artin/sourcegraph
1
0
Fork 0
mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 14:51:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

dev: drop outdated build scripts + minor updates (#53841)

Browse Source 
This PR drops all now outdated `build.sh`, `Dockerfile*` from artifacts
entirely built from Bazel. It also updates `sg.config.yaml` to replace
`install` steps that were using them.

## Test plan

<!-- All pull requests REQUIRE a test plan:
https://docs.sourcegraph.com/dev/background-information/testing_principles
-->

- Ran locally all new sg targets
- CI 
- 🟢 Main-dry-run
https://buildkite.com/sourcegraph/sourcegraph/builds/229439
This commit is contained in:
Jean-Hadrien Chabran 2023-06-21 18:58:39 +02:00 committed by GitHub
parent fa3fce787f
commit e0746e18e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
186 changed files with 54 additions and 6315 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
cmd/blobstore/BUILD.bazel generated
View File

@ -2,7 +2,6 @@ load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
load("@container_structure_test//:defs.bzl", "container_structure_test")
load("@rules_oci//oci:defs.bzl", "oci_image", "oci_push", "oci_tarball")
load("@rules_pkg//:pkg.bzl", "pkg_tar")
load("//dev:oci_defs.bzl", "image_repository")
go_library(
name = "blobstore_lib",
@ -59,66 +58,3 @@ container_structure_test(
"requires-network",
],
)
# The rules below covers the old blobstore, which is based on s3 proxy. We don't push the newer one, as it's still considered experimental.
oci_image(
name = "s3_proxy_image",
base = "@wolfi_s3proxy_base",
entrypoint = [
"/sbin/tini",
"--",
"/opt/s3proxy/run-docker-container.sh",
],
env = {
"LOG_LEVEL": "info",
"S3PROXY_AUTHORIZATION": "none",
"S3PROXY_ENDPOINT": "http://0.0.0.0:9000",
"S3PROXY_IDENTITY": "local-identity",
"S3PROXY_CREDENTIAL": "local-credential",
"S3PROXY_VIRTUALHOST": "",
"S3PROXY_CORS_ALLOW_ALL": "false",
"S3PROXY_CORS_ALLOW_ORIGINS": "",
"S3PROXY_CORS_ALLOW_METHODS": "",
"S3PROXY_CORS_ALLOW_HEADERS": "",
"S3PROXY_IGNORE_UNKNOWN_HEADERS": "false",
"S3PROXY_ENCRYPTED_BLOBSTORE": "",
"S3PROXY_ENCRYPTED_BLOBSTORE_PASSWORD": "",
"S3PROXY_ENCRYPTED_BLOBSTORE_SALT": "",
"S3PROXY_V4_MAX_NON_CHUNKED_REQ_SIZE": "33554432",
"JCLOUDS_PROVIDER": "filesystem",
"JCLOUDS_ENDPOINT": "",
"JCLOUDS_REGION": "",
"JCLOUDS_REGIONS": "us-east-1",
"JCLOUDS_IDENTITY": "remote-identity",
"JCLOUDS_CREDENTIAL": "remote-credential",
"JCLOUDS_KEYSTONE_VERSION": "",
"JCLOUDS_KEYSTONE_SCOPE": "",
"JCLOUDS_KEYSTONE_PROJECT_DOMAIN_NAME": "",
"JCLOUDS_FILESYSTEM_BASEDIR": "/data",
},
user = "sourcegraph",
)
container_structure_test(
name = "s3_proxy_image_test",
timeout = "short",
configs = ["s3_proxy_image_test.yaml"],
driver = "docker",
image = ":s3_proxy_image",
tags = [
"exclusive",
"requires-network",
],
)
oci_tarball(
name = "s3_proxy_image_tarball",
image = ":s3_proxy_image",
repo_tags = ["blobstore:candidate"],
)
oci_push(
name = "s3_proxy_candidate_push",
image = ":s3_proxy_image",
repository = image_repository("blobstore"),
)

21
cmd/blobstore/Dockerfile
View File

@ -1,21 +0,0 @@
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
RUN apk add --no-cache \
bash
RUN mkdir -p /data && chown -R sourcegraph:sourcegraph /data
USER sourcegraph
EXPOSE 9000
WORKDIR /
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/blobstore"]
COPY blobstore /usr/local/bin/

43
cmd/blobstore/build.sh
View File

@ -1,43 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/blobstore \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh \
--platforms=@io_bazel_rules_go//go/toolchain:linux_amd64
out=$(./dev/ci/bazel.sh cquery //cmd/blobstore --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/blobstore/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/cmd/blobstore"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f cmd/blobstore/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

21
cmd/frontend/Dockerfile
View File

@ -1,21 +0,0 @@
# This Dockerfile was generated from github.com/sourcegraph/godockerize. It
# was not written by a human, and as such looks janky. As you change this
# file, please don't be scared to make it more pleasant / remove hadolint
# ignores.
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
ENV CONFIGURATION_MODE=server PGDATABASE=sg PGHOST=pgsql PGPORT=5432 PGSSLMODE=disable PGUSER=sg CODEINTEL_PGDATABASE=sg CODEINTEL_PGHOST=codeintel-db CODEINTEL_PGPORT=5432 CODEINTEL_PGSSLMODE=disable CODEINTEL_PGUSER=sg PUBLIC_REPO_REDIRECTS=true
USER sourcegraph
CMD ["serve"]
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/frontend"]
COPY frontend /usr/local/bin/

22
cmd/frontend/Dockerfile.wolfi
View File

@ -1,22 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-sourcegraph-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
ENV CONFIGURATION_MODE=server PGDATABASE=sg PGHOST=pgsql PGPORT=5432 PGSSLMODE=disable PGUSER=sg CODEINTEL_PGDATABASE=sg CODEINTEL_PGHOST=codeintel-db CODEINTEL_PGPORT=5432 CODEINTEL_PGSSLMODE=disable CODEINTEL_PGUSER=sg PUBLIC_REPO_REDIRECTS=true
USER sourcegraph
CMD ["serve"]
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/frontend"]
COPY frontend /usr/local/bin/

40
cmd/frontend/build-wolfi.sh
View File

@ -1,40 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/frontend
out=$(./dev/ci/bazel.sh cquery //cmd/frontend --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/frontend/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
echo "--- go build"
pkg="github.com/sourcegraph/sourcegraph/cmd/frontend"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
echo "--- docker build $IMAGE"
docker build -f cmd/frontend/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

40
cmd/frontend/build.sh
View File

@ -1,40 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/frontend
out=$(./dev/ci/bazel.sh cquery //cmd/frontend --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/frontend/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
echo "--- go build"
pkg="github.com/sourcegraph/sourcegraph/cmd/frontend"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
echo "--- docker build $IMAGE"
docker build -f cmd/frontend/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

19
cmd/frontend/pre-build.sh
View File

@ -1,19 +0,0 @@
#!/usr/bin/env bash
set -ex
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
exit 0
fi
# Build the webapp typescript code.
echo "--- pnpm install"
# mutex is necessary since CI runs various pnpm installs in parallel
if [[ -z "${CI}" ]]; then
pnpm install
else
./dev/ci/pnpm-install-with-retry.sh
fi
echo "--- pnpm build-web"
NODE_ENV=production DISABLE_TYPECHECKING=true pnpm build-web

20
cmd/github-proxy/Dockerfile
View File

@ -1,20 +0,0 @@
# This Dockerfile was generated from github.com/sourcegraph/godockerize. It
# was not written by a human, and as such looks janky. As you change this
# file, please don't be scared to make it more pleasant / remove hadolint
# ignores.
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
ENV LOG_REQUEST=true
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/github-proxy"]
COPY github-proxy /usr/local/bin/

21
cmd/github-proxy/Dockerfile.wolfi
View File

@ -1,21 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-sourcegraph-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
ENV LOG_REQUEST=true
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/github-proxy"]
COPY github-proxy /usr/local/bin/

43
cmd/github-proxy/build-wolfi.sh
View File

@ -1,43 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/github-proxy \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh \
--platforms=@io_bazel_rules_go//go/toolchain:linux_amd64
out=$(./dev/ci/bazel.sh cquery //cmd/github-proxy --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/github-proxy/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/cmd/github-proxy"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f cmd/github-proxy/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

43
cmd/github-proxy/build.sh
View File

@ -1,43 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/github-proxy \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh \
--platforms=@io_bazel_rules_go//go/toolchain:linux_amd64
out=$(./dev/ci/bazel.sh cquery //cmd/github-proxy --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/github-proxy/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/cmd/github-proxy"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f cmd/github-proxy/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

70
cmd/gitserver/Dockerfile
View File

@ -1,70 +0,0 @@
# This Dockerfile was generated from github.com/sourcegraph/godockerize. It
# was not written by a human, and as such looks janky. As you change this
# file, please don't be scared to make it more pleasant / remove hadolint
# ignores.
# Install p4 CLI (keep this up to date with cmd/server/Dockerfile)
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS build
# hash provided in http://filehost.perforce.com/perforce/r22.2/bin.linux26x86_64/SHA256SUMS
# if the hash is not provided, calculate it by downloading the file and running `sha256sum` on it in Terminal
RUN echo "8bc10fca1c5a26262b4072deec76150a668581a9749d0504cd443084773d4fd0 /usr/local/bin/p4" >expected_hash && \
wget http://cdist2.perforce.com/perforce/r22.2/bin.linux26x86_64/p4 -O /usr/local/bin/p4 && \
chmod +x /usr/local/bin/p4 && \
sha256sum -c expected_hash
COPY p4-fusion-install-alpine.sh /p4-fusion-install-alpine.sh
RUN /p4-fusion-install-alpine.sh
RUN wget -O coursier.gz https://github.com/coursier/coursier/releases/download/v2.1.0-RC4/cs-x86_64-pc-linux-static.gz && \
gzip -d coursier.gz && \
mv coursier /usr/local/bin/coursier && \
chmod +x /usr/local/bin/coursier
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
RUN apk add --no-cache \
# Minimal version requirement to address vulnerabilities
# https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/
# Don't use alpine/edge, the git release on this segfaults
'git>=2.38.0' --repository=http://dl-cdn.alpinelinux.org/alpine/v3.17/main \
git-lfs \
git-p4 \
openssh-client \
# We require libstdc++ for p4-fusion
libstdc++ \
python2 \
python3 \
bash
COPY --from=build /usr/local/bin/p4 /usr/local/bin/p4
COPY --from=build /usr/local/bin/coursier /usr/local/bin/coursier
# copy into place the p4-fusion binary and the wrapper shell script
# that facilitates better handling of killing of the p4-fusion
# (for example, if the Docker host's OOM Reaper killed it)
COPY --from=build /usr/local/bin/p4-fusion /usr/local/bin/p4-fusion-binary
COPY p4-fusion-wrapper-detect-kill.sh /usr/local/bin/p4-fusion
COPY process-stats-watcher.sh /usr/local/bin/process-stats-watcher.sh
# This is a trick to include libraries required by p4,
# please refer to https://blog.tilander.org/docker-perforce/
# hadolint ignore=DL4006
RUN wget -O - https://github.com/jtilander/p4d/raw/4600d741720f85d77852dcca7c182e96ad613358/lib/lib-x64.tgz | tar zx --directory /
RUN mkdir -p /data/repos && chown -R sourcegraph:sourcegraph /data/repos
USER sourcegraph
WORKDIR /
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/gitserver"]
COPY gitserver /usr/local/bin/

20
cmd/gitserver/Dockerfile.wolfi
View File

@ -1,20 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-gitserver-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/gitserver"]
COPY gitserver /usr/local/bin/

41
cmd/gitserver/build-wolfi.sh
View File

@ -1,41 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/gitserver
out=$(./dev/ci/bazel.sh cquery //cmd/gitserver --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/gitserver/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/cmd/gitserver"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f cmd/gitserver/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

59
cmd/gitserver/build.sh
View File

@ -1,59 +0,0 @@
#!/usr/bin/env bash
# the build process for the OSS gitserver is identical to the build process for the Enterprise gitserver
# pull some shenanigans up front so that we don't have to sprinkle "enterprise" all throughout the enterprise version
exedir=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
path="cmd/gitserver"
if [[ ${exedir} = */enterprise/cmd/gitserver ]]; then
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "${exedir}"/../../.. || exit 1
path="enterprise/${path}"
else
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "${exedir}"/../.. || exit 1
fi
### OSS and Enterprise builds should be identical after this point
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
for f in p4-fusion-install-alpine.sh p4-fusion-wrapper-detect-kill.sh process-stats-watcher.sh; do
cp -a "./${path}/${f}" "${OUTPUT}"
done
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //${path}
out=$(./dev/ci/bazel.sh cquery //${path} --output=files)
cp "$out" "$OUTPUT"
docker build -f ${path}/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/${path}"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f ${path}/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

