Add container build for metabase-enterprise-head (#14895)

* Add container build for metabase-enterprise-head * Add build argument * Delete script to build images

Add container build for metabase-enterprise-head (#14895)
cdb10a6a · Luis Paolini · GitHub · 07e258a3 · cdb10a6a · 07e258a3
Unverified Commit cdb10a6a authored 4 years ago by Luis Paolini Committed by GitHub 4 years ago
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,6 +4,8 @@

 FROM node:12.20.1-alpine as frontend

+ARG MB_EDITION=oss
+
 WORKDIR /app/source

 ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
@@ -19,6 +21,8 @@ RUN yarn install --frozen-lockfile
 # Build currently doesn't work on > Java 11 (i18n utils are busted) so build on 8 until we fix this
 FROM adoptopenjdk/openjdk8:alpine as backend

+ARG MB_EDITION=oss
+
 WORKDIR /app/source

 ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
@@ -44,6 +48,8 @@ RUN lein deps
 # Build currently doesn't work on > Java 11 (i18n utils are busted) so build on 8 until we fix this
 FROM adoptopenjdk/openjdk8:alpine as builder

+ARG MB_EDITION=oss
+
 WORKDIR /app/source

 ENV FC_LANG en-US LC_CTYPE en_US.UTF-8
@@ -67,13 +73,6 @@ RUN curl https://download.clojure.org/install/linux-install-1.10.1.708.sh -o /tm
  chmod +x /tmp/linux-install-1.10.1.708.sh && \
  sh /tmp/linux-install-1.10.1.708.sh

-# import AWS RDS cert into /etc/ssl/certs/java/cacerts
-RUN curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o rds-combined-ca-bundle.pem  && \
-  /opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias aws-rds \
-  -file rds-combined-ca-bundle.pem \
-  -keystore /etc/ssl/certs/java/cacerts \
-  -keypass changeit -storepass changeit
-
 COPY --from=frontend /app/source/. .
 COPY --from=backend /app/source/. .
 COPY --from=backend /root/. /root/
@@ -82,7 +81,7 @@ COPY --from=backend /root/. /root/
 COPY . .

 # build the app
-RUN INTERACTIVE=false bin/build
+RUN INTERACTIVE=false MB_EDITION=$MB_EDITION bin/build

 # ###################
 # # STAGE 2: runner
@@ -95,7 +94,14 @@ WORKDIR /app
 ENV FC_LANG en-US LC_CTYPE en_US.UTF-8

 # dependencies
-RUN apk -U upgrade && apk add --no-cache bash ttf-dejavu fontconfig
+RUN apk -U upgrade &&  \
+    apk add --update --no-cache bash ttf-dejavu fontconfig curl java-cacerts && \
+    mkdir -p /app/certs && \
+    curl https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem -o /app/certs/rds-combined-ca-bundle.pem  && \
+    /opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias aws-rds -file /app/certs/rds-combined-ca-bundle.pem -keystore /etc/ssl/certs/java/cacerts -keypass changeit -storepass changeit && \
+    curl https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem -o /app/certs/DigiCertGlobalRootG2.crt.pem  && \
+    /opt/java/openjdk/bin/keytool -noprompt -import -trustcacerts -alias azure-cert -file /app/certs/DigiCertGlobalRootG2.crt.pem -keystore /etc/ssl/certs/java/cacerts -keypass changeit -storepass changeit && \
+    mkdir -p /plugins && chmod a+rwx /plugins

 # add fixed cacerts
 COPY --from=builder /etc/ssl/certs/java/cacerts /opt/java/openjdk/lib/security/cacerts
@@ -105,9 +111,6 @@ RUN mkdir -p bin target/uberjar
 COPY --from=builder /app/source/target/uberjar/metabase.jar /app/target/uberjar/
 COPY --from=builder /app/source/bin/start /app/bin/

-# create the plugins directory, with writable permissions
-RUN mkdir -p /plugins && chmod a+rwx /plugins
-
 # expose our default runtime port
 EXPOSE 3000


