**/.toolstarget
**/.vs
**/.vscode
**/*.*proj.user
**/*.dbmdl
**/*.jfm
**/bin
**/charts
**/docker-compose*
**/compose*
**/Dockerfile*
**/node_modules
**/npm-debug.log
**/obj
**/secrets.dev.yaml
**/values.dev.yaml
LICENSE
README.md

72
Dockerfile.init Normal file
View File

@@ -0,0 +1,72 @@
# syntax=docker/dockerfile:1
# Comments are provided throughout this file to help you get started.
# If you need more help, visit the Dockerfile reference guide at
# https://docs.docker.com/engine/reference/builder/
################################################################################
# Create a stage for building the application.
ARG GO_VERSION=1.19
FROM golang:${GO_VERSION} AS build
WORKDIR /src
# Download dependencies as a separate step to take advantage of Docker's caching.
# Leverage a cache mount to /go/pkg/mod/ to speed up subsequent builds.
# Leverage bind mounts to go.sum and go.mod to avoid having to copy them into
# the container.
RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=bind,source=go.sum,target=go.sum \
--mount=type=bind,source=go.mod,target=go.mod \
go mod download -x
# Build the application.
# Leverage a cache mount to /go/pkg/mod/ to speed up subsequent builds.
# Leverage a bind mount to the current directory to avoid having to copy the
# source code into the container.
RUN --mount=type=cache,target=/go/pkg/mod/ \
--mount=type=bind,target=. \
CGO_ENABLED=0 go build -o /bin/server .
################################################################################
# Create a new stage for running the application that contains the minimal
# runtime dependencies for the application. This often uses a different base
# image from the build stage where the necessary files are copied from the build
# stage.
#
# The example below uses the alpine image as the foundation for running the app.
# By specifying the "latest" tag, it will also use whatever happens to be the
# most recent version of that image when you build your Dockerfile. If
# reproducability is important, consider using a versioned tag
# (e.g., alpine:3.17.2) or SHA (e.g., alpine:sha256:c41ab5c992deb4fe7e5da09f67a8804a46bd0592bfdf0b1847dde0e0889d2bff).
FROM alpine:latest AS final
# Install any runtime dependencies that are needed to run your application.
# Leverage a cache mount to /var/cache/apk/ to speed up subsequent builds.
RUN --mount=type=cache,target=/var/cache/apk \
apk --update add \
ca-certificates \
tzdata \
&& \
update-ca-certificates
# Create a non-privileged user that the app will run under.
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser
USER appuser
# Copy the executable from the "build" stage.
COPY --from=build /bin/server /bin/
# Expose the port that the application listens on.
EXPOSE 3000
# What the container should run when it is started.
ENTRYPOINT [ "/bin/server" ]

28
Dockerfile.nix Normal file
View File

@@ -0,0 +1,28 @@
# syntax = docker/dockerfile:1.4
FROM nixos/nix:latest AS builder
WORKDIR /tmp/build
RUN mkdir /tmp/nix-store-closure
RUN \
--mount=type=cache,target=/nix,from=nixos/nix:latest,source=/nix \
--mount=type=cache,target=/root/.cache \
--mount=type=bind,target=/tmp/build \
<<EOF
nix \
--extra-experimental-features "nix-command flakes" \
--extra-substituters "http://host.docker.internal?priority=10" \
--option filter-syscalls false \
--show-trace \
--log-format raw \
build . --out-link /tmp/output/result
cp -R $(nix-store -qR /tmp/output/result) /tmp/nix-store-closure
EOF
FROM scratch
WORKDIR /app
COPY --from=builder /tmp/nix-store-closure /nix/store
COPY --from=builder /tmp/output/ /app/
ENTRYPOINT ["/app/result/bin/entrypoint"]