116
cmd/gitserver/p4-fusion-install-alpine.sh
View File

@ -1,116 +0,0 @@
#!/bin/sh
# This script installs p4-fusion within an alpine container.
set -eu
tmpdir=$(mktemp -d)
cd "$tmpdir"
cleanup() {
echo "--- cleanup"
apk --no-cache --purge del p4-build-deps 2>/dev/null || true
cd /
rm -rf "$tmpdir" || true
}
trap cleanup EXIT
test_p4_fusion() {
# Test that p4-fusion runs and is on the path
echo "--- p4-fusion test"
ldd "$(which p4-fusion)"
p4-fusion >/dev/null
}
set -x
# Hello future traveler. Building p4-fusion is one of our slowest steps in CI.
# Luckily the versions very rarely change and nearly everything is statically
# linked. This means we can manually upload the output of this build script to
# a bucket and save lots of time.
#
# If the version has changed please add it to the sha256sum in the prebuilt
# binary check. You can run
#
# docker build -t p4-fusion --target=p4-fusion .
#
# Then extract the binary from /usr/local/bin/p4-fusion. Please rename it
# follow the format and upload to the bucket here
# https://console.cloud.google.com/storage/browser/sourcegraph-artifacts/p4-fusion
export P4_FUSION_VERSION=v1.12
# Runtime dependencies
echo "--- p4-fusion apk runtime-deps"
apk add --no-cache libstdc++
# Check if we have a prebuilt binary
echo "--- p4-fusion prebuilt binary check"
if wget https://storage.googleapis.com/sourcegraph-artifacts/p4-fusion/p4-fusion-"$P4_FUSION_VERSION"-musl-x86_64; then
src=p4-fusion-"$P4_FUSION_VERSION"-musl-x86_64
cat <<EOF | grep "$src" | sha256sum -c
1b29ef8ba40f88219aece4339bfaf1b2c1722dd4875ba29d19a6fb0c86e12145 p4-fusion-v1.12-musl-x86_64
EOF
chmod +x "$src"
mv "$src" /usr/local/bin/p4-fusion
test_p4_fusion
exit 0
fi
# Build dependencies
echo "--- p4-fusion apk build-deps"
apk add --no-cache \
--virtual p4-build-deps \
wget \
g++ \
gcc \
perl \
bash \
cmake \
make
# Fetching p4 sources archive
echo "--- p4-fusion fetch"
mkdir p4-fusion-src
wget https://github.com/salesforce/p4-fusion/archive/refs/tags/"$P4_FUSION_VERSION".tar.gz
tar -C p4-fusion-src -xzf "$P4_FUSION_VERSION".tar.gz --strip 1
# It should be possible to build against the latest 1.x version of OpenSSL.
# However, Perforce recommends linking against the same minor version of
# OpenSSL that is referenced in the Helix Core C++ API for best compatibility.
# https://www.perforce.com/manuals/p4api/Content/P4API/client.programming.compiling.html#SSL_support
echo "--- p4-fusion openssl fetch"
mkdir openssl-src
wget https://www.openssl.org/source/openssl-1.0.2t.tar.gz
tar -C openssl-src -xzf openssl-1.0.2t.tar.gz --strip 1
echo "--- p4-fusion openssl build"
cd openssl-src
./config
# We only need libcrypto and libssl, which "build_libs" covers. Note: using
# unbounded concurrency caused flakes on CI.
make build_libs
echo "--- p4-fusion openssl install"
# TODO "install" includes "all". Can we avoid extra work?
make install
cd ..
# We also need Helix Core C++ API to build p4-fusion
echo "--- p4-fusion helix-core fetch"
mkdir -p p4-fusion-src/vendor/helix-core-api/linux
wget https://www.perforce.com/downloads/perforce/r22.1/bin.linux26x86_64/p4api.tgz
tar -C p4-fusion-src/vendor/helix-core-api/linux -xzf p4api.tgz --strip 1
# Build p4-fusion
echo "--- p4-fusion build"
cd p4-fusion-src
./generate_cache.sh RelWithDebInfo
./build.sh
cd ..
# Move exe file to /usr/local/bin where other executables are located
echo "--- p4-fusion install"
mv p4-fusion-src/build/p4-fusion/p4-fusion /usr/local/bin
test_p4_fusion

18
cmd/loadtest/Dockerfile
View File

@ -1,18 +0,0 @@
# This Dockerfile was generated from github.com/sourcegraph/godockerize. It
# was not written by a human, and as such looks janky. As you change this
# file, please don't be scared to make it more pleasant / remove hadolint
# ignores.
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/loadtest"]
COPY loadtest /usr/local/bin/

18
cmd/loadtest/Dockerfile.wolfi
View File

@ -1,18 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-sourcegraph-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/loadtest"]
COPY loadtest /usr/local/bin/

39
cmd/loadtest/build-wolfi.sh
View File

@ -1,39 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/loadtest
out=$(./dev/ci/bazel.sh cquery //cmd/loadtest --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/loadtest/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/cmd/loadtest"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f cmd/loadtest/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

39
cmd/loadtest/build.sh
View File

@ -1,39 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/loadtest
out=$(./dev/ci/bazel.sh cquery //cmd/loadtest --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/loadtest/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/cmd/loadtest"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f cmd/loadtest/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

18
cmd/migrator/Dockerfile
View File

@ -1,18 +0,0 @@
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
RUN apk update && apk add --no-cache \
tini
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/migrator"]
COPY migrator /usr/local/bin/
COPY schema-descriptions /schema-descriptions

21
cmd/migrator/Dockerfile.wolfi
View File

@ -1,21 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-sourcegraph-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/migrator"]
COPY migrator /usr/local/bin/
COPY schema-descriptions /schema-descriptions

110
cmd/migrator/build-wolfi.sh
View File

@ -1,110 +0,0 @@
#!/usr/bin/env bash
# This script builds the migrator docker image.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
echo "--- compile schema descriptions"
mkdir -p "${OUTPUT}/schema-descriptions"
# See internal/database/migration/cliutil/drift-schemas/generate-all.sh
gcs_versions=(
v3.20.0 v3.20.1
v3.21.0 v3.21.1 v3.21.2
v3.22.0 v3.22.1
v3.23.0
v3.24.0 v3.24.1
v3.25.0 v3.25.1 v3.25.2
v3.26.0 v3.26.1 v3.26.2 v3.26.3
v3.27.0 v3.27.1 v3.27.2 v3.27.3 v3.27.4 v3.27.5
v3.28.0
v3.29.0 v3.29.1
v3.30.0 v3.30.1 v3.30.2 v3.30.3 v3.30.4
v3.31.0 v3.31.1 v3.31.2
v3.32.0 v3.32.1
v3.33.0 v3.33.1 v3.33.2
v3.34.0 v3.34.1 v3.34.2
v3.35.0 v3.35.1 v3.35.2
v3.36.0 v3.36.1 v3.36.2 v3.36.3
v3.37.0
v3.38.0 v3.38.1
v3.39.0 v3.39.1
v3.40.0 v3.40.1 v3.40.2
v3.41.0 v3.41.1
)
gcs_filenames=(
internal_database_schema.json
internal_database_schema.codeintel.json
internal_database_schema.codeinsights.json
)
function download_gcs() {
outfile="${OUTPUT}/schema-descriptions/${1}-${2}"
if ! curl -fsSL "https://storage.googleapis.com/sourcegraph-assets/migrations/drift/${1}-${2}" 2>/dev/null >"${outfile}"; then
rm "${outfile}"
fi
}
for version in "${gcs_versions[@]}"; do
echo "Persisting schemas for ${version} from GCS..."
for filename in "${gcs_filenames[@]}"; do
download_gcs "${version}" "${filename}"
done
done
git_versions=(
v3.42.0 v3.42.1 v3.42.2
v3.43.0 v3.43.1 v3.43.2
v4.0.0 v4.0.1
v4.1.0 v4.1.1 v4.1.2 v4.1.3
v4.2.0 v4.2.1
v4.3.0 v4.3.1
v4.4.0 v4.4.1 v4.4.2
v4.5.0 v4.5.1
v5.0.0 v5.0.1 v5.0.2 v5.0.3)
for version in "${git_versions[@]}"; do
echo "Persisting schemas for ${version} from Git..."
git show "${version}:internal/database/schema.json" >"${OUTPUT}/schema-descriptions/${version}-internal_database_schema.json"
git show "${version}:internal/database/schema.codeintel.json" >"${OUTPUT}/schema-descriptions/${version}-internal_database_schema.codeintel.json"
git show "${version}:internal/database/schema.codeinsights.json" >"${OUTPUT}/schema-descriptions/${version}-internal_database_schema.codeinsights.json"
done
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/migrator
out=$(./dev/ci/bazel.sh cquery //cmd/migrator --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/migrator/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
echo "--- go build"
pkg=${1:-"github.com/sourcegraph/sourcegraph/cmd/migrator"}
output="$OUTPUT/$(basename "$pkg")"
# shellcheck disable=SC2153
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$output" "$pkg"
echo "--- docker build"
docker build -f cmd/migrator/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

111
cmd/migrator/build.sh
View File

@ -1,111 +0,0 @@
#!/usr/bin/env bash
# This script builds the migrator docker image.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
echo "--- compile schema descriptions"
mkdir -p "${OUTPUT}/schema-descriptions"
# See internal/database/migration/cliutil/drift-schemas/generate-all.sh
gcs_versions=(
v3.20.0 v3.20.1
v3.21.0 v3.21.1 v3.21.2
v3.22.0 v3.22.1
v3.23.0
v3.24.0 v3.24.1
v3.25.0 v3.25.1 v3.25.2
v3.26.0 v3.26.1 v3.26.2 v3.26.3
v3.27.0 v3.27.1 v3.27.2 v3.27.3 v3.27.4 v3.27.5
v3.28.0
v3.29.0 v3.29.1
v3.30.0 v3.30.1 v3.30.2 v3.30.3 v3.30.4
v3.31.0 v3.31.1 v3.31.2
v3.32.0 v3.32.1
v3.33.0 v3.33.1 v3.33.2
v3.34.0 v3.34.1 v3.34.2
v3.35.0 v3.35.1 v3.35.2
v3.36.0 v3.36.1 v3.36.2 v3.36.3
v3.37.0
v3.38.0 v3.38.1
v3.39.0 v3.39.1
v3.40.0 v3.40.1 v3.40.2
v3.41.0 v3.41.1
)
gcs_filenames=(
internal_database_schema.json
internal_database_schema.codeintel.json
internal_database_schema.codeinsights.json
)
function download_gcs() {
outfile="${OUTPUT}/schema-descriptions/${1}-${2}"
echo "${outfile}"
if ! curl -fsSL "https://storage.googleapis.com/sourcegraph-assets/migrations/drift/${1}-${2}" 2>/dev/null >"${outfile}"; then
rm "${outfile}"
fi
}
for version in "${gcs_versions[@]}"; do
echo "Persisting schemas for ${version} from GCS..."
for filename in "${gcs_filenames[@]}"; do
download_gcs "${version}" "${filename}"
done
done
git_versions=(
v3.42.0 v3.42.1 v3.42.2
v3.43.0 v3.43.1 v3.43.2
v4.0.0 v4.0.1
v4.1.0 v4.1.1 v4.1.2 v4.1.3
v4.2.0 v4.2.1
v4.3.0 v4.3.1
v4.4.0 v4.4.1 v4.4.2
v4.5.0 v4.5.1
v5.0.0 v5.0.1 v5.0.2 v5.0.3 v5.0.4 v5.0.5 v5.0.6)
for version in "${git_versions[@]}"; do
echo "Persisting schemas for ${version} from Git..."
git show "${version}:internal/database/schema.json" >"${OUTPUT}/schema-descriptions/${version}-internal_database_schema.json"
git show "${version}:internal/database/schema.codeintel.json" >"${OUTPUT}/schema-descriptions/${version}-internal_database_schema.codeintel.json"
git show "${version}:internal/database/schema.codeinsights.json" >"${OUTPUT}/schema-descriptions/${version}-internal_database_schema.codeinsights.json"
done
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/migrator
out=$(./dev/ci/bazel.sh cquery //cmd/migrator --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/migrator/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
echo "--- go build"
pkg=${1:-"github.com/sourcegraph/sourcegraph/cmd/migrator"}
output="$OUTPUT/$(basename "$pkg")"
# shellcheck disable=SC2153
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$output" "$pkg"
echo "--- docker build"
docker build -f cmd/migrator/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

45
cmd/repo-updater/Dockerfile
View File

@ -1,45 +0,0 @@
# This Dockerfile was generated from github.com/sourcegraph/godockerize. It
# was not written by a human, and as such looks janky. As you change this
# file, please don't be scared to make it more pleasant / remove hadolint
# ignores.
# # Install p4 CLI (keep this up to date with cmd/gitserver/Dockerfile and cmd/server/Dockerfile)
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS p4cli
# hash provided in http://filehost.perforce.com/perforce/r22.2/bin.linux26x86_64/SHA256SUMS
# if the hash is not provided, calculate it by downloading the file and running `sha256sum` on it in Terminal
RUN echo "8bc10fca1c5a26262b4072deec76150a668581a9749d0504cd443084773d4fd0 /usr/local/bin/p4" >expected_hash && \
wget http://cdist2.perforce.com/perforce/r22.2/bin.linux26x86_64/p4 -O /usr/local/bin/p4 && \
chmod +x /usr/local/bin/p4 && \
sha256sum -c expected_hash
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS coursier
RUN wget -O coursier.gz https://github.com/coursier/coursier/releases/download/v2.1.0-RC4/cs-x86_64-pc-linux-static.gz && \
gzip -d coursier.gz && \
mv coursier /usr/local/bin/coursier && \
chmod +x /usr/local/bin/coursier
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
COPY --from=p4cli /usr/local/bin/p4 /usr/local/bin/p4
COPY --from=coursier /usr/local/bin/coursier /usr/local/bin/coursier
# This is a trick to include libraries required by p4,
# please refer to https://blog.tilander.org/docker-perforce/
# hadolint ignore=DL4006
RUN wget -O - https://github.com/jtilander/p4d/raw/4600d741720f85d77852dcca7c182e96ad613358/lib/lib-x64.tgz | tar zx --directory /
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/repo-updater"]
COPY repo-updater /usr/local/bin/

19
cmd/repo-updater/Dockerfile.wolfi
View File

@ -1,19 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-repo-updater-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/repo-updater"]
COPY repo-updater /usr/local/bin/

42
cmd/repo-updater/build-wolfi.sh
View File

@ -1,42 +0,0 @@
#!/usr/bin/env bash
path_to_package=${1:-github.com/sourcegraph/sourcegraph/cmd/repo-updater}
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/repo-updater
out=$(./dev/ci/bazel.sh cquery //cmd/repo-updater --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/repo-updater/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
for pkg in $path_to_package; do
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename "$pkg")" "$pkg"
done
docker build -f cmd/repo-updater/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

42
cmd/repo-updater/build.sh
View File

@ -1,42 +0,0 @@
#!/usr/bin/env bash
path_to_package=${1:-github.com/sourcegraph/sourcegraph/cmd/repo-updater}
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
package=${1:-//cmd/repo-updater}
./dev/ci/bazel.sh build "$package"
out=$(./dev/ci/bazel.sh cquery "$package" --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/repo-updater/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
for pkg in $path_to_package; do
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename "$pkg")" "$pkg"
done
docker build -f cmd/repo-updater/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

30
cmd/searcher/Dockerfile
View File

@ -1,30 +0,0 @@
# This Dockerfile was generated from github.com/sourcegraph/godockerize. It
# was not written by a human, and as such looks janky. As you change this
# file, please don't be scared to make it more pleasant / remove hadolint
# ignores.
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
RUN apk --no-cache add pcre sqlite-libs libev
# The comby/comby image is a small binary-only distribution. See the bin and src directories
# here: https://github.com/comby-tools/comby/tree/master/dockerfiles/alpine
# hadolint ignore=DL3022
COPY --from=comby/comby:alpine-3.14-1.8.1@sha256:a5e80d6bad6af008478679809dc8327ebde7aeff7b23505b11b20e36aa62a0b2 /usr/local/bin/comby /usr/local/bin/comby
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
# Use SEARCHER_CACHE_DIR to set the cache dir at runtime for searcher. Setting CACHE_DIR will also
# apply to other services and is deprecated.
ENV CACHE_DIR=/mnt/cache/searcher
RUN mkdir -p ${CACHE_DIR} && chown -R sourcegraph:sourcegraph ${CACHE_DIR}
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/searcher"]
COPY searcher /usr/local/bin/

