docker-starter icon indicating copy to clipboard operation
docker-starter copied to clipboard
verified publisher icon jolicode

Use a docker registry for cache

Open joelwurtz opened this issue 1 year ago • 4 comments

Fix https://github.com/jolicode/docker-starter/issues/252

WHat it does :

  • remove USER_ID features from dockerfile: Without this change the USER_ID make the image dependant on the system that run this command wich creates differents images and make them not shareable
  • run frontend / builder / worker as a specific user id : we don't use a named user anymore to avoid headcache when mapping it to a different user id
  • local and shared home directory : This allow to debug home directory and files created in it (like composer cache), allow end users to put special scripts in it (like a custom bashrc), and also allow to cache this folder or specific subfolders of this directory within the CI (like the composer / yarn cache)
  • command to generate a bake file which allow to push images to the registry
  • sudo : it use gosu to fake it since we don't have a named user, it also disable by default as it may be a security risk if image is used in production

joelwurtz avatar Feb 27 '24 14:02 joelwurtz

Is there a simple way to get sudo back? I need it quiet often

lyrixx avatar May 03 '24 07:05 lyrixx

Is there a simple way to get sudo back? I need it quiet often

done

joelwurtz avatar May 03 '24 09:05 joelwurtz

Hello,

Thanks for this PR!

I tested it on https://github.com/jolicode/qotd/pull/62 and

  • I miss some doc about how to use cache (not how to push, but how to get it). For example, on GHA, you have to re-install docker to make it work
  • By default, on my computer, I had to change the driver to add support for registry cache storage. It could be nice to explain how to do that 
    cat /etc/docker/daemon.json 
{
  "features": {
    "containerd-snapshotter": true
  }
}
  • However, cache is still missing on GHA
  • I also tried to create a VM, and the cache is missing there too 
    Vagrant.configure("2") do |config|
  config.vm.box = "debian/bookworm64"
  config.vm.synced_folder "/home/gregoire/dev/github.com/jolicode/qotd2", "/qotd"
  config.vm.provider "virtualbox" do |vb|
    vb.memory = "4096"
  end
  config.vm.provision "shell", inline: <<-SHELL
    apt-get update
    sudo apt-get update
    sudo apt-get install -y ca-certificates curl
    sudo install -m 0755 -d /etc/apt/keyrings
    sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
    sudo chmod a+r /etc/apt/keyrings/docker.asc

    # Add the repository to Apt sources:
    echo \
      "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
      $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
      sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
    sudo apt-get update

    sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

    sudo usermod -aG docker vagrant

    sudo wget https://github.com/jolicode/castor/releases/download/v0.17.1/castor.linux-amd64 -O /usr/local/bin/castor
    sudo chmod +x /usr/local/bin/castor

  SHELL
end

lyrixx avatar Jun 09 '24 09:06 lyrixx

Who push the cache ?

It is highly recommendend that cache is push by the CI, version of docker / config from where the cache is pushed need to be controled as special configuration or version may make him unshareable.

For the CI also i see this

image

Did you make sur that GHA has correct permissions to read this package ?

EDIT : In your case it miss the docker login step

joelwurtz avatar Jun 09 '24 09:06 joelwurtz