sourcegraph

mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 14:31:56 +00:00

History

Anish Lakhwara d47b4cc48b fix(build): update wolfi image lock for otel (#63755 ) <!-- PR description tips: https://www.notion.so/sourcegraph/Write-a-good-pull-request-description-610a7fd3e613496eb76f450db5a49b6e --> We need to update the wolfi lock image for https://github.com/sourcegraph/sourcegraph/pull/63171 in order for `sg run` to work We've made all the changes to the deployment repos for this to be pushed out in the release today. ## Test plan <!-- REQUIRED; info at https://docs-legacy.sourcegraph.com/dev/background-information/testing_principles --> Manually tested ## Changelog <!-- OPTIONAL; info at https://www.notion.so/sourcegraph/Writing-a-changelog-entry-dd997f411d524caabf0d8d38a24a878c --> - fix(build): update wolfi lock for otel-collector		2024-07-10 10:23:11 -07:00
..
cloud-mi2-base	Publish a cloud-mi2 base image for use in the cloud repo (#62046 )	2024-04-26 11:59:53 +01:00
sourcegraph-base	Publish sourcegraph-base image (#62002 )	2024-04-19 14:44:06 +01:00
sourcegraph-dev	Publish sourcegraph-dev image (#63031 )	2024-06-03 14:41:54 +01:00
.gitignore	Add sg commands to build wolfi packages and images locally (#55316 )	2023-07-28 09:23:25 +01:00
appliance.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
appliance.yaml	feat(appliance): appliance docker container (#63357 )	2024-06-27 17:09:13 +00:00
batcheshelper.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
batcheshelper.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
blobstore.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
blobstore.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
BUILD.bazel	Build images end-to-end using Bazel v2 (#61845 )	2024-04-12 16:18:43 +01:00
bundled-executor.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
bundled-executor.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
caddy.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
caddy.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
cadvisor.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
cadvisor.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
cloud-mi2.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
cloud-mi2.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
defs.bzl	chore(bazel): don't stamp yq rule for wolfi base images (#63470 )	2024-06-25 16:19:45 +01:00
executor-kubernetes.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
executor-kubernetes.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
executor.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
executor.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
gitserver.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
gitserver.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
grafana.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
grafana.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
jaeger-agent.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
jaeger-agent.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
jaeger-all-in-one.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
jaeger-all-in-one.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
node-exporter.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
node-exporter.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
opentelemetry-collector.lock.json	fix(build): update wolfi image lock for otel (#63755 )	2024-07-10 10:23:11 -07:00
opentelemetry-collector.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
postgres-exporter.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
postgres-exporter.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
postgresql-12-codeinsights.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
postgresql-12-codeinsights.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
postgresql-12.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
postgresql-12.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
prometheus.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
prometheus.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
README.md	fix: update links for dev docs (#62758 )	2024-05-17 13:47:34 +02:00
rebuild-images.sh	Wolfi - simplify images (#52138 )	2023-05-19 15:00:14 -04:00
redis-exporter.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
redis-exporter.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
redis.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
redis.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
repo-updater.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
repo-updater.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
repo.bzl	Build our own caddy image (#61881 )	2024-04-15 17:10:14 +01:00
search-indexer.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
search-indexer.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
searcher.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
searcher.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
server.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
server.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
sourcegraph-base.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
sourcegraph-base.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
sourcegraph-dev.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
sourcegraph-dev.yaml	Publish sourcegraph-dev image (#63031 )	2024-06-03 14:41:54 +01:00
sourcegraph-template.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
sourcegraph-template.yaml	Upgrade git to 2.45.0 and unpin old cURL version (#62282 )	2024-04-30 17:52:52 +02:00
symbols.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
symbols.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00
syntax-highlighter.lock.json	security: Auto-update package lockfiles for Sourcegraph base images (#63606 )	2024-07-10 09:21:27 +01:00
syntax-highlighter.yaml	Revert publishing wolfi base images (#62117 )	2024-04-25 11:33:00 +01:00

README.md

Wolfi base images for Sourcegraph containers

Rather than building our containers on top of an upstream image like alpine:latest, at Sourcegraph we build our own containers entirely from scratch using Bazel and apko.

This directory contains the configuration for each of our base images. Base images contain all the dependencies that the various components of Sourcegraph require in order to run, such as packages, users, groups, directores, and environment variables. For example, the gitserver configuration file ensures that Git is installed.

To create the final images that are shipped and deployed, we take the base image and use Bazel to build and add our own binaries on top.

The structure of this directory is:

<image>.yaml - apko configuration that declares the set of packages, users & groups, directories, and envars for each base image
<image>.lock.json - a lockfile which contains precise versions and hashes of packages, used by Bazel for reproducible builds. Generated from <image>.yaml using sg wolfi lock.

Getting started

See the Add and Update Wolfi Base Images docs for guides to add new images and updating existing images. For more background, see the Wolfi docs.

Quickstart

sg wolfi lock gitserver - update the .lock.json for gitserver with the latest set of package versions
sg wolfi image gitserver - build the gitserver base image

High-level Architecture

   file
  ┌──────────┐
  │          │
  │          │
  │   YAML   ├────────┐
  │          │        │          sg wolfi image <image>
  │          │        │                                            bazel target
  └─────┬────┘        │                   OR                      ┌─────────────────────┐
        │             │                                           │                     │
        │             │     bazel build //<image>/:base_image     │                     │
   sg wolfi lock      ├──────────────────────────────────────────►│     :base_image     │
   (manual step)      │                                           │                     │
        │             │                                           │                     │
   file │             │                                           └──────────┬──────────┘
  ┌─────▼─────┐       │                                                      │
  │           │       │                                                      │
  │           │       │                                                      │
  │ Lockfile  ├───────┘                                                      │
  │           │            ┌─────────────────────────────────────────────────┘
  │           │            │
  └───────────┘            │
                           │
                           │      bazel rule
                           │     ┌──────────────────────────────────────┐
                           │     │                                      │
                           │     │  oci_image(                          │
                           │     │                                      │
                           │     │    name = "image"                    │
                           │     │                                      │
                           └─────┼──► base = ":base_image"              │
    Bazel-genenarated            │                                      │
    binaries and      ───────────┼──► tars = ":tar_sourcegraph_binary"  │
    other resources              │                                      │
                                 │    [...]                             │
                                 │                                      │
                                 │  )                                   │
                                 │                                      │
                                 └──────────────────────────────────────┘