21
cmd/searcher/Dockerfile.wolfi
View File

@ -1,21 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-searcher-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
ENV CACHE_DIR=/mnt/cache/searcher
USER sourcegraph
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/searcher"]
COPY searcher /usr/local/bin/

39
cmd/searcher/build-wolfi.sh
View File

@ -1,39 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/searcher
out=$(./dev/ci/bazel.sh cquery //cmd/searcher --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/searcher/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/cmd/searcher"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f cmd/searcher/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

39
cmd/searcher/build.sh
View File

@ -1,39 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/searcher
out=$(./dev/ci/bazel.sh cquery //cmd/searcher --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/searcher/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
pkg="github.com/sourcegraph/sourcegraph/cmd/searcher"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
docker build -f cmd/searcher/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

138
cmd/server/Dockerfile
View File

@ -1,138 +0,0 @@
# Install p4 CLI (keep this up to date with cmd/gitserver/Dockerfile)
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS p4cli
# hash provided in http://filehost.perforce.com/perforce/r22.2/bin.linux26x86_64/SHA256SUMS
# if the hash is not provided, calculate it by downloading the file and running `sha256sum` on it in Terminal
RUN echo "8bc10fca1c5a26262b4072deec76150a668581a9749d0504cd443084773d4fd0 /usr/local/bin/p4" >expected_hash && \
wget http://cdist2.perforce.com/perforce/r22.2/bin.linux26x86_64/p4 -O /usr/local/bin/p4 && \
chmod +x /usr/local/bin/p4 && \
sha256sum -c expected_hash
# Install p4-fusion (keep this up to date with cmd/gitserver/Dockerfile)
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS p4-fusion
COPY p4-fusion-install-alpine.sh /p4-fusion-install-alpine.sh
RUN /p4-fusion-install-alpine.sh
# Install coursier (keep this up to date with cmd/gitserver/Dockerfile)
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS coursier
RUN wget -O coursier.gz https://github.com/coursier/coursier/releases/download/v2.1.0-RC4/cs-x86_64-pc-linux-static.gz && \
gzip -d coursier.gz && \
mv coursier /usr/local/bin/coursier && \
chmod +x /usr/local/bin/coursier
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
# TODO(security): This container should not be running as root!
#
# The default user in sourcegraph/alpine is a non-root `sourcegraph` user but because old deployments
# cannot be easily migrated we have not changed this from root -> sourcegraph. See:
# https://github.com/sourcegraph/sourcegraph/issues/13238
# hadolint ignore=DL3002
USER root
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
RUN apk add --no-cache --verbose \
# Minimal version requirement to address vulnerabilities
# https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/
# Don't use alpine/edge, the git release on this segfaults
'git>=2.38.0' --repository=http://dl-cdn.alpinelinux.org/alpine/v3.17/main \
git-lfs \
git-p4 \
--repository=http://dl-cdn.alpinelinux.org/alpine/v3.17/main \
# NOTE that the Postgres version we run is different
# from our *Minimum Supported Version* which alone dictates
# the features we can depend on. See this link for more information:
# https://github.com/sourcegraph/sourcegraph/blob/main/doc/dev/postgresql.md#version-requirements
# You can't just bump the major version since that requires pgupgrade
# between Sourcegraph releases.
&& apk add --no-cache --verbose \
postgresql=~12 \
postgresql-contrib=~12 \
--repository=http://dl-cdn.alpinelinux.org/alpine/v3.12/main \
&& apk add --no-cache --verbose \
'bash>=5.0.17' \
'redis>=5.0' \
python2 \
python3 \
'nginx>=1.18.0' openssh-client pcre sqlite-libs libev su-exec 'nodejs-current>=14.5.0' \
# We require libstdc++ for p4-fusion
libstdc++
# IMPORTANT: If you update the syntax-highlighter version below, you MUST confirm
# the ENV variables from its Dockerfile (https://github.com/sourcegraph/sourcegraph/blob/main/docker-images/syntax-highlighter/Dockerfile)
# have been appropriately set in cmd/server/shared/shared.go.
# hadolint ignore=DL3022
COPY --from=comby/comby:alpine-3.14-1.8.1@sha256:a5e80d6bad6af008478679809dc8327ebde7aeff7b23505b11b20e36aa62a0b2 /usr/local/bin/comby /usr/local/bin/comby
# hadolint ignore=DL3022
COPY --from=docker.io/sourcegraph/syntax-highlighter:215692_2023-04-27_5.0-fb61a539c3a1 /syntax_highlighter /usr/local/bin/
# install blobstore (keep this up to date with the upstream Docker image
# referenced in docker-images/)
RUN apk add --no-cache --verbose openjdk11
# hadolint ignore=DL3022
COPY --from=sourcegraph/blobstore:server /opt/s3proxy /opt/s3proxy
COPY ctags-install-alpine.sh /ctags-install-alpine.sh
RUN /ctags-install-alpine.sh
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/prom-wrapper /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/alertmanager /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /alertmanager.sh /alertmanager.sh
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/prometheus /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /prometheus.sh /prometheus.sh
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /usr/share/prometheus /usr/share/prometheus
RUN set -ex && \
addgroup -S grafana && \
adduser -S -G grafana grafana && \
apk add --no-cache libc6-compat ca-certificates su-exec
# hadolint ignore=DL3022
COPY --from=sourcegraph/grafana:server /usr/share/grafana /usr/share/grafana
COPY . /
# hadolint ignore=DL3022
COPY --from=p4cli /usr/local/bin/p4 /usr/local/bin/p4
COPY --from=p4-fusion /usr/local/bin/p4-fusion /usr/local/bin/p4-fusion
COPY --from=coursier /usr/local/bin/coursier /usr/local/bin/coursier
# This is a trick to include libraries required by p4,
# please refer to https://blog.tilander.org/docker-perforce/
# hadolint ignore=DL4006
RUN wget -O - https://github.com/jtilander/p4d/raw/4600d741720f85d77852dcca7c182e96ad613358/lib/lib-x64.tgz | tar zx --directory /
# hadolint ignore=DL3022
COPY --from=sourcegraph/grafana:server /sg_config_grafana/provisioning/dashboards /sg_config_grafana/provisioning/dashboards
# hadolint ignore=DL3022
COPY --from=sourcegraph/postgres_exporter:server /usr/local/bin/postgres_exporter /usr/local/bin/postgres_exporter
RUN echo "hosts: files dns" > /etc/nsswitch.conf
# symbols is cgo, ensure we have the requisite dynamic libraries
RUN env SANITY_CHECK=true /usr/local/bin/symbols
WORKDIR /
ENV GO111MODULES=on LANG=en_US.utf8
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/server"]

140
cmd/server/Dockerfile.bazel
View File

@ -1,140 +0,0 @@
# Install p4 CLI (keep this up to date with cmd/gitserver/Dockerfile)
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS p4cli
# hash provided in http://filehost.perforce.com/perforce/r22.2/bin.linux26x86_64/SHA256SUMS
# if the hash is not provided, calculate it by downloading the file and running `sha256sum` on it in Terminal
RUN echo "8bc10fca1c5a26262b4072deec76150a668581a9749d0504cd443084773d4fd0 /usr/local/bin/p4" >expected_hash && \
wget http://cdist2.perforce.com/perforce/r22.2/bin.linux26x86_64/p4 -O /usr/local/bin/p4 && \
chmod +x /usr/local/bin/p4 && \
sha256sum -c expected_hash
# Install p4-fusion (keep this up to date with cmd/gitserver/Dockerfile)
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS p4-fusion
COPY p4-fusion-install-alpine.sh /p4-fusion-install-alpine.sh
RUN /p4-fusion-install-alpine.sh
# Install coursier (keep this up to date with cmd/gitserver/Dockerfile)
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS coursier
RUN wget -O coursier.gz https://github.com/coursier/coursier/releases/download/v2.1.0-RC4/cs-x86_64-pc-linux-static.gz && \
gzip -d coursier.gz && \
mv coursier /usr/local/bin/coursier && \
chmod +x /usr/local/bin/coursier
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
# TODO(security): This container should not be running as root!
#
# The default user in sourcegraph/alpine is a non-root `sourcegraph` user but because old deployments
# cannot be easily migrated we have not changed this from root -> sourcegraph. See:
# https://github.com/sourcegraph/sourcegraph/issues/13238
# hadolint ignore=DL3002
USER root
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
RUN apk add --no-cache --verbose \
# Minimal version requirement to address vulnerabilities
# https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/
'git>=2.38.0' --repository=http://dl-cdn.alpinelinux.org/alpine/v3.17/main \
git-lfs \
git-p4 \
--repository=http://dl-cdn.alpinelinux.org/alpine/v3.17/main \
# NOTE that the Postgres version we run is different
# from our *Minimum Supported Version* which alone dictates
# the features we can depend on. See this link for more information:
# https://github.com/sourcegraph/sourcegraph/blob/main/doc/dev/postgresql.md#version-requirements
# You can't just bump the major version since that requires pgupgrade
# between Sourcegraph releases.
&& apk add --no-cache --verbose \
postgresql=~12 \
postgresql-contrib=~12 \
--repository=http://dl-cdn.alpinelinux.org/alpine/v3.12/main \
&& apk add --no-cache --verbose \
'bash>=5.0.17' \
'redis>=5.0' \
python2 \
python3 \
'nginx>=1.18.0' openssh-client pcre sqlite-libs libev su-exec 'nodejs-current>=14.5.0' \
# We require libstdc++ for p4-fusion
libstdc++
# IMPORTANT: If you update the syntax-highlighter version below, you MUST confirm
# the ENV variables from its Dockerfile (https://github.com/sourcegraph/sourcegraph/blob/main/docker-images/syntax-highlighter/Dockerfile)
# have been appropriately set in cmd/server/shared/shared.go.
# hadolint ignore=DL3022
COPY --from=comby/comby:alpine-3.14-1.8.1@sha256:a5e80d6bad6af008478679809dc8327ebde7aeff7b23505b11b20e36aa62a0b2 /usr/local/bin/comby /usr/local/bin/comby
# hadolint ignore=DL3022
COPY --from=docker.io/sourcegraph/syntax-highlighter:223909_2023-06-02_5.0-6fd7735ab9c2 /syntax_highlighter /usr/local/bin/
# hadolint ignore=DL3022
COPY --from=docker.io/sourcegraph/symbols:223909_2023-06-02_5.0-6fd7735ab9c2 /usr/local/bin/scip-ctags /usr/local/bin/scip-ctags
# install blobstore (keep this up to date with the upstream Docker image
# referenced in docker-images/)
RUN apk add --no-cache --verbose openjdk11
# hadolint ignore=DL3022
COPY --from=sourcegraph/blobstore:server /opt/s3proxy /opt/s3proxy
COPY ctags-install-alpine.sh /ctags-install-alpine.sh
RUN /ctags-install-alpine.sh
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/prom-wrapper /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/alertmanager /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /alertmanager.sh /alertmanager.sh
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/prometheus /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /prometheus.sh /prometheus.sh
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /usr/share/prometheus /usr/share/prometheus
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /sg_config_prometheus /sg_config_prometheus
RUN set -ex && \
addgroup -S grafana && \
adduser -S -G grafana grafana && \
apk add --no-cache libc6-compat ca-certificates su-exec
# hadolint ignore=DL3022
COPY --from=sourcegraph/grafana:server /usr/share/grafana /usr/share/grafana
COPY . /
# hadolint ignore=DL3022
COPY --from=p4cli /usr/local/bin/p4 /usr/local/bin/p4
COPY --from=p4-fusion /usr/local/bin/p4-fusion /usr/local/bin/p4-fusion
COPY --from=coursier /usr/local/bin/coursier /usr/local/bin/coursier
# This is a trick to include libraries required by p4,
# please refer to https://blog.tilander.org/docker-perforce/
# hadolint ignore=DL4006
RUN wget -O - https://github.com/jtilander/p4d/raw/4600d741720f85d77852dcca7c182e96ad613358/lib/lib-x64.tgz | tar zx --directory /
# hadolint ignore=DL3022
COPY --from=sourcegraph/grafana:server /sg_config_grafana /sg_config_grafana
# hadolint ignore=DL3022
COPY --from=sourcegraph/postgres_exporter:server /usr/local/bin/postgres_exporter /usr/local/bin/postgres_exporter
RUN echo "hosts: files dns" > /etc/nsswitch.conf
# symbols is cgo, ensure we have the requisite dynamic libraries
RUN env SANITY_CHECK=true /usr/local/bin/symbols
WORKDIR /
ENV GO111MODULES=on LANG=en_US.utf8
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/server"]

67
cmd/server/Dockerfile.wolfi
View File

@ -1,67 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-server-base:latest
# TODO(security): This container should not be running as root!
#
# The default user in sourcegraph/alpine is a non-root `sourcegraph` user but because old deployments
# cannot be easily migrated we have not changed this from root -> sourcegraph. See:
# https://github.com/sourcegraph/sourcegraph/issues/13238
# hadolint ignore=DL3002
USER root
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
# IMPORTANT: If you update the syntax-highlighter version below, you MUST confirm
# the ENV variables from its Dockerfile (https://github.com/sourcegraph/sourcegraph/blob/main/docker-images/syntax-highlighter/Dockerfile)
# have been appropriately set in cmd/server/shared/shared.go.
# TODO: Update this to use the correct syntax-highlighter build
# hadolint ignore=DL3022
COPY --from=us.gcr.io/sourcegraph-dev/wolfi-syntax-highlighter:latest /usr/local/bin/syntax_highlighter /usr/local/bin/
# install blobstore (keep this up to date with the upstream Docker image
# referenced in docker-images/)
# hadolint ignore=DL3022
COPY --from=sourcegraph/blobstore:server /opt/s3proxy /opt/s3proxy
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/prom-wrapper /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/alertmanager /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /alertmanager.sh /alertmanager.sh
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /bin/prometheus /bin
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /prometheus.sh /prometheus.sh
# hadolint ignore=DL3022
COPY --from=sourcegraph/prometheus:server /usr/share/prometheus /usr/share/prometheus
# hadolint ignore=DL3022
COPY --from=sourcegraph/grafana:server /usr/share/grafana /usr/share/grafana
# hadolint ignore=DL3022
COPY --from=sourcegraph/grafana:server /sg_config_grafana/provisioning/dashboards /sg_config_grafana/provisioning/dashboards
COPY . /
# symbols is cgo, ensure we have the requisite dynamic libraries
RUN env SANITY_CHECK=true /usr/local/bin/symbols
WORKDIR /
ENV GO111MODULES=on
ENV LANG=en_US.utf8
ENV PGHOST=/var/run/postgresql
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/server"]

