ioc: copy locally installed software from build stages. #55
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ericonr
requested changes
Mar 28, 2024
Dockerfile
Outdated
| FROM base AS no-build | ||
|
|
||
| COPY --from=build-image /opt /opt | ||
| COPY --from=build-image /usr/local /usr/local |
There was a problem hiding this comment.
Don't we have scripts here which are only relevant for the image build phase? 🤔
Like lnls-get-n-unpack
There was a problem hiding this comment.
You are right. But after-build stages wouldn't be aware of such things. We must remove everything (including lnls-get-n-unpack) beforehand if we don't want it to be in the final image, otherwise we won't shrink the image size (which is related to #19).
There was a problem hiding this comment.
So it makes sense to wait for #59 before merging this. What do you think?
There was a problem hiding this comment.
I'm okay with it.
Extra software may be built in the first stages, but are currently not available in the resulting IOC image. Copy the entire `/usr/local` tree in all IOC stages, so that locally installed binaries, libraries and configuration files can be used at runtime. This allows us to build patched versions of tools (e.g. procServ) during build phases and install them at IOC images, centralizing and making it easier to track how they are built. In addition, IOCs can also install custom files which will be available at runtime in a known location. Also, IOCs themselves can also be installed in FHS-compliant paths [1] inside the container as any other packaged software, allowing them the use of conventional system software in a straightforward manner (such as `env` executable discovery). [1] https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Software, other than shared libraries, may be built in the first stages, but are currently not available in the resulting IOC image. Copy the entire
/usr/localtree in all IOC stages, so that locally installed binaries and configuration can be usable at runtime.This allows us to build custom versions of applications during build phases and install them at IOC images, centralizing and making it easier to track how they are built. In addition, IOCs can also install custom files which will be available at runtime in a known location. Still, IOCs themselves can also be installed in FHS-compliant paths inside the container as any other packaged software, allowing them to make use of tools based on system-installed artifacts (such as
envexecutable discovery).