diff --git a/.github/workflows/build-ruby.yml b/.github/workflows/build-ruby.yml index 3306231..3085c3d 100644 --- a/.github/workflows/build-ruby.yml +++ b/.github/workflows/build-ruby.yml @@ -217,6 +217,11 @@ jobs: "containerd-snapshotter": true } } + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + with: + persist-credentials: false + fetch-depth: 20 - name: Set variables id: vars run: | @@ -227,11 +232,8 @@ jobs: echo "TAG=${{ matrix.version }}-${{ matrix.libc }}-gha${{ github.run_id }}-g${{ github.sha }}" >> $GITHUB_OUTPUT echo "DOCKERFILE=src/engines/${{ matrix.engine }}/${{ matrix.version }}/Dockerfile.${{ matrix.libc }}" >> $GITHUB_OUTPUT echo "DOCKER_PLATFORMS=$(echo ${{ join(matrix.arch) }} | tr ',' '\n' | sed 's/^/linux\//' | paste -s -d, -)" >> $GITHUB_OUTPUT - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - with: - persist-credentials: false - fetch-depth: 2 + echo "REPRO_RUN_KEY=$(cat .repro_run_key)" >> $GITHUB_OUTPUT + echo "SOURCE_DATE_EPOCH=315532800" >> $GITHUB_OUTPUT # 1980-01-01 00:00:00 UTC # First, build image for x86_64 as it will fail fast # @@ -241,24 +243,24 @@ jobs: if: ${{ contains(matrix.arch, 'x86_64') }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=false --platform linux/x86_64 -f ${{ steps.vars.outputs.DOCKERFILE }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=false --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform linux/x86_64 -f ${{ steps.vars.outputs.DOCKERFILE }} - name: Tag single-arch image (x86_64) if: ${{ contains(matrix.arch, 'x86_64') }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --load --platform linux/x86_64 -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --load --platform linux/x86_64 --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} - name: Test single-arch image (x86_64) if: ${{ contains(matrix.arch, 'x86_64') }} run: | @@ -274,24 +276,24 @@ jobs: if: ${{ contains(matrix.arch, 'x86_64') }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --load --platform linux/x86_64 -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --load --platform linux/x86_64 --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }} - name: Build single-arch compiler image (x86_64) if: ${{ contains(matrix.arch, 'x86_64') && matrix.libc == 'musl' }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=false --platform linux/x86_64 -f ${{ steps.vars.outputs.DOCKERFILE }}.gcc + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=false --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform linux/x86_64 -f ${{ steps.vars.outputs.DOCKERFILE }}.gcc # TODO: add CI tag and test # Then, build image for aarch64 which, being emulated under qemu, is slower @@ -307,24 +309,24 @@ jobs: if: ${{ contains(matrix.arch, 'aarch64') }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=false --platform linux/aarch64 -f ${{ steps.vars.outputs.DOCKERFILE }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=false --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform linux/aarch64 -f ${{ steps.vars.outputs.DOCKERFILE }} - name: Tag single-arch image (aarch64) if: ${{ contains(matrix.arch, 'aarch64') }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --load --platform linux/aarch64 -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --load --platform linux/aarch64 --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} - name: Test single-arch image (aarch64) if: ${{ contains(matrix.arch, 'aarch64') }} run: | @@ -340,24 +342,24 @@ jobs: if: ${{ contains(matrix.arch, 'aarch64') }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --load --platform linux/aarch64 -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --load --platform linux/aarch64 --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }} - name: Build single-arch compiler image (aarch64) if: ${{ contains(matrix.arch, 'aarch64') && matrix.libc == 'musl' }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=false --platform linux/aarch64 -f ${{ steps.vars.outputs.DOCKERFILE }}.gcc + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=false --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform linux/aarch64 -f ${{ steps.vars.outputs.DOCKERFILE }}.gcc # TODO: add CI tag and test # Finally, assemble multi-arch image for a combined push to the registry @@ -369,71 +371,71 @@ jobs: - name: Push CI run image (${{ join(matrix.arch, ', ') }}) run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.TAG }} - name: Push commit image (${{ join(matrix.arch, ', ') }}) run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${{ github.sha }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${{ github.sha }} - name: Push release image (${{ join(matrix.arch, ', ') }}) if: ${{ inputs.push }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }} # TODO: hardcoded, reuse strip-tags directive instead (or better, unify gnu) - name: Push unqualified release image (${{ join(matrix.arch, ', ') }}) if: ${{ inputs.push && matrix.libc == 'gnu' }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ matrix.version }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ matrix.version }} # TODO: hardcoded, reuse append-tags directive instead (or better, unify gnu+centos) - name: Push commit compiler image (${{ join(matrix.arch, ', ') }}) if: ${{ matrix.libc == 'gnu' || matrix.libc == 'centos' }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${{ github.sha }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${{ github.sha }} - name: Push release compiler image (${{ join(matrix.arch, ', ') }}) if: ${{ inputs.push && (matrix.libc == 'gnu' || matrix.libc == 'centos') }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${sha}) done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }} --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc # TODO: hardcoded musl, unify gnu instead - name: Remove dependency local image (${{ join(matrix.arch, ', ') }}) @@ -444,7 +446,7 @@ jobs: if: ${{ matrix.libc == 'musl' }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${sha}) @@ -452,12 +454,12 @@ jobs: done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc) cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }}.gcc --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${{ github.sha }} + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }}.gcc --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${{ github.sha }} - name: Push release compiler image (${{ join(matrix.arch, ', ') }}) if: ${{ inputs.push && matrix.libc == 'musl' }} run: | cache_from=() - parents=( $(git rev-list --parents -n 1 ${{ github.sha }}) ) + parents=( $(git rev-list --parents -n 10 ${{ github.sha }}) ) for sha in "${parents[@]}"; do echo "${sha}" cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc-g${sha}) @@ -465,4 +467,4 @@ jobs: done cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc) cache_from+=(--cache-from=type=registry,ref=${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}) - docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }}.gcc --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc + docker buildx build ${{ steps.vars.outputs.SRC }} "${cache_from[@]}" --output=type=image,push=true --build-arg REPRO_RUN_KEY=${{ steps.vars.outputs.REPRO_RUN_KEY }} --build-arg SOURCE_DATE_EPOCH=${{ steps.vars.outputs.SOURCE_DATE_EPOCH }} --build-arg BUILDKIT_INLINE_CACHE=1 --platform ${{ steps.vars.outputs.DOCKER_PLATFORMS }} -f ${{ steps.vars.outputs.DOCKERFILE }}.gcc --tag ${{ steps.vars.outputs.IMAGE }}:${{ steps.vars.outputs.RELEASE_TAG }}-gcc diff --git a/.repro_run_key b/.repro_run_key new file mode 100644 index 0000000..928a579 --- /dev/null +++ b/.repro_run_key @@ -0,0 +1 @@ +1750836296 diff --git a/src/engines/jruby/9.2/Dockerfile.gnu b/src/engines/jruby/9.2/Dockerfile.gnu index ba7cf3c..b376537 100644 --- a/src/engines/jruby/9.2/Dockerfile.gnu +++ b/src/engines/jruby/9.2/Dockerfile.gnu @@ -59,16 +59,15 @@ ENV PATH /opt/jruby/bin:$PATH RUN mkdir -p /opt/jruby/etc \ && echo -e 'install: --no-document\nupdate: --no-document' >> /opt/jruby/etc