135
cmd/server/build-bazel.sh
View File

@ -1,135 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -eux
# Fail early if env vars are not set
[ -n "$VERSION" ]
[ -n "$IMAGE" ]
OUTPUT=$(mktemp -d -t sgserver_XXXXXXX)
TMP=$(mktemp -d -t sgserver_tmp_XXXXXXX)
export OUTPUT
export BINDIR="$OUTPUT/usr/local/bin"
mkdir -p "$BINDIR"
cleanup() {
rm -rf "$OUTPUT"
rm -rf "$TMP"
}
trap cleanup EXIT
OSS_TARGETS=(
//cmd/frontend
//cmd/worker
//cmd/migrator
//cmd/repo-updater
//cmd/github-proxy
//cmd/gitserver
//cmd/searcher
//cmd/server
//docker-images/syntax-highlighter:scip-ctags
# https://github.com/sourcegraph/s3proxy is still the default for now.
# //cmd/blobstore
@com_github_sourcegraph_zoekt//cmd/zoekt-archive-index
@com_github_sourcegraph_zoekt//cmd/zoekt-git-index
@com_github_sourcegraph_zoekt//cmd/zoekt-sourcegraph-indexserver
@com_github_sourcegraph_zoekt//cmd/zoekt-webserver
)
ENTERPRISE_TARGETS=(
//cmd/github-proxy
//cmd/searcher
//enterprise/cmd/frontend
//enterprise/cmd/gitserver
//enterprise/cmd/worker
//enterprise/cmd/migrator
//enterprise/cmd/repo-updater
//enterprise/cmd/precise-code-intel-worker
//enterprise/cmd/server
)
MUSL_TARGETS=(
@com_github_sourcegraph_zoekt//cmd/zoekt-archive-index
@com_github_sourcegraph_zoekt//cmd/zoekt-git-index
@com_github_sourcegraph_zoekt//cmd/zoekt-sourcegraph-indexserver
@com_github_sourcegraph_zoekt//cmd/zoekt-webserver
)
if [[ "${ENTERPRISE:-"false"}" == "false" ]]; then
MUSL_TARGETS+=(//cmd/symbols)
else
MUSL_TARGETS+=(//enterprise/cmd/symbols)
fi
bazelrc=(
--bazelrc=.bazelrc
)
if [[ ${CI:-""} == "true" ]]; then
bazelrc+=(
--bazelrc=.aspect/bazelrc/ci.bazelrc
--bazelrc=.aspect/bazelrc/ci.sourcegraph.bazelrc
)
fi
echo "--- bazel build musl"
bazel \
"${bazelrc[@]}" \
build \
"${MUSL_TARGETS[@]}" \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh \
--config incompat-zig-linux-amd64
for MUSL_TARGET in "${MUSL_TARGETS[@]}"; do
out=$(bazel "${bazelrc[@]}" \
cquery \
"$MUSL_TARGET" \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh \
--config incompat-zig-linux-amd64 \
--output=files)
cp "$out" "$BINDIR"
echo "copying $MUSL_TARGET"
done
if [[ "${ENTERPRISE:-"false"}" == "false" ]]; then
TARGETS=("${OSS_TARGETS[@]}")
else
TARGETS=("${ENTERPRISE_TARGETS[@]}")
fi
echo "--- bazel build"
./dev/ci/bazel.sh build "${TARGETS[@]}"
echo "-- preparing rootfs"
cp -a ./cmd/server/rootfs/. "$OUTPUT"
for TARGET in "${TARGETS[@]}"; do
out=$(./dev/ci/bazel.sh cquery "$TARGET" --output=files)
cp "$out" "$BINDIR"
echo "copying $TARGET"
done
echo "--- prometheus"
IMAGE=sourcegraph/prometheus:server CACHE=true docker-images/prometheus/build-bazel.sh
echo "--- grafana"
IMAGE=sourcegraph/grafana:server CACHE=true docker-images/grafana/build-bazel.sh
echo "--- blobstore"
IMAGE=sourcegraph/blobstore:server CACHE=true docker-images/blobstore/build.sh
echo "--- postgres exporter"
IMAGE=sourcegraph/postgres_exporter:server CACHE=true docker-images/postgres_exporter/build.sh
echo "--- build scripts"
cp -a ./cmd/symbols/ctags-install-alpine.sh "$OUTPUT"
cp -a ./cmd/gitserver/p4-fusion-install-alpine.sh "$OUTPUT"
echo "--- docker build"
docker build -f cmd/server/Dockerfile.bazel -t "$IMAGE" "$OUTPUT" \
--platform linux/amd64 \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

105
cmd/server/build-wolfi.sh
View File

@ -1,105 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -eux
# Fail early if env vars are not set
[ -n "$VERSION" ]
[ -n "$IMAGE" ]
OUTPUT=$(mktemp -d -t sgserver_XXXXXXX)
export OUTPUT
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
parallel_run() {
./dev/ci/parallel_run.sh "$@"
}
export -f parallel_run
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
# Additional images passed in here when this script is called externally by our
# enterprise build scripts.
additional_images=()
if [ $# -eq 0 ]; then
additional_images+=("github.com/sourcegraph/sourcegraph/cmd/frontend" "github.com/sourcegraph/sourcegraph/cmd/worker" "github.com/sourcegraph/sourcegraph/cmd/migrator" "github.com/sourcegraph/sourcegraph/cmd/repo-updater" "github.com/sourcegraph/sourcegraph/cmd/symbols")
else
additional_images+=("$@")
fi
export additional_images
# Overridable server package path for when this script is called externally by
# our enterprise build scripts.
export server_pkg=${SERVER_PKG:-github.com/sourcegraph/sourcegraph/cmd/server}
cp -a ./cmd/server/rootfs/. "$OUTPUT"
export BINDIR="$OUTPUT/usr/local/bin"
mkdir -p "$BINDIR"
go_build() {
local package="$1"
if [[ "${CI_DEBUG_PROFILE:-"false"}" == "true" ]]; then
env time -v ./cmd/server/go-build-wolfi.sh "$package"
else
./cmd/server/go-build-wolfi.sh "$package"
fi
}
export -f go_build
echo "--- go build"
PACKAGES=(
github.com/sourcegraph/sourcegraph/cmd/github-proxy
github.com/sourcegraph/sourcegraph/cmd/gitserver
github.com/sourcegraph/sourcegraph/cmd/searcher
github.com/sourcegraph/zoekt/cmd/zoekt-archive-index
github.com/sourcegraph/zoekt/cmd/zoekt-git-index
github.com/sourcegraph/zoekt/cmd/zoekt-sourcegraph-indexserver
github.com/sourcegraph/zoekt/cmd/zoekt-webserver
)
PACKAGES+=("${additional_images[@]}")
PACKAGES+=("$server_pkg")
parallel_run go_build {} ::: "${PACKAGES[@]}"
echo "--- monitoring generation"
# For code generation we need to match the local machine so we can run the generator
if [[ "$OSTYPE" == "darwin"* ]]; then
pushd monitoring && GOOS=darwin go generate && popd
else
pushd monitoring && go generate && popd
fi
echo "--- prometheus"
cp -r docker-images/prometheus/config "$OUTPUT/sg_config_prometheus"
mkdir "$OUTPUT/sg_prometheus_add_ons"
cp dev/prometheus/linux/prometheus_targets.yml "$OUTPUT/sg_prometheus_add_ons"
IMAGE=sourcegraph/prometheus:server CACHE=true docker-images/prometheus/build-wolfi.sh
echo "--- grafana"
cp -r docker-images/grafana/config "$OUTPUT/sg_config_grafana"
cp -r dev/grafana/linux "$OUTPUT/sg_config_grafana/provisioning/datasources"
IMAGE=sourcegraph/grafana:server CACHE=true docker-images/grafana/build.sh
echo "--- postgres exporter"
IMAGE=sourcegraph/postgres_exporter:server CACHE=true docker-images/postgres_exporter/build-wolfi.sh
echo "--- blobstore"
IMAGE=sourcegraph/blobstore:server docker-images/blobstore/build-wolfi.sh
echo "--- docker build"
docker build -f cmd/server/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

109
cmd/server/build.sh
View File

@ -1,109 +0,0 @@
#!/usr/bin/env bash
# We want to build multiple go binaries, so we use a custom build step on CI.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -eux
# Fail early if env vars are not set
[ -n "$VERSION" ]
[ -n "$IMAGE" ]
OUTPUT=$(mktemp -d -t sgserver_XXXXXXX)
export OUTPUT
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
parallel_run() {
./dev/ci/parallel_run.sh "$@"
}
export -f parallel_run
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
# Additional images passed in here when this script is called externally by our
# enterprise build scripts.
additional_images=()
if [ $# -eq 0 ]; then
additional_images+=("github.com/sourcegraph/sourcegraph/cmd/frontend" "github.com/sourcegraph/sourcegraph/cmd/worker" "github.com/sourcegraph/sourcegraph/cmd/migrator" "github.com/sourcegraph/sourcegraph/cmd/repo-updater" "github.com/sourcegraph/sourcegraph/cmd/symbols")
else
additional_images+=("$@")
fi
export additional_images
# Overridable server package path for when this script is called externally by
# our enterprise build scripts.
export server_pkg=${SERVER_PKG:-github.com/sourcegraph/sourcegraph/cmd/server}
cp -a ./cmd/server/rootfs/. "$OUTPUT"
export BINDIR="$OUTPUT/usr/local/bin"
mkdir -p "$BINDIR"
go_build() {
local package="$1"
if [[ "${CI_DEBUG_PROFILE:-"false"}" == "true" ]]; then
env time -v ./cmd/server/go-build.sh "$package"
else
./cmd/server/go-build.sh "$package"
fi
}
export -f go_build
echo "--- go build"
PACKAGES=(
github.com/sourcegraph/sourcegraph/cmd/github-proxy
github.com/sourcegraph/sourcegraph/cmd/gitserver
github.com/sourcegraph/sourcegraph/cmd/searcher
github.com/sourcegraph/zoekt/cmd/zoekt-archive-index
github.com/sourcegraph/zoekt/cmd/zoekt-git-index
github.com/sourcegraph/zoekt/cmd/zoekt-sourcegraph-indexserver
github.com/sourcegraph/zoekt/cmd/zoekt-webserver
)
PACKAGES+=("${additional_images[@]}")
PACKAGES+=("$server_pkg")
parallel_run go_build {} ::: "${PACKAGES[@]}"
echo "--- build scripts"
cp -a ./cmd/symbols/ctags-install-alpine.sh "$OUTPUT"
cp -a ./cmd/gitserver/p4-fusion-install-alpine.sh "$OUTPUT"
echo "--- monitoring generation"
# For code generation we need to match the local machine so we can run the generator
if [[ "$OSTYPE" == "darwin"* ]]; then
pushd monitoring && GOOS=darwin go generate && popd
else
pushd monitoring && go generate && popd
fi
echo "--- prometheus"
cp -r docker-images/prometheus/config "$OUTPUT/sg_config_prometheus"
mkdir "$OUTPUT/sg_prometheus_add_ons"
cp dev/prometheus/linux/prometheus_targets.yml "$OUTPUT/sg_prometheus_add_ons"
IMAGE=sourcegraph/prometheus:server CACHE=true docker-images/prometheus/build.sh
echo "--- grafana"
cp -r docker-images/grafana/config "$OUTPUT/sg_config_grafana"
cp -r dev/grafana/linux "$OUTPUT/sg_config_grafana/provisioning/datasources"
IMAGE=sourcegraph/grafana:server CACHE=true docker-images/grafana/build-alpine.sh
echo "--- postgres exporter"
IMAGE=sourcegraph/postgres_exporter:server CACHE=true docker-images/postgres_exporter/build.sh
echo "--- blobstore"
IMAGE=sourcegraph/blobstore:server docker-images/blobstore/build.sh
echo "--- docker build"
docker build -f cmd/server/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

20
cmd/server/go-build-wolfi.sh
View File

@ -1,20 +0,0 @@
#!/usr/bin/env bash
set -euxo pipefail
PACKAGE="$1"
RELATIVE_PACKAGE="${PACKAGE#github.com/sourcegraph/sourcegraph/}"
BASENAME="$(basename "$PACKAGE")"
if [[ "$BASENAME" != "server" ]] && [[ -f "$RELATIVE_PACKAGE/go-build-wolfi.sh" ]]; then
# Application builds itself (e.g. requires CGO)
bash "$RELATIVE_PACKAGE/go-build-wolfi.sh" "$BINDIR"
else
go build \
-trimpath \
-ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" \
-buildmode exe \
-installsuffix netgo \
-tags "dist netgo" \
-o "$BINDIR/$BASENAME" "$PACKAGE"
fi

20
cmd/server/go-build.sh
View File

@ -1,20 +0,0 @@
#!/usr/bin/env bash
set -euxo pipefail
PACKAGE="$1"
RELATIVE_PACKAGE="${PACKAGE#github.com/sourcegraph/sourcegraph/}"
BASENAME="$(basename "$PACKAGE")"
if [[ "$BASENAME" != "server" ]] && [[ -f "$RELATIVE_PACKAGE/go-build.sh" ]]; then
# Application builds itself (e.g. requires CGO)
bash "$RELATIVE_PACKAGE/go-build.sh" "$BINDIR"
else
go build \
-trimpath \
-ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" \
-buildmode exe \
-installsuffix netgo \
-tags "dist netgo" \
-o "$BINDIR/$BASENAME" "$PACKAGE"
fi

7
cmd/server/pre-build.sh
View File

@ -1,7 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"/../..
set -ex
./cmd/frontend/pre-build.sh