--- a/bin/docker/build_image.sh
+++ b/bin/docker/build_image.sh
-#! /usr/bin/env bash
-
-set -e
-
-BASEDIR=$(dirname $0)
-PROJECT_ROOT="$BASEDIR/../.."
-
-DOCKERHUB_NAMESPACE=metabase
-
-if [ ! -z "$MB_EDITION" ] && [ "$MB_EDITION" != ee ] && [ "$MB_EDITION" != oss ]; then
-    echo "MB_EDITION must be either 'ee' or 'oss'."
-    exit 1
-fi
-
-BUILD_TYPE=$1
-if [ -z $BUILD_TYPE ]; then
-    echo "usage: $0 <source|release> <release-name> [--publish]"
-    exit 1
-fi
-
-MB_TAG=$2
-if [ -z $MB_TAG ]; then
-    echo "usage: $0 <source|release> <release-name> [--publish] [--latest]"
-    exit 1
-fi
-
-if [ "$3" == "--publish" ]; then
-    PUBLISH="YES"
-fi
-
-if [ "$4" == "--latest" ]; then
-    LATEST="YES"
-fi
-
-if [ "$PUBLISH" == "YES" ] && [ -z "$DOCKERHUB_USERNAME" -o -z "$DOCKERHUB_PASSWORD" ]; then
-    echo "In order to publish an image to Dockerhub you must set \$DOCKERHUB_USERNAME and \$DOCKERHUB_PASSWORD before running."
-    exit 1
-fi
-
-# TODO: verify we have access to docker cmd and minimum version?
-
-
-if [ "$BUILD_TYPE" == "release" ]; then
-    if [ "$MB_EDITION" = ee ]; then
-        DOCKERHUB_REPO=metabase-enterprise
-    else
-        DOCKERHUB_REPO=metabase
-    fi
-
-    DOCKER_IMAGE="${DOCKERHUB_NAMESPACE}/${DOCKERHUB_REPOSITORY}:${MB_TAG}"
-
-    echo "Building Docker image ${DOCKER_IMAGE} from official Metabase release ${MB_TAG}"
-
-    # download the official version of Metabase which matches our tag
-    curl -L -f -o ${BASEDIR}/metabase.jar https://downloads.metabase.com/enterprise/${MB_TAG}/metabase.jar
-
-    if [[ $? -ne 0 ]]; then
-        echo "Download failed!"
-        exit 1
-    fi
-else
-    DOCKERHUB_REPOSITORY=metabase-head
-    DOCKER_IMAGE="${DOCKERHUB_NAMESPACE}/${DOCKERHUB_REPOSITORY}:${MB_TAG}"
-
-    echo "Building Docker image ${DOCKER_IMAGE} from local source"
-
-    # trigger a full build
-    ${PROJECT_ROOT}/bin/build
-
-    if [ $? -eq 1 ]; then
-        echo "Build failed!"
-        exit 1
-    fi
-
-    # copy our built uberjar so that we can add it to our image
-    cp ${PROJECT_ROOT}/target/uberjar/metabase.jar ${BASEDIR}/metabase.jar
-fi
-
-
-# now tell docker to build our image
-# TODO: —-no-cache=true
-docker build -t ${DOCKER_IMAGE} $BASEDIR
-
-# TODO: validate our built docker image
-
-
-if [ "$PUBLISH" == "YES" ]; then
-    echo "Publishing image ${DOCKER_IMAGE} to Dockerhub"
-
-    # make sure that we are logged into dockerhub
-    docker login --username="${DOCKERHUB_USERNAME}" --password="${DOCKERHUB_PASSWORD}"
-
-    # push the built image to dockerhub
-    docker push ${DOCKER_IMAGE}
-
-    # TODO: quick check against dockerhub to see that our new image made it
-
-    if [ "$LATEST" == "YES" ]; then
-        # tag our recent versioned image as "latest"
-        docker tag -f ${DOCKER_IMAGE} ${DOCKERHUB_NAMESPACE}/${DOCKERHUB_REPOSITORY}:latest
-
-        # then push it as well
-        docker push ${DOCKERHUB_NAMESPACE}/${DOCKERHUB_REPOSITORY}:latest
-
-        # TODO: validate push succeeded
-    fi
-fi
-
-# TODO: cleanup after ourselves and remove the Metabase binary we downloaded
-rm -f ${BASEDIR}/metabase.jar
-
-echo "Done"