16
dev/user.clj
View File

@@ -24,9 +24,11 @@
(comment
(pods/load-pod 'docker.tools "0.1.0")
(pods/load-pod "result/bin/babashka-pod-docker")
(require '[docker.tools :as docker])
(pods/unload-pod {:pod/id "docker.tools"})
;; parse image names using github.com/docker/distribution
;; turns golang structs into clojure maps
@@ -39,18 +41,17 @@
;; invalid reference format
(println (.getMessage e))))
;; parse dockerfiles using github.com/moby/buildkit
;; returns the Result struct transformed to a clojure map
(docker/parse-dockerfile "FROM \\\n gcr.io/whatever:tag\nCMD [\"run\"]")
;; run sbom generation on local image
(docker/sbom "vonwig/clojure-base:jdk17" (fn [event] (println event)))
(docker/sbom "mongo@sha256:9c8a0a019671ed7d402768d4df6dddcc898828e21e9f7b90a34b55fe8ca676ac"
(fn [event]
(println "event " event)))
(docker/hashes "vonwig/malware1:latest" (fn [event] (println event)))
)
(docker/hashes "vonwig/malware1:latest"
(fn [event] (println event))))
(defn generate-sbom
[image]
@@ -69,5 +70,4 @@
"docker.tools/generate-sbom"
["ubuntu:latest" "" ""]
{})
(generate-sbom "alpine")
)
(generate-sbom "alpine"))

11
docker/ops.go
View File

@@ -4,6 +4,7 @@ import (
"github.com/docker/distribution/reference"
"github.com/docker/index-cli-plugin/lsp"
"github.com/moby/buildkit/frontend/dockerfile/parser"
"github.com/kballard/go-shellquote"
//"reflect"
"crypto/sha256"
@@ -120,6 +121,9 @@ func ProcessMessage(message *babashka.Message) (any, error) {
{
Name: "parse-dockerfile",
},
{
Name: "parse-shellwords",
},
{
Name: "sbom",
Code: `
@@ -176,6 +180,12 @@ func ProcessMessage(message *babashka.Message) (any, error) {
}
reader := strings.NewReader(args[0])
return parser.Parse(reader)
case "docker.tools/parse-shellwords":
args := []string{}
if err := json.Unmarshal([]byte(message.Args), &args); err != nil {
return nil, err
}
return shellquote.Split(args[0])
case "docker.tools/generate-sbom":
args := []string{}
@@ -208,6 +218,7 @@ func ProcessMessage(message *babashka.Message) (any, error) {
return "done", nil
default:
return nil, fmt.Errorf("Unknown var %s", message.Var)
}

133
flake.lock generated
View File

@@ -2,19 +2,18 @@
"nodes": {
"devshell": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"platform-engineering",
"nixpkgs"
]
],
"systems": "systems"
},
"locked": {
"lastModified": 1678957337,
"narHash": "sha256-Gw4nVbuKRdTwPngeOZQOzH/IFowmz4LryMPDiJN/ah4=",
"lastModified": 1687173957,
"narHash": "sha256-GOds2bAQcZ94fb9/Nl/aM+r+0wGSi4EKYuZYR8Dw4R8=",
"owner": "numtide",
"repo": "devshell",
"rev": "3e0e60ab37cd0bf7ab59888f5c32499d851edb47",
"rev": "2cf83bb31720fcc29a999aee28d6da101173e66a",
"type": "github"
},
"original": {
@@ -25,14 +24,14 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"lastModified": 1687171271,
"narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c",
"type": "github"
},
"original": {
@@ -41,9 +40,30 @@
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"platform-engineering",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gomod2nix": {
"inputs": {
"nixpkgs": "nixpkgs",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
@@ -60,7 +80,38 @@
"type": "github"
}
},
"nix-filter": {
"locked": {
"lastModified": 1687178632,
"narHash": "sha256-HS7YR5erss0JCaUijPeyg2XrisEb959FIct3n2TMGbE=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "d90c75e8319d0dd9be67d933d8eb9d0894ec9174",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nix-filter",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1658285632,
"narHash": "sha256-zRS5S/hoeDGUbO+L95wXG9vJNwsSYcl93XiD0HQBXLk=",
@@ -76,28 +127,49 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs_3": {
"locked": {
"lastModified": 1681762469,
"narHash": "sha256-RYdEbufT7G+NKu/Gdz/XVCXprtzQid9eBKTQqBG1aM4=",
"owner": "NixOS",
"lastModified": 1686960236,
"narHash": "sha256-AYCC9rXNLpUWzD9hm+askOfpliLEC9kwAo7ITJc4HIw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f25d4846d7a12a4d9d008aec86742d238b3b13c8",
"rev": "04af42f3b31dba0ef742d254456dc4c14eedac86",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-22.11",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"platform-engineering": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"gitignore": "gitignore",
"gomod2nix": "gomod2nix",
"nix-filter": "nix-filter",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1691541352,
"narHash": "sha256-huAnvD9/udU6uZh3iEDLENA8duB0qaF1GQhPUcHHssA=",
"owner": "slimslenderslacks",
"repo": "nix-modules",
"rev": "e7964c84c7e07c0c93143d70a9fca1de1d132992",
"type": "github"
},
"original": {
"owner": "slimslenderslacks",
"repo": "nix-modules",
"type": "github"
}
},
"root": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"gomod2nix": "gomod2nix",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs",
"platform-engineering": "platform-engineering"
}
},
"systems": {
@@ -115,6 +187,21 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1653893745,