91
cmd/symbols/Dockerfile
View File

@ -1,91 +0,0 @@
# NOTE: This layer of the docker image is also used in local development as a wrapper around universal-ctags
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS ctags
# hadolint ignore=DL3002
COPY cmd/symbols/ctags-install-alpine.sh /ctags-install-alpine.sh
RUN /ctags-install-alpine.sh
FROM rust:1.68.0-alpine3.17@sha256:d119a621ae12f84ec0c5fed77c24795120ed1c7874b2428b5a6ccc0f294dbe18 as scip-ctags
# hadolint ignore=DL3002
USER root
RUN apk add --no-cache musl-dev>=1.1.24-r10 build-base
COPY docker-images/syntax-highlighter /repo
WORKDIR /repo
RUN cargo fetch
ARG TARGETARCH
# Because .cargo/config.toml doesnt support triplet-specific env
COPY cmd/symbols/cargo-config.sh /cargo-config.sh
RUN /cargo-config.sh
RUN cargo rustc --release --bin scip-ctags
RUN cp ./target/release/scip-ctags /usr/local/bin/scip-ctags
FROM golang:1.19.8-alpine@sha256:841c160ed35923d96c95c52403c4e6db5decd9cbce034aa851e412ade5d4b74f AS symbols-build
# hadolint ignore=DL3002
USER root
ENV GO111MODULE on
ENV GOARCH amd64
ENV GOOS linux
ENV CGO_ENABLED 1
RUN apk add --no-cache gcc g++
COPY . /repo
WORKDIR /repo
ARG VERSION="unknown"
ENV VERSION $VERSION
ARG PKG
ENV PKG=$PKG
RUN \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/root/go/pkg/mod \
go build \
-trimpath \
-ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" \
-buildmode exe \
-tags dist \
-o /symbols \
$PKG
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS symbols
# TODO(security): This container should not run as root!
#
# See https://github.com/sourcegraph/sourcegraph/issues/13237
# hadolint ignore=DL3002
USER root
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
# ctags is dynamically linked against jansson
# libstdc++ and libgcc are for tree-sitter
RUN apk add --no-cache bind-tools ca-certificates mailcap tini jansson libstdc++ libgcc
COPY --from=ctags /usr/local/bin/universal-ctags /usr/local/bin/universal-ctags
COPY --from=scip-ctags /usr/local/bin/scip-ctags /usr/local/bin/scip-ctags
COPY --from=symbols-build /symbols /usr/local/bin/symbols
# symbols is cgo, ensure we have the requisite dynamic libraries
RUN env SANITY_CHECK=true /usr/local/bin/symbols
# Use SYMBOLS_CACHE_DIR to set the cache dir at runtime for the symbols service. Setting CACHE_DIR
# will also apply to other services and is deprecated.
ENV CACHE_DIR=/mnt/cache/symbols
RUN mkdir -p ${CACHE_DIR}
EXPOSE 3184
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/symbols"]

45
cmd/symbols/Dockerfile.bazel
View File

@ -1,45 +0,0 @@
# NOTE: This layer of the docker image is also used in local development as a wrapper around universal-ctags
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS ctags
# hadolint ignore=DL3002
USER root
COPY ctags-install-alpine.sh /ctags-install-alpine.sh
RUN /ctags-install-alpine.sh
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS symbols
# TODO(security): This container should not run as root!
#
# See https://github.com/sourcegraph/sourcegraph/issues/13237
# hadolint ignore=DL3002
USER root
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
# ctags is dynamically linked against jansson
# libstdc++ and libgcc are for tree-sitter
RUN apk add --no-cache bind-tools ca-certificates mailcap tini jansson libstdc++ libgcc
COPY --from=ctags /usr/local/bin/universal-ctags /usr/local/bin/universal-ctags
# the scip binary and symbols was already built by bazel
# see cmd/symbols/build-bazel.sh where it is built and put in the context directory aka $OUTPUT for docker
COPY scip-ctags /usr/local/bin/scip-ctags
COPY symbols /usr/local/bin/symbols
# symbols is cgo, ensure we have the requisite dynamic libraries
RUN env SANITY_CHECK=true /usr/local/bin/symbols
# Use SYMBOLS_CACHE_DIR to set the cache dir at runtime for the symbols service. Setting CACHE_DIR
# will also apply to other services and is deprecated.
ENV CACHE_DIR=/mnt/cache/symbols
RUN mkdir -p ${CACHE_DIR}
EXPOSE 3184
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/symbols"]

67
cmd/symbols/Dockerfile.wolfi
View File

@ -1,67 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# TODO: See if we can switch back to cgr.dev/chainguard/go:latest
# hadolint ignore=DL3007
FROM cgr.dev/chainguard/go:latest AS symbols-build
# hadolint ignore=DL3002
USER root
ENV GO111MODULE on
ENV GOARCH amd64
ENV GOOS linux
ENV CGO_ENABLED 1
# RUN apt-get update && \
# apt-get install -y \
# gcc \
# g++
COPY . /repo
WORKDIR /repo
ARG VERSION="unknown"
ENV VERSION $VERSION
ARG PKG
ENV PKG=$PKG
RUN \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/root/go/pkg/mod \
go build \
-trimpath \
-ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" \
-buildmode exe \
-tags dist \
-o /symbols \
$PKG
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-symbols-base:latest AS symbols
# TODO(security): This container should not run as root!
#
# See https://github.com/sourcegraph/sourcegraph/issues/13237
# hadolint ignore=DL3002
USER root
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
COPY --from=symbols-build /symbols /usr/local/bin/symbols
# symbols is cgo, ensure we have the requisite dynamic libraries
RUN env SANITY_CHECK=true /usr/local/bin/symbols
ENV CACHE_DIR=/mnt/cache/symbols
EXPOSE 3184
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/symbols"]

70
cmd/symbols/build-bazel.sh
View File

@ -1,70 +0,0 @@
#!/usr/bin/env bash
# This script builds the symbols docker image.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -eu
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
echo "--- :bazel: bazel build for targets //cmd/symbols"
bazelrc=(
--bazelrc=.bazelrc
)
if [[ ${CI:-""} == "true" ]]; then
bazelrc+=(
--bazelrc=.aspect/bazelrc/ci.bazelrc
--bazelrc=.aspect/bazelrc/ci.sourcegraph.bazelrc
)
fi
bazel "${bazelrc[@]}" \
build \
//cmd/symbols \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh \
--config incompat-zig-linux-amd64
out=$(
bazel "${bazelrc[@]}" \
cquery //cmd/symbols \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh \
--config incompat-zig-linux-amd64 \
--output=files
)
cp -v "$out" "$OUTPUT"
# we can't build scip-ctags with symbols since the platform args conflict
# NOTE: cmd/symbols/cargo-config.sh sets some specific config when running on arm64
# since this bazel run typically runs on CI that config change isn't made
echo "--- :bazel: bazel build for target //docker-images/syntax-highlighter:scip-ctags"
bazel "${bazelrc[@]}" \
build //docker-images/syntax-highlighter:scip-ctags \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh
out=$(
bazel "${bazelrc[@]}" \
cquery //docker-images/syntax-highlighter:scip-ctags \
--stamp \
--workspace_status_command=./dev/bazel_stamp_vars.sh \
--output=files
)
cp -v "$out" "$OUTPUT"
cp cmd/symbols/ctags-install-alpine.sh "$OUTPUT"
echo ":docker: context directory contains the following:"
ls -lah "$OUTPUT"
echo "--- :docker: docker build for symbols"
docker build -f cmd/symbols/Dockerfile.bazel -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

14
cmd/symbols/build-wolfi.sh
View File

@ -1,14 +0,0 @@
#!/usr/bin/env bash
# This script builds the symbols docker image.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -eu
echo "--- docker build symbols"
docker build -f cmd/symbols/Dockerfile.wolfi -t "$IMAGE" "$(pwd)" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION \
--build-arg PKG="${PKG:-github.com/sourcegraph/sourcegraph/cmd/symbols}"

14
cmd/symbols/build.sh
View File

@ -1,14 +0,0 @@
#!/usr/bin/env bash
# This script builds the symbols docker image.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -eu
echo "--- docker build symbols"
docker build -f cmd/symbols/Dockerfile -t "$IMAGE" "$(pwd)" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION \
--build-arg PKG="${PKG:-github.com/sourcegraph/sourcegraph/cmd/symbols}"

43
cmd/symbols/ctags-install-alpine.sh
View File

@ -1,43 +0,0 @@
#!/bin/sh
# This script installs universal-ctags within an alpine container.
# Commit hash of github.com/universal-ctags/ctags.
# Last bumped 2022-04-04.
# When bumping please remember to also update Zoekt: https://github.com/sourcegraph/zoekt/blob/d3a8fbd8385f0201dd54ab24114ebd588dfcf0d8/install-ctags-alpine.sh
CTAGS_VERSION=f95bb3497f53748c2b6afc7f298cff218103ab90
cleanup() {
apk --no-cache --purge del ctags-build-deps || true
cd /
rm -rf /tmp/ctags-$CTAGS_VERSION
}
trap cleanup EXIT
set -eux
apk --no-cache add \
--virtual ctags-build-deps \
autoconf \
automake \
binutils \
curl \
g++ \
gcc \
jansson-dev \
make \
pkgconfig
# ctags is dynamically linked against jansson
apk --no-cache add jansson
NUMCPUS=$(grep -c '^processor' /proc/cpuinfo)
# Installation
curl --retry 5 "https://codeload.github.com/universal-ctags/ctags/tar.gz/$CTAGS_VERSION" | tar xz -C /tmp
cd /tmp/ctags-$CTAGS_VERSION
./autogen.sh
./configure --program-prefix=universal- --enable-json
make -j"$NUMCPUS" --load-average="$NUMCPUS"
make install

28
cmd/symbols/go-build-wolfi.sh
View File

@ -1,28 +0,0 @@
#!/usr/bin/env bash
# This script builds the symbols go binary.
# Requires a single argument which is the path to the target bindir.
#
# To test you can run
#
# VERSION=test ./cmd/symbols/go-build-wolfi.sh /tmp
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -eu
OUTPUT="${1:?no output path provided}"
echo "--- docker symbols build"
# Required due to use of RUN --mount=type=cache in Dockerfile.
export DOCKER_BUILDKIT=1
# TODO: The platform flag is required for server image to build, but will break local builds
docker build -f cmd/symbols/Dockerfile.wolfi -t symbols-build "$(pwd)" \
--target=symbols-build \
--platform="${PLATFORM:-linux/amd64}" \
--progress=plain \
--build-arg VERSION \
--build-arg PKG="${PKG:-github.com/sourcegraph/sourcegraph/cmd/symbols}"
docker cp "$(docker create --rm symbols-build)":/symbols "$OUTPUT/symbols"

26
cmd/symbols/go-build.sh
View File

@ -1,26 +0,0 @@
#!/usr/bin/env bash
# This script builds the symbols go binary.
# Requires a single argument which is the path to the target bindir.
#
# To test you can run
#
# VERSION=test ./cmd/symbols/go-build.sh /tmp
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -eu
OUTPUT="${1:?no output path provided}"
echo "--- docker symbols build"
# Required due to use of RUN --mount=type=cache in Dockerfile.
export DOCKER_BUILDKIT=1
docker build -f cmd/symbols/Dockerfile -t symbols-build "$(pwd)" \
--target=symbols-build \
--progress=plain \
--build-arg VERSION \
--build-arg PKG="${PKG:-github.com/sourcegraph/sourcegraph/cmd/symbols}"
docker cp "$(docker create --rm symbols-build)":/symbols "$OUTPUT/symbols"

18
cmd/worker/Dockerfile
View File

@ -1,18 +0,0 @@
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
RUN apk update && apk add --no-cache \
tini
USER sourcegraph
EXPOSE 3189
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/worker"]
COPY worker /usr/local/bin/

21
cmd/worker/Dockerfile.wolfi
View File

@ -1,21 +0,0 @@
# Dockerfile for Wolfi-based images
# This is currently being tested in parallel to Alpine - you don't need to update this
# file if you change the regular Dockerfile.
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-sourcegraph-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
USER sourcegraph
EXPOSE 3189
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/worker"]
COPY worker /usr/local/bin/

42
cmd/worker/build-wolfi.sh
View File

@ -1,42 +0,0 @@
#!/usr/bin/env bash
# This script builds the worker docker image.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/worker
out=$(./dev/ci/bazel.sh cquery //cmd/worker --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/worker/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
echo "--- go build"
pkg="github.com/sourcegraph/sourcegraph/cmd/worker"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
echo "--- docker build"
docker build -f cmd/worker/Dockerfile.wolfi -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

42
cmd/worker/build.sh
View File

@ -1,42 +0,0 @@
#!/usr/bin/env bash
# This script builds the worker docker image.
cd "$(dirname "${BASH_SOURCE[0]}")/../.."
set -ex
OUTPUT=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
./dev/ci/bazel.sh build //cmd/worker
out=$(./dev/ci/bazel.sh cquery //cmd/worker --output=files)
cp "$out" "$OUTPUT"
docker build -f cmd/worker/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
exit $?
fi
# Environment for building linux binaries
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
echo "--- go build"
pkg="github.com/sourcegraph/sourcegraph/cmd/worker"
go build -trimpath -ldflags "-X github.com/sourcegraph/sourcegraph/internal/version.version=$VERSION -X github.com/sourcegraph/sourcegraph/internal/version.timestamp=$(date +%s)" -buildmode exe -tags dist -o "$OUTPUT/$(basename $pkg)" "$pkg"
echo "--- docker build"
docker build -f cmd/worker/Dockerfile -t "$IMAGE" "$OUTPUT" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

15
doc/dev/setup/troubleshooting.md
View File

@ -157,18 +157,3 @@ When trying to install `sg` with the pre-built binaries on WSL2 you may run into
Note: this change will be reverted when your session ends. You will need to reset these limits every time you open a new session and want to use `sg`.
## Symbols docker image creation fails
If you see an error like this:
```
executor failed running [/bin/sh -c /ctags-install-alpine.sh]: exit code: 133
--------------------------------------------------------------------------------
❌ failed to run symbols
```
and you are running the default `sg start` look for the error string `rosetta error: futex(FUTEX_LOCK_PI_PRIVATE) failure:`
You may have enabled Rosetta emulation in your docker configuration.
You may either disable Rosetta emulation in docker or manually build the symbols
binary with `./dev/ctags-install.sh` and then set the `CTAGS_COMMAND` env var
in your sg.config.overwrite.yaml to point to the binary.

67
docker-images/blobstore/Dockerfile
View File

@ -1,67 +0,0 @@
# Build s3proxy from source
# hadolint ignore=DL3022
FROM maven:3.8.6-openjdk-11-slim AS builder
# hadolint ignore=DL3008,DL3009
RUN apt-get update && \
apt-get install -y --no-install-recommends git
RUN git clone https://github.com/sourcegraph/s3proxy /build
WORKDIR /build
RUN mvn package -DskipTests && \
mv target/ /opt/s3proxy && \
cp src/main/resources/run-docker-container.sh /opt/s3proxy
# Build our final Alpine-based image
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
RUN apk update && apk add --no-cache \
openjdk11
COPY --from=builder /opt/s3proxy /opt/s3proxy
ENV \
LOG_LEVEL="info" \
S3PROXY_AUTHORIZATION="none" \
S3PROXY_ENDPOINT="http://0.0.0.0:9000" \
S3PROXY_IDENTITY="local-identity" \
S3PROXY_CREDENTIAL="local-credential" \
S3PROXY_VIRTUALHOST="" \
S3PROXY_CORS_ALLOW_ALL="false" \
S3PROXY_CORS_ALLOW_ORIGINS="" \
S3PROXY_CORS_ALLOW_METHODS="" \
S3PROXY_CORS_ALLOW_HEADERS="" \
S3PROXY_IGNORE_UNKNOWN_HEADERS="false" \
S3PROXY_ENCRYPTED_BLOBSTORE="" \
S3PROXY_ENCRYPTED_BLOBSTORE_PASSWORD="" \
S3PROXY_ENCRYPTED_BLOBSTORE_SALT="" \
S3PROXY_V4_MAX_NON_CHUNKED_REQ_SIZE=33554432 \
JCLOUDS_PROVIDER="filesystem" \
JCLOUDS_ENDPOINT="" \
JCLOUDS_REGION="" \
JCLOUDS_REGIONS="us-east-1" \
JCLOUDS_IDENTITY="remote-identity" \
JCLOUDS_CREDENTIAL="remote-credential" \
JCLOUDS_KEYSTONE_VERSION="" \
JCLOUDS_KEYSTONE_SCOPE="" \
JCLOUDS_KEYSTONE_PROJECT_DOMAIN_NAME="" \
JCLOUDS_FILESYSTEM_BASEDIR="/data"
RUN mkdir -p /data && chown -R sourcegraph:sourcegraph /data
USER sourcegraph
EXPOSE 9000
WORKDIR /opt/s3proxy
ENTRYPOINT ["/sbin/tini", "--", "/opt/s3proxy/run-docker-container.sh"]

44
docker-images/blobstore/Dockerfile.wolfi
View File

@ -1,44 +0,0 @@
# Build our final Wolfi-based image
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-blobstore-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.github.url=https://github.com/sourcegraph/sourcegraph/commit/${COMMIT_SHA}
ENV \
LOG_LEVEL="info" \
S3PROXY_AUTHORIZATION="none" \
S3PROXY_ENDPOINT="http://0.0.0.0:9000" \
S3PROXY_IDENTITY="local-identity" \
S3PROXY_CREDENTIAL="local-credential" \
S3PROXY_VIRTUALHOST="" \
S3PROXY_CORS_ALLOW_ALL="false" \
S3PROXY_CORS_ALLOW_ORIGINS="" \
S3PROXY_CORS_ALLOW_METHODS="" \
S3PROXY_CORS_ALLOW_HEADERS="" \
S3PROXY_IGNORE_UNKNOWN_HEADERS="false" \
S3PROXY_ENCRYPTED_BLOBSTORE="" \
S3PROXY_ENCRYPTED_BLOBSTORE_PASSWORD="" \
S3PROXY_ENCRYPTED_BLOBSTORE_SALT="" \
S3PROXY_V4_MAX_NON_CHUNKED_REQ_SIZE=33554432 \
JCLOUDS_PROVIDER="filesystem" \
JCLOUDS_ENDPOINT="" \
JCLOUDS_REGION="" \
JCLOUDS_REGIONS="us-east-1" \
JCLOUDS_IDENTITY="remote-identity" \
JCLOUDS_CREDENTIAL="remote-credential" \
JCLOUDS_KEYSTONE_VERSION="" \
JCLOUDS_KEYSTONE_SCOPE="" \
JCLOUDS_KEYSTONE_PROJECT_DOMAIN_NAME="" \
JCLOUDS_FILESYSTEM_BASEDIR="/data"
USER sourcegraph
EXPOSE 9000
ENTRYPOINT ["/sbin/tini", "--", "/opt/s3proxy/run-docker-container.sh"]

10
docker-images/blobstore/build-wolfi.sh
View File

@ -1,10 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"
set -ex
docker build -f Dockerfile.wolfi -t "${IMAGE:-"sourcegraph/blobstore"}" . \
--platform linux/amd64 \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

10
docker-images/blobstore/build.sh
View File

@ -1,10 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"
set -ex
docker build -t "${IMAGE:-"sourcegraph/blobstore"}" . \
--platform linux/amd64 \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

37
docker-images/cadvisor/Dockerfile
View File

@ -1,37 +0,0 @@
# NOTE: Check the README before updating
FROM gcr.io/cadvisor/cadvisor@sha256:adc29827d88730174181e9fe221938323baa6ba8c5734c2ec52aa2e86a0c303e
LABEL com.sourcegraph.cadvisor.version=v0.47.0
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
# hadolint ignore=SC2261
RUN apk add --upgrade --no-cache apk-tools>=2.10.8-r0 krb5-libs>=1.18.4-r0 \
libtirpc>=1.3.2-r1 \
busybox \
wget
# Reflects cAdvisor Dockerfile at https://github.com/google/cadvisor/blob/v0.45.0/deploy/Dockerfile
# alongside additional Sourcegraph defaults.
ENTRYPOINT ["/usr/bin/cadvisor", "-logtostderr", \
# sourcegraph cAdvisor custom port
"-port=48080", \
# For metrics categories, see:
# https://github.com/google/cadvisor/blob/master/docs/storage/prometheus.md#prometheus-container-metrics
# and cross-reference with search in the codebase to decide which categories we need
"-enable_metrics=cpu,diskIO,memory,network", \
# Aligned 1:1 with Kubelet defaults:
# https://sourcegraph.com/github.com/google/cadvisor@v0.45.0/-/blob/deploy/kubernetes/overlays/examples/cadvisor-args.yaml
"-docker_only", \
"-housekeeping_interval=10s", \
"-max_housekeeping_interval=15s", \
"-event_storage_event_limit=default=0", \
"-event_storage_age_limit=default=0"]

33
docker-images/cadvisor/Dockerfile.wolfi
View File

@ -1,33 +0,0 @@
# TODO: Experimental cAdvisor Dockerfile. Entirely untested, and may require additional libraries
# NOTE: Check the README before updating
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-cadvisor-base:latest
LABEL com.sourcegraph.cadvisor.version=v0.47.1
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
# Reflects cAdvisor Dockerfile at https://github.com/google/cadvisor/blob/v0.45.0/deploy/Dockerfile
# alongside additional Sourcegraph defaults.
ENTRYPOINT ["/usr/bin/cadvisor", "-logtostderr", \
# sourcegraph cAdvisor custom port
"-port=48080", \
# For metrics categories, see:
# https://github.com/google/cadvisor/blob/master/docs/storage/prometheus.md#prometheus-container-metrics
# and cross-reference with search in the codebase to decide which categories we need
"-enable_metrics=cpu,diskIO,memory,network", \
# Aligned 1:1 with Kubelet defaults:
# https://sourcegraph.com/github.com/google/cadvisor@v0.45.0/-/blob/deploy/kubernetes/overlays/examples/cadvisor-args.yaml
"-docker_only", \
"-housekeeping_interval=10s", \
"-max_housekeeping_interval=15s", \
"-event_storage_event_limit=default=0", \
"-v=3", \
"-event_storage_age_limit=default=0", \
"-containerd=/var/run/containerd/containerd.sock"]

9
docker-images/cadvisor/build-wolfi.sh
View File

@ -1,9 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"
set -ex
docker build -f Dockerfile.wolfi -t "${IMAGE:-"sourcegraph/cadvisor"}" . \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

9
docker-images/cadvisor/build.sh
View File

@ -1,9 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"
set -ex
docker build -t "${IMAGE:-"sourcegraph/cadvisor"}" . \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

3
docker-images/grafana/BUILD.bazel generated
View File

@ -5,7 +5,7 @@ load("//dev:oci_defs.bzl", "image_repository")
filegroup(
name = "config_files",
srcs = glob(["config/*"]) + ["entry-bazel.sh"],
srcs = glob(["config/*"]) + ["entry.sh"],
)
pkg_tar(
@ -16,7 +16,6 @@ pkg_tar(
],
remap_paths = {
"docker-images/grafana/config": "/sg_config_grafana",
"/entry-bazel.sh": "/entry.sh",
},
)

48
docker-images/grafana/Dockerfile
View File

@ -1,48 +0,0 @@
# sourcegraph/grafana - learn more about this image in https://docs.sourcegraph.com/dev/background-information/observability/grafana
# Build monitoring definitions
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS monitoring_builder
RUN mkdir -p '/generated/grafana'
COPY ./.bin/monitoring-generator /bin/monitoring-generator
RUN GRAFANA_DIR='/generated/grafana' PROMETHEUS_DIR='' DOCS_DIR='' NO_PRUNE=true /bin/monitoring-generator
RUN ls '/generated/grafana'
# Prepare final image
# When upgrading the Grafana version, please refer to https://docs.sourcegraph.com/dev/background-information/observability/grafana#upgrading-grafana
# DO NOT UPGRADE to AGPL Grafana without consulting Stephen+legal, Grafana >= 8.0 is AGPLv3 Licensed
# See https://docs.google.com/document/d/1nSmz1ChL_rBvX8FAKTB-CNzgcff083sUlIpoXEz6FHE/edit#heading=h.69clsrno4211
# We use a Grafana base image built by Chainguard
# TODO(@willdollman): This image was manually uploaded to our registry 2023-04-06
FROM us.gcr.io/sourcegraph-dev/wolfi-grafana@sha256:ec1049f35ff7e4ab6ff7b4cc6790996ad74d196b8dcee8ea5283fca759156637 as production
LABEL com.sourcegraph.grafana.version=7.5.17
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
# This removes the Chainguard-supplied config and replaces it with our own
# TODO: Ask Chainguard to remove this from the base image
USER root
RUN rm -rf /sg_config_grafana/provisioning/dashboards/sourcegraph/
# hadolint ignore=DL3020
ADD config /sg_config_grafana
COPY --from=monitoring_builder /generated/grafana/home.json /usr/share/grafana/public/dashboards/home.json
COPY --from=monitoring_builder /generated/grafana/* /sg_config_grafana/provisioning/dashboards/sourcegraph/
# Overwrite default entrypoint with the local one
COPY entry.sh /opt/grafana/
# Create optional folders to avoid error logs about missing dirs
RUN chown grafana:root /sg_config_grafana/provisioning/plugins
EXPOSE 3370
USER grafana
ENTRYPOINT ["/opt/grafana/entry.sh"]

57
docker-images/grafana/Dockerfile.alpine
View File

@ -1,57 +0,0 @@
# sourcegraph/grafana - learn more about this image in https://docs.sourcegraph.com/dev/background-information/observability/grafana
# Build monitoring definitions
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS monitoring_builder
RUN mkdir -p '/generated/grafana'
COPY ./.bin/monitoring-generator /bin/monitoring-generator
RUN GRAFANA_DIR='/generated/grafana' PROMETHEUS_DIR='' DOCS_DIR='' NO_PRUNE=true /bin/monitoring-generator
RUN ls '/generated/grafana'
# Prepare final image
# when upgrading the Grafana version, please refer to https://docs.sourcegraph.com/dev/background-information/observability/grafana#upgrading-grafana
# DO NOT UPGRADE to AGPL Grafana without consulting Stephen+legal, Grafana >= 8.0 is AGPLv3 Licensed
# See https://docs.google.com/document/d/1nSmz1ChL_rBvX8FAKTB-CNzgcff083sUlIpoXEz6FHE/edit#heading=h.69clsrno4211
FROM grafana/grafana:7.5.17@sha256:15abb652aa82eeb9f45589278b34ae6ef0e96f74c389cadde31831eb0b1ce228 as production
LABEL com.sourcegraph.grafana.version=7.5.17
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
# hadolint ignore=DL3020
ADD config /sg_config_grafana
COPY --from=monitoring_builder /generated/grafana/home.json /usr/share/grafana/public/dashboards/home.json
COPY --from=monitoring_builder /generated/grafana/* /sg_config_grafana/provisioning/dashboards/sourcegraph/
# hadolint ignore=DL3020
ADD entry-alpine.sh /
USER root
# Create optional folders to avoid error logs about missing dirs
RUN mkdir /sg_grafana_additional_dashboards
RUN mkdir /sg_config_grafana/provisioning/plugins && chown grafana:root /sg_config_grafana/provisioning/plugins
# @FIXME: Update redis image
# Pin busybox=1.32.1-r7 https://github.com/sourcegraph/sourcegraph/issues/27965
RUN apk add --upgrade --no-cache \
'apk-tools>=2.12' \
'krb5-libs>=1.18.4' \
'libssl1.1>=1.1.1s-r0' \
'openssl>=1.1.1s-r0' \
'busybox>=1.32.1' \
'ncurses-libs>=6.2_p20210109-r1' \
'ncurses-terminfo-base>=6.2_p20210109-r1' \
'libtirpc>=1.3.1-r1'
EXPOSE 3370
USER grafana
ENTRYPOINT ["/entry.sh"]

45
docker-images/grafana/Dockerfile.bazel
View File

@ -1,45 +0,0 @@
# sourcegraph/grafana - learn more about this image in https://docs.sourcegraph.com/dev/background-information/observability/grafana
FROM grafana/grafana:7.5.17@sha256:15abb652aa82eeb9f45589278b34ae6ef0e96f74c389cadde31831eb0b1ce228 as production
LABEL com.sourcegraph.grafana.version=7.5.17
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
# hadolint ignore=DL3020
ADD config /sg_config_grafana
COPY grafana/home.json /usr/share/grafana/public/dashboards/home.json
COPY grafana/* /sg_config_grafana/provisioning/dashboards/sourcegraph/
# Overwrite default entrypoint with the local one
COPY entry-alpine.sh /entry.sh
# Create optional folders to avoid error logs about missing dirs
USER root
# Create optional folders to avoid error logs about missing dirs
RUN mkdir /sg_grafana_additional_dashboards
RUN mkdir /sg_config_grafana/provisioning/plugins && chown grafana:root /sg_config_grafana/provisioning/plugins
# @FIXME: Update redis image
# Pin busybox=1.32.1-r7 https://github.com/sourcegraph/sourcegraph/issues/27965
# RUN apk add --upgrade \
# 'apk-tools>=2.12' \
# 'krb5-libs>=1.18.4' \
# 'libssl1.1>=1.1.1s-r0' \
# 'openssl>=1.1.1s-r0' \
# 'busybox>=1.32.1' \
# 'ncurses-libs>=6.2_p20210109-r1' \
# 'ncurses-terminfo-base>=6.2_p20210109-r1' \
# 'libtirpc>=1.3.1-r1'
EXPOSE 3370
USER grafana
ENTRYPOINT ["/entry.sh"]

