mirror of
https://github.com/sourcegraph/sourcegraph.git
synced 2026-02-06 14:11:44 +00:00
d24e8fe7f3
Draft in case plan in https://linear.app/sourcegraph/issue/REL-309/release-process-for-appliance not agreed. Please see that first. Generated by: ``` git log --format=%H d47b4cc48b6ea27cf6b5a274b79a6a4c8f38cf8c..origin/main -- cmd/appliance internal/appliance docker-images/appliance-frontend | tac | xargs git cherry-pick ``` |
||
|---|---|---|
| .. | ||
| cloud-mi2-base | ||
| sourcegraph-base | ||
| sourcegraph-dev | ||
| .gitignore | ||
| appliance-frontend.lock.json | ||
| appliance-frontend.yaml | ||
| appliance.lock.json | ||
| appliance.yaml | ||
| batcheshelper.lock.json | ||
| batcheshelper.yaml | ||
| blobstore.lock.json | ||
| blobstore.yaml | ||
| BUILD.bazel | ||
| bundled-executor.lock.json | ||
| bundled-executor.yaml | ||
| caddy.lock.json | ||
| caddy.yaml | ||
| cadvisor.lock.json | ||
| cadvisor.yaml | ||
| cloud-mi2.lock.json | ||
| cloud-mi2.yaml | ||
| defs.bzl | ||
| executor-kubernetes.lock.json | ||
| executor-kubernetes.yaml | ||
| executor.lock.json | ||
| executor.yaml | ||
| gitserver.lock.json | ||
| gitserver.yaml | ||
| grafana.lock.json | ||
| grafana.yaml | ||
| jaeger-agent.lock.json | ||
| jaeger-agent.yaml | ||
| jaeger-all-in-one.lock.json | ||
| jaeger-all-in-one.yaml | ||
| node-exporter.lock.json | ||
| node-exporter.yaml | ||
| opentelemetry-collector.lock.json | ||
| opentelemetry-collector.yaml | ||
| postgres-exporter.lock.json | ||
| postgres-exporter.yaml | ||
| postgresql-12-codeinsights.lock.json | ||
| postgresql-12-codeinsights.yaml | ||
| postgresql-12.lock.json | ||
| postgresql-12.yaml | ||
| prometheus.lock.json | ||
| prometheus.yaml | ||
| README.md | ||
| rebuild-images.sh | ||
| redis-exporter.lock.json | ||
| redis-exporter.yaml | ||
| redis.lock.json | ||
| redis.yaml | ||
| repo-updater.lock.json | ||
| repo-updater.yaml | ||
| repo.bzl | ||
| search-indexer.lock.json | ||
| search-indexer.yaml | ||
| searcher.lock.json | ||
| searcher.yaml | ||
| server.lock.json | ||
| server.yaml | ||
| sourcegraph-base.lock.json | ||
| sourcegraph-base.yaml | ||
| sourcegraph-dev.lock.json | ||
| sourcegraph-dev.yaml | ||
| sourcegraph-template.lock.json | ||
| sourcegraph-template.yaml | ||
| symbols.lock.json | ||
| symbols.yaml | ||
| syntax-highlighter.lock.json | ||
| syntax-highlighter.yaml | ||
Wolfi base images for Sourcegraph containers
Rather than building our containers on top of an upstream image like alpine:latest, at Sourcegraph we build our own containers entirely from scratch using Bazel and apko.
This directory contains the configuration for each of our base images. Base images contain all the dependencies that the various components of Sourcegraph require in order to run, such as packages, users, groups, directores, and environment variables. For example, the gitserver configuration file ensures that Git is installed.
To create the final images that are shipped and deployed, we take the base image and use Bazel to build and add our own binaries on top.
The structure of this directory is:
<image>.yaml- apko configuration that declares the set of packages, users & groups, directories, and envars for each base image<image>.lock.json- a lockfile which contains precise versions and hashes of packages, used by Bazel for reproducible builds. Generated from<image>.yamlusingsg wolfi lock.
Getting started
See the Add and Update Wolfi Base Images docs for guides to add new images and updating existing images. For more background, see the Wolfi docs.
Quickstart
sg wolfi lock gitserver- update the.lock.jsonfor gitserver with the latest set of package versionssg wolfi image gitserver- build the gitserver base image
High-level Architecture
file
┌──────────┐
│ │
│ │
│ YAML ├────────┐
│ │ │ sg wolfi image <image>
│ │ │ bazel target
└─────┬────┘ │ OR ┌─────────────────────┐
│ │ │ │
│ │ bazel build //<image>/:base_image │ │
sg wolfi lock ├──────────────────────────────────────────►│ :base_image │
(manual step) │ │ │
│ │ │ │
file │ │ └──────────┬──────────┘
┌─────▼─────┐ │ │
│ │ │ │
│ │ │ │
│ Lockfile ├───────┘ │
│ │ ┌─────────────────────────────────────────────────┘
│ │ │
└───────────┘ │
│
│ bazel rule
│ ┌──────────────────────────────────────┐
│ │ │
│ │ oci_image( │
│ │ │
│ │ name = "image" │
│ │ │
└─────┼──► base = ":base_image" │
Bazel-genenarated │ │
binaries and ───────────┼──► tars = ":tar_sourcegraph_binary" │
other resources │ │
│ [...] │
│ │
│ ) │
│ │
└──────────────────────────────────────┘