67
flake.nix
View File

@@ -1,64 +1,23 @@
{
description = "Docker Pod";
description = "Docker Pod v0.2.0-1";
inputs = {
platform-engineering.url = "github:slimslenderslacks/nix-modules";
nixpkgs.url = "github:NixOS/nixpkgs/release-22.11";
flake-utils.url = "github:numtide/flake-utils";
gomod2nix.url = "github:nix-community/gomod2nix";
devshell = {
url = "github:numtide/devshell";
inputs.flake-utils.follows = "flake-utils";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, flake-utils, gomod2nix, devshell }:
flake-utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs
outputs = { nixpkgs, ... }@inputs:
inputs.platform-engineering.golang-project
{
inherit system;
overlays = [ gomod2nix.overlays.default devshell.overlays.default ];
};
in
{
devShells.default = pkgs.devshell.mkShell {
packages = with pkgs; [ go gotools golangci-lint gopls gopkgs go-outline gomod2nix.packages.${system}.default clojure clojure-lsp temurin-bin neovim];
commands = [
{
name = "update-gomod2nix";
help = "update gomod2nix.toml";
command = "gomod2nix";
}
];
};
packages = rec {
default = pkgs.buildGoApplication {
pname = "babashka-pod-docker";
version = "0.0.1";
src = ./.;
pwd = ./.;
CGO_ENABLED = 0;
modules = ./gomod2nix.toml;
};
docker = pkgs.dockerTools.buildImage {
name = "docker-pod";
tag = "latest";
config = {
Cmd = [ "${default}/bin/babashka-pod-docker" ];
inherit nixpkgs;
dir = ./.;
name = "babashka-pod-docker";
version = "0.2.0";
package-overlay = pkgs: packages:
packages // {
default = pkgs.writeShellScriptBin "entrypoint" ''
${packages.app}/bin/babashka-pod-docker
'';
};
};
default-linux = default.overrideAttrs (old: old // { GOOS = "linux"; GOARCH = "arm64"; });
docker-arm64 = pkgs.dockerTools.buildImage {
name = "docker-pod";
tag = "latest";
config = {
Cmd = [ "${default-linux}/bin/linux_arm64/babashka-pod-docker" ];
};
};
};
});
}

17
main.go
View File

@@ -3,6 +3,8 @@ package main
import (
"babashka-pod-docker/babashka"
"babashka-pod-docker/docker"
"fmt"
"os"
"github.com/atomist-skills/go-skill"
"github.com/sirupsen/logrus"
@@ -10,6 +12,20 @@ import (
func main() {
skill.Log.SetLevel(logrus.ErrorLevel)
args := os.Args
if len(args) < 2 {
args = append(os.Args, "pod")
}
switch args[1] {
case "docker-cli-plugin-metadata":
metadata := `{"SchemaVersion": "0.1.0", "Vendor": "Docker Inc.", "Version": "v0.0.1", "ShortDescription": "Docker Pod"}`
fmt.Println(metadata)
case "pod":
for {
message, err := babashka.ReadMessage()
if err != nil {
@@ -33,4 +49,5 @@ func main() {
babashka.WriteInvokeResponse(message, res)
}
}
}
}