40
docker-images/grafana/build-alpine.sh
View File

@ -1,40 +0,0 @@
#!/usr/bin/env bash
set -ex
cd "$(dirname "${BASH_SOURCE[0]}")"
# We build out of tree to prevent triggering dev watch scripts when we copy go
# files.
BUILDDIR=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$BUILDDIR"
}
trap cleanup EXIT
# Copy assets
cp -R . "$BUILDDIR"
# Build args for Go cross-compilation.
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
# Cross-compile monitoring generator before building the image.
pushd "../../monitoring"
go build \
-trimpath \
-o "$BUILDDIR"/.bin/monitoring-generator .
# Final pre-build stage.
pushd "$BUILDDIR"
docker build -f Dockerfile.alpine -t "${IMAGE:-sourcegraph/grafana}" . \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
# cd out of $BUILDDIR for cleanup
popd

31
docker-images/grafana/build-bazel.sh
View File

@ -1,31 +0,0 @@
#!/usr/bin/env bash
set -ex
BUILDDIR=$(mktemp -d -t sgdockerbuild_XXXXXXX)
TMP=$(mktemp -d -t sggraf_tmp_XXXXXXX)
cleanup() {
rm -rf "$BUILDDIR"
rm -rf "$TMP"
}
trap cleanup EXIT
./dev/ci/bazel.sh build //monitoring:generate_config_zip
monitoring_cfg=$(./dev/ci/bazel.sh cquery //monitoring:generate_config_zip --output=files)
cp "$monitoring_cfg" "$TMP"
pushd "$TMP"
unzip "monitoring.zip"
popd
cp -r docker-images/grafana/entry-alpine.sh "$BUILDDIR/"
cp -r docker-images/grafana/config "$BUILDDIR/"
cp -r "$TMP/monitoring/grafana" "$BUILDDIR/"
# # shellcheck disable=SC2086
docker build -f docker-images/grafana/Dockerfile.bazel -t "${IMAGE:-sourcegraph/grafana}" "$BUILDDIR" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

40
docker-images/grafana/build.sh
View File

@ -1,40 +0,0 @@
#!/usr/bin/env bash
set -ex
cd "$(dirname "${BASH_SOURCE[0]}")"
# We build out of tree to prevent triggering dev watch scripts when we copy go
# files.
BUILDDIR=$(mktemp -d -t sgdockerbuild_XXXXXXX)
cleanup() {
rm -rf "$BUILDDIR"
}
trap cleanup EXIT
# Copy assets
cp -R . "$BUILDDIR"
# Build args for Go cross-compilation.
export GO111MODULE=on
export GOARCH=amd64
export GOOS=linux
export CGO_ENABLED=0
# Cross-compile monitoring generator before building the image.
pushd "../../monitoring"
go build \
-trimpath \
-o "$BUILDDIR"/.bin/monitoring-generator .
# Final pre-build stage.
pushd "$BUILDDIR"
docker build -f Dockerfile -t "${IMAGE:-sourcegraph/grafana}" . \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION
# cd out of $BUILDDIR for cleanup
popd

7
docker-images/grafana/entry-alpine.sh
View File

@ -1,7 +0,0 @@
#!/usr/bin/env bash
set -e
export GF_PATHS_PROVISIONING=/sg_config_grafana/provisioning
export GF_PATHS_CONFIG=/sg_config_grafana/grafana.ini
exec "/run.sh"

16
docker-images/grafana/entry-bazel.sh
View File

@ -1,16 +0,0 @@
#!/usr/bin/env bash
set -e
export GF_PATHS_PROVISIONING=/sg_config_grafana/provisioning
export GF_PATHS_CONFIG=/sg_config_grafana/grafana.ini
exec grafana-server \
--homepath="$GF_PATHS_HOME" \
--config="$GF_PATHS_CONFIG" \
--packaging=docker \
"$@" \
cfg:default.log.mode="console" \
cfg:default.paths.data="$GF_PATHS_DATA" \
cfg:default.paths.logs="$GF_PATHS_LOGS" \
cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \
cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING"

11
docker-images/grafana/entry.sh
View File

@ -4,4 +4,13 @@ set -e
export GF_PATHS_PROVISIONING=/sg_config_grafana/provisioning
export GF_PATHS_CONFIG=/sg_config_grafana/grafana.ini
exec "/opt/grafana/run.sh"
exec grafana-server \
--homepath="$GF_PATHS_HOME" \
--config="$GF_PATHS_CONFIG" \
--packaging=docker \
"$@" \
cfg:default.log.mode="console" \
cfg:default.paths.data="$GF_PATHS_DATA" \
cfg:default.paths.logs="$GF_PATHS_LOGS" \
cfg:default.paths.plugins="$GF_PATHS_PLUGINS" \
cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING"

32
docker-images/indexed-searcher/Dockerfile.wolfi
View File

@ -1,32 +0,0 @@
# Note: to be able to use an ARG with a FROM it has to be at the TOP of the Dockerfile
ARG ZOEKT_IMAGE="index.docker.io/sourcegraph/zoekt-webserver"
ARG ZOEKT_VERSION
FROM $ZOEKT_IMAGE:$ZOEKT_VERSION AS zoekt_upstream
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-sourcegraph-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
ENV DATA_DIR /data/index
USER sourcegraph
WORKDIR /home/sourcegraph
COPY --from=zoekt_upstream /usr/local/bin/zoekt-webserver /usr/local/bin/
# zoekt-webserver has a large stable heap size (10s of gigs), and as such the
# default GOGC=100 could be better tuned. https://dave.cheney.net/tag/gogc
# In go1.18 the GC changed significantly and from experimentation we tuned it
# down from 50 to 25.
ENV GOGC=25
ENTRYPOINT ["/sbin/tini", "--"]
# hadolint ignore=DL3025
CMD zoekt-webserver -index $DATA_DIR -pprof -rpc -indexserver_proxy

13
docker-images/indexed-searcher/build-wolfi.sh
View File

@ -1,13 +0,0 @@
#!/usr/bin/env bash
set -ex
cd "$(dirname "${BASH_SOURCE[0]}")"
ZOEKT_VERSION=$(go mod edit -print | awk '/sourcegraph\/zoekt/ {print substr($2, 2)}')
docker build --no-cache -f Dockerfile.wolfi -t "${IMAGE:-"sourcegraph/indexed-searcher"}" . \
--progress=plain \
--build-arg ZOEKT_VERSION="$ZOEKT_VERSION" \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

16
docker-images/indexed-searcher/build.sh
View File

@ -1,16 +0,0 @@
#!/usr/bin/env bash
set -ex
cd "$(dirname "${BASH_SOURCE[0]}")"
# This merely re-tags the image to match our official versioning scheme. The
# actual image currently lives here:
# https://github.com/sourcegraph/zoekt/blob/master/Dockerfile.webserver
#
# The images are tagged using the same pseudo-versions as go mod, so we
# extract the version from our go.mod
version=$(go mod edit -print | awk '/sourcegraph\/zoekt/ {print substr($2, 2)}')
docker pull index.docker.io/sourcegraph/zoekt-webserver:"$version"
docker tag index.docker.io/sourcegraph/zoekt-webserver:"$version" "$IMAGE"

30
docker-images/jaeger-agent/Dockerfile
View File

@ -1,30 +0,0 @@
# This Dockerfile tracks jaegertracing/jaeger-agent, but includes more debugging tools and runs as a
# non-root user. It requires JAEGER_VERSION to be set as an argument to build.
ARG JAEGER_VERSION
FROM jaegertracing/jaeger-agent:${JAEGER_VERSION} as base
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
USER root
RUN apk --no-cache add bash curl apk-tools>=2.10.8-r0
COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=base /go/bin/agent-linux /go/bin/agent-linux
RUN adduser -S -u 10001 jaeger
RUN chown jaeger /go/bin/agent-linux
USER jaeger
EXPOSE 5775/udp 6831/udp 6832/udp 5778
ENTRYPOINT ["/go/bin/agent-linux"]
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
LABEL com.sourcegraph.jaeger.version=${JAEGER_VERSION}

14
docker-images/jaeger-agent/Dockerfile.wolfi
View File

@ -1,14 +0,0 @@
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-jaeger-agent-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.jaeger.version=${JAEGER_VERSION}
EXPOSE 5775/udp 6831/udp 6832/udp 5778
ENTRYPOINT ["/usr/local/bin/jaeger-agent"]

13
docker-images/jaeger-agent/build-wolfi.sh
View File

@ -1,13 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
IMAGE=${IMAGE:-sourcegraph/jaeger-agent}
docker build --no-cache -f Dockerfile.wolfi -t "${IMAGE}" . \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

17
docker-images/jaeger-agent/build.sh
View File

@ -1,17 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
export JAEGER_VERSION="${JAEGER_VERSION:-1.42.0}"
IMAGE=${IMAGE:-sourcegraph/jaeger-agent}
echo "Building image ${IMAGE} from Jaeger ${JAEGER_VERSION}"
docker build --no-cache -t "${IMAGE}" . \
--progress=plain \
--build-arg JAEGER_VERSION \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

69
docker-images/jaeger-all-in-one/Dockerfile
View File

@ -1,69 +0,0 @@
# This Dockerfile tracks jaegertracing/all-in-one
# (https://github.com/jaegertracing/jaeger/blob/master/cmd/all-in-one/Dockerfile), but includes more
# debugging tools and runs as a non-root user. It requires JAEGER_VERSION to be set as an argument
# to build.
ARG JAEGER_VERSION
FROM jaegertracing/all-in-one:${JAEGER_VERSION} as base
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
USER root
RUN apk update
RUN apk --no-cache add bash curl 'apk-tools>=2.10.8-r0' 'krb5-libs>=1.18.4-r0'
COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
COPY --from=base /go/bin/all-in-one-linux /go/bin/all-in-one-linux
COPY --from=base /etc/jaeger/sampling_strategies.json /etc/jaeger/sampling_strategies.json
RUN adduser -S -u 10001 jaeger
RUN chown jaeger /go/bin/all-in-one-linux
RUN chown jaeger /etc/jaeger/sampling_strategies.json
USER jaeger
# Agent zipkin.thrift compact
EXPOSE 5775/udp
# Agent jaeger.thrift compact
EXPOSE 6831/udp
# Agent jaeger.thrift binary
EXPOSE 6832/udp
# Agent config HTTP
EXPOSE 5778
# Collector HTTP
EXPOSE 14268
# Collector gRPC
EXPOSE 14250
# Web HTTP
EXPOSE 16686
# Ensure the /tmp directory is chown'd to user jaeger
USER root
RUN mkdir -p /tmp
RUN chown -R jaeger /tmp
USER jaeger
VOLUME ["/tmp"]
# Used in order to reverse proxy the Jaeger UI
ENV QUERY_BASE_PATH="/-/debug/jaeger"
# Default configuration file for setting sampling strategies, we override the command in docker-compose
ENV SAMPLING_STRATEGIES_FILE=/etc/jaeger/sampling_strategies.json
ENTRYPOINT ["/go/bin/all-in-one-linux"]
CMD ["--sampling.strategies-file=/etc/jaeger/sampling_strategies.json"]
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
LABEL com.sourcegraph.jaeger.version=${JAEGER_VERSION}

46
docker-images/jaeger-all-in-one/Dockerfile.wolfi
View File

@ -1,46 +0,0 @@
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-jaeger-all-in-one-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL com.sourcegraph.jaeger.version=${JAEGER_VERSION}
COPY ./config/sampling_strategies.json /etc/jaeger/sampling_strategies.json
USER jaeger
VOLUME ["/tmp"]
# Agent zipkin.thrift compact
EXPOSE 5775/udp
# Agent jaeger.thrift compact
EXPOSE 6831/udp
# Agent jaeger.thrift binary
EXPOSE 6832/udp
# Agent config HTTP
EXPOSE 5778
# Collector HTTP
EXPOSE 14268
# Collector gRPC
EXPOSE 14250
# Web HTTP
EXPOSE 16686
# Used in order to reverse proxy the Jaeger UI
ENV QUERY_BASE_PATH="/-/debug/jaeger"
# Default configuration file for setting sampling strategies, we override the command in docker-compose
ENV SAMPLING_STRATEGIES_FILE=/etc/jaeger/sampling_strategies.json
ENTRYPOINT ["/usr/local/bin/jaeger-all-in-one"]
CMD ["--sampling.strategies-file=/etc/jaeger/sampling_strategies.json"]

13
docker-images/jaeger-all-in-one/build-wolfi.sh
View File

@ -1,13 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
IMAGE=${IMAGE:-sourcegraph/jaeger-all-in-one}
docker build --no-cache -f Dockerfile.wolfi -t "${IMAGE}" . \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

17
docker-images/jaeger-all-in-one/build.sh
View File

@ -1,17 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
export JAEGER_VERSION="${JAEGER_VERSION:-1.42.0}"
IMAGE=${IMAGE:-sourcegraph/jaeger-all-in-one}
echo "Building image ${IMAGE} from Jaeger ${JAEGER_VERSION}"
docker build --no-cache -t "${IMAGE}" . \
--progress=plain \
--build-arg JAEGER_VERSION \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

16
docker-images/node-exporter/Dockerfile.wolfi
View File

@ -1,16 +0,0 @@
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-node-exporter-base:latest
# hadolint ignore=DL3048
LABEL com.sourcegraph.node_exporter.version=v1.5.0
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
EXPOSE 9100
USER nobody
ENTRYPOINT [ "/usr/bin/node_exporter" ]

9
docker-images/node-exporter/build-wolfi.sh
View File

@ -1,9 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"
set -ex
docker build -f Dockerfile.wolfi -t "${IMAGE:-sourcegraph/node-exporter}" . \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

10
docker-images/node-exporter/build.sh
View File

@ -1,10 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"
set -ex
# Retag the upstream node-exporter release
VERSION="v1.5.0@sha256:fa8e5700b7762fffe0674e944762f44bb787a7e44d97569fe55348260453bf80"
docker pull prom/node-exporter:$VERSION
docker tag prom/node-exporter:$VERSION "$IMAGE"

48
docker-images/opentelemetry-collector/Dockerfile
View File

@ -1,48 +0,0 @@
# Build custom collector binary
FROM golang:1.19.8-alpine@sha256:841c160ed35923d96c95c52403c4e6db5decd9cbce034aa851e412ade5d4b74f AS build
ARG OTEL_COLLECTOR_VERSION
ENV OTEL_COLLECTOR_VERSION=${OTEL_COLLECTOR_VERSION}
# Get some requirements for building the collector
RUN apk add --no-cache gettext git gcc g++
# Prep workspace for build
RUN mkdir -p /build
WORKDIR /build
# Populate builder template with version variables
COPY ./builder.template.yaml ./builder.template.yaml
RUN envsubst <./builder.template.yaml >./builder.yaml
# Run the collector builder
RUN mkdir -p /cmd/otelcol-sourcegraph
RUN go run go.opentelemetry.io/collector/cmd/builder@v${OTEL_COLLECTOR_VERSION} \
--config ./builder.yaml \
--output-path=/cmd/otelcol-sourcegraph
# Package the final distribution image
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
LABEL com.sourcegraph.opentelemetry-collector.version=${OTEL_COLLECTOR_VERSION}
# Set up a home directory
RUN mkdir -p /otel-collector
WORKDIR /otel-collector
# Set up bundled configuration - see README
COPY ./configs /etc/otel-collector/configs
# Get the custom distribution we built, and set it to the default entrypoint
COPY --from=build /cmd/otelcol-sourcegraph/otelcol-sourcegraph /bin/otelcol-sourcegraph
ENTRYPOINT [ "/bin/otelcol-sourcegraph" ]

17
docker-images/opentelemetry-collector/Dockerfile.wolfi
View File

@ -1,17 +0,0 @@
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-opentelemetry-collector-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
# TODO: Alpine image runs as root - required?
# Set up bundled configuration - see README
COPY ./configs /etc/otel-collector/configs
ENTRYPOINT [ "/bin/otelcol-sourcegraph" ]

10
docker-images/opentelemetry-collector/build-wolfi.sh
View File

@ -1,10 +0,0 @@
#!/usr/bin/env bash
set -ex
cd "$(dirname "${BASH_SOURCE[0]}")"
docker build -f Dockerfile.wolfi -t "${IMAGE:-sourcegraph/opentelemetry-collector}" . \
--platform linux/amd64 \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

14
docker-images/opentelemetry-collector/build.sh
View File

@ -1,14 +0,0 @@
#!/usr/bin/env bash
set -ex
cd "$(dirname "${BASH_SOURCE[0]}")"
# Keep in sync with version in go.mod
export OTEL_COLLECTOR_VERSION="${OTEL_COLLECTOR_VERSION:-0.71.0}"
docker build -t "${IMAGE:-sourcegraph/opentelemetry-collector}" . \
--platform linux/amd64 \
--build-arg OTEL_COLLECTOR_VERSION \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

29
docker-images/postgres_exporter/Dockerfile
View File

@ -1,29 +0,0 @@
FROM prometheuscommunity/postgres-exporter:v0.12.0@sha256:f34d50a64a4d558ad118ffc73be45a359ac8f30b8daba4b241458bcb9f94e254 as postgres_exporter
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a
# hadolint ignore=DL3048
LABEL com.sourcegraph.postgres_exporter.version=v0.12.0
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
# hadolint ignore=DL3022
COPY --from=postgres_exporter /bin/postgres_exporter /usr/local/bin/postgres_exporter
RUN addgroup -S postgres_exporter && adduser --uid 20001 -S postgres_exporter -G postgres_exporter
USER postgres_exporter
COPY ./*.yaml /config/
ENV PG_EXPORTER_EXTEND_QUERY_PATH=/config/queries.yaml
EXPOSE 9187
ENTRYPOINT [ "/usr/local/bin/postgres_exporter"]

21
docker-images/postgres_exporter/Dockerfile.wolfi
View File

@ -1,21 +0,0 @@
# hadolint ignore=DL3007
FROM us.gcr.io/sourcegraph-dev/wolfi-postgres-exporter-base:latest
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
USER postgres_exporter
COPY ./*.yaml /config/
ENV PG_EXPORTER_EXTEND_QUERY_PATH=/config/queries.yaml
EXPOSE 9187
# TODO: Error 'Error opening config file "postgres_exporter.yml"' occurs at startup in v0.12.0 - confirm this is working as expected
ENTRYPOINT [ "/usr/bin/postgres_exporter"]

61
docker-images/postgres_exporter/build-wolfi.sh
View File

@ -1,61 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"
set -ex
OUTPUT=$(mktemp -d -t sgpostgres_exporter_XXXXXXX)
export OUTPUT
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
mkdir -p "${OUTPUT}"
OUTPUT_FILE="${OUTPUT}/queries.yaml"
CODEINTEL_OUTPUT_FILE="${OUTPUT}/code_intel_queries.yaml"
CODEINSIGHTS_OUTPUT_FILE="${OUTPUT}/code_insights_queries.yaml"
for source in ./config/*.yaml; do
{
if [[ "$source" == *"codeintel"* || "$source" == *"codeinsights"* ]]; then
echo "# skipping $source"
continue
fi
echo "# source: ${source}"
cat "$source"
echo ""
} >>"${OUTPUT_FILE}"
done
for source in ./config/*.yaml; do
{
if [[ "$source" == *"frontend"* || "$source" == *"codeinsights"* ]]; then
echo "# skipping $source"
continue
fi
echo "# source: ${source}"
cat "$source"
echo ""
} >>"${CODEINTEL_OUTPUT_FILE}"
done
for source in ./config/*.yaml; do
{
if [[ "$source" == *"frontend"* || "$source" == *"codeintel"* ]]; then
echo "# skipping $source"
continue
fi
echo "# source: ${source}"
cat "$source"
echo ""
} >>"${CODEINSIGHTS_OUTPUT_FILE}"
done
echo "${OUTPUT_FILE}"
echo "${CODEINTEL_OUTPUT_FILE}"
echo "${CODEINSIGHTS_OUTPUT_FILE}"
docker build -f Dockerfile.wolfi -t "${IMAGE:-sourcegraph/postgres_exporter}" "${OUTPUT}" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

61
docker-images/postgres_exporter/build.sh
View File

@ -1,61 +0,0 @@
#!/usr/bin/env bash
cd "$(dirname "${BASH_SOURCE[0]}")"
set -ex
OUTPUT=$(mktemp -d -t sgpostgres_exporter_XXXXXXX)
export OUTPUT
cleanup() {
rm -rf "$OUTPUT"
}
trap cleanup EXIT
mkdir -p "${OUTPUT}"
OUTPUT_FILE="${OUTPUT}/queries.yaml"
CODEINTEL_OUTPUT_FILE="${OUTPUT}/code_intel_queries.yaml"
CODEINSIGHTS_OUTPUT_FILE="${OUTPUT}/code_insights_queries.yaml"
for source in ./config/*.yaml; do
{
if [[ "$source" == *"codeintel"* || "$source" == *"codeinsights"* ]]; then
echo "# skipping $source"
continue
fi
echo "# source: ${source}"
cat "$source"
echo ""
} >>"${OUTPUT_FILE}"
done
for source in ./config/*.yaml; do
{
if [[ "$source" == *"frontend"* || "$source" == *"codeinsights"* ]]; then
echo "# skipping $source"
continue
fi
echo "# source: ${source}"
cat "$source"
echo ""
} >>"${CODEINTEL_OUTPUT_FILE}"
done
for source in ./config/*.yaml; do
{
if [[ "$source" == *"frontend"* || "$source" == *"codeintel"* ]]; then
echo "# skipping $source"
continue
fi
echo "# source: ${source}"
cat "$source"
echo ""
} >>"${CODEINSIGHTS_OUTPUT_FILE}"
done
echo "${OUTPUT_FILE}"
echo "${CODEINTEL_OUTPUT_FILE}"
echo "${CODEINSIGHTS_OUTPUT_FILE}"
docker build -f ./Dockerfile -t "${IMAGE:-sourcegraph/postgres_exporter}" "${OUTPUT}" \
--progress=plain \
--build-arg COMMIT_SHA \
--build-arg DATE \
--build-arg VERSION

0
docker-images/prometheus/build-bazel.sh → docker-images/prometheus-gcp/build-bazel.sh
View File

9
docker-images/prometheus-gcp/build-wolfi.sh
View File

@ -1,9 +0,0 @@
#!/usr/bin/env bash
set -ex
cd "$(dirname "${BASH_SOURCE[0]}")"
export BASE_IMAGE="gke.gcr.io/prometheus-engine/prometheus:v2.35.0-gmp.2-gke.0"
export IMAGE="${IMAGE:-sourcegraph/prometheus-gcp}"
../prometheus/build-wolfi.sh

6
docker-images/prometheus-gcp/build.sh
View File

@ -6,8 +6,4 @@ cd "$(dirname "${BASH_SOURCE[0]}")"
export BASE_IMAGE="gke.gcr.io/prometheus-engine/prometheus:v2.35.0-gmp.2-gke.0"
export IMAGE="${IMAGE:-sourcegraph/prometheus-gcp}"
if [[ "${DOCKER_BAZEL:-false}" == "true" ]]; then
../prometheus/build-bazel.sh
else
../prometheus/build.sh
fi
./build-bazel.sh

89
docker-images/prometheus/Dockerfile
View File

@ -1,89 +0,0 @@
# sourcegraph/prometheus - learn more about this image in https://docs.sourcegraph.com/dev/background-information/observability/prometheus
# Note: to be able to use an ARG with a FROM it has to be at the TOP of the Dockerfile
# This allows the base image to be substituted for a GCP image that ships metrics to managed Prometheus. Default base image is regular upstream Prometheus
# https://cloud.google.com/stackdriver/docs/managed-prometheus/setup-unmanaged#run-gmp
# To upgrade Prometheus or Alertmanager, see https://docs.sourcegraph.com/dev/background-information/observability/prometheus#upgrading-prometheus-or-alertmanager
ARG BASE_IMAGE="prom/prometheus:v2.42.0@sha256:5689a4360cf1479bbad944b1311a90b495546c498c46f48e44fa7e5ac6412191"
# https://github.com/hadolint/hadolint/issues/339
# hadolint ignore=DL3006
FROM ${BASE_IMAGE} AS prom_upstream
FROM prom/alertmanager:v0.25.0@sha256:db8303fa05341f5dc6b19b36a97325cd1b8307254ed9042a2c554af71f3c0284 AS am_upstream
# Build monitoring definitions
FROM sourcegraph/alpine-3.14:213466_2023-04-17_5.0-bdda34a71619@sha256:6354a4ff578b685e36c8fbde81f62125ae0011b047fb2cc22d1b0de616b3c59a AS monitoring_builder
RUN mkdir -p '/generated/prometheus'
COPY ./.bin/monitoring-generator /bin/monitoring-generator
RUN PROMETHEUS_DIR='/generated/prometheus' GRAFANA_DIR='' DOCS_DIR='' NO_PRUNE=true /bin/monitoring-generator
RUN ls '/generated/prometheus'
# Prepare final image
# hadolint ignore=DL3007
FROM quay.io/prometheus/busybox-linux-amd64:latest
# Should reflect versions above
LABEL com.sourcegraph.prometheus.version=v2.38.0
LABEL com.sourcegraph.alertmanager.version=v0.24.0
ARG COMMIT_SHA="unknown"
ARG DATE="unknown"
ARG VERSION="unknown"
LABEL org.opencontainers.image.revision=${COMMIT_SHA}
LABEL org.opencontainers.image.created=${DATE}
LABEL org.opencontainers.image.version=${VERSION}
LABEL org.opencontainers.image.url=https://sourcegraph.com/
LABEL org.opencontainers.image.source=https://github.com/sourcegraph/sourcegraph/
LABEL org.opencontainers.image.documentation=https://docs.sourcegraph.com/
# Prometheus - extended from https://github.com/prometheus/prometheus/blob/VERSION/Dockerfile
# Check the upstream image (replacing VERSION with the appropriate Prometheus version) when upgrading
COPY --from=prom_upstream /bin/prometheus /bin/prometheus
COPY --from=prom_upstream /bin/promtool /bin/promtool
COPY --from=prom_upstream /etc/prometheus/prometheus.yml /etc/prometheus/prometheus.yml
COPY --from=prom_upstream /usr/share/prometheus/console_libraries/ /usr/share/prometheus/console_libraries/
COPY --from=prom_upstream /usr/share/prometheus/consoles/ /usr/share/prometheus/consoles/
COPY --from=prom_upstream /LICENSE /LICENSE
COPY --from=prom_upstream /NOTICE /NOTICE
# hadolint ignore=DL3010
COPY --from=prom_upstream /npm_licenses.tar.bz2 /npm_licenses.tar.bz2
# Alertmanager - extended from https://github.com/prometheus/alertmanager/blob/VERSION/Dockerfile
# Check the upstream image (replacing VERSION with the appropriate Prometheus version) when upgrading
COPY --from=am_upstream /bin/alertmanager /bin/alertmanager
RUN ln -s /usr/share/prometheus/console_libraries /usr/share/prometheus/consoles/ /etc/prometheus/
# TODO(uwe): remove "USER root" line once https://github.com/prometheus/prometheus/issues/3441 is resolved
#
# This is needed currently because the upstream image has us running as "nobody"
# which cannot create the sourcegraph user below.
USER root
# Add the sourcegraph group, user, and create the home directory.
#
# We use a static GID/UID assignment to ensure files can be chown'd to this
# user on the host machine (where this user does not exist).
# See https://github.com/sourcegraph/sourcegraph/issues/1884
#
# Note: This mirrors what we do in e.g. our base alpine image: https://github.com/sourcegraph/sourcegraph/blob/main/docker-images/alpine/Dockerfile#L10-L15
RUN addgroup -g 101 -S sourcegraph && adduser -u 100 -S -G sourcegraph -h /home/sourcegraph sourcegraph
RUN mkdir -p /prometheus && chown -R sourcegraph:sourcegraph /prometheus
RUN mkdir -p /alertmanager && chown -R sourcegraph:sourcegraph /alertmanager
USER sourcegraph
COPY ./.bin/prom-wrapper /bin/prom-wrapper
COPY ./prometheus.sh /prometheus.sh
COPY ./alertmanager.sh /alertmanager.sh
# Copy config
COPY --from=monitoring_builder /generated/prometheus/* /sg_config_prometheus/
COPY config/*_rules.yml /sg_config_prometheus/
COPY config/prometheus.yml /sg_config_prometheus/
COPY config/alertmanager.yml /sg_config_prometheus/
ENTRYPOINT ["/bin/prom-wrapper"]
# Note that upstream's 'VOLUME' directive was deliberately removed. Including it makes it impossible
# to chmod the directory to our 'sourcegraph' user.
WORKDIR /prometheus
# Prometheus is reverse-proxied from 9092 to 9090
EXPOSE 9090

Some files were not shown because too many files have changed in this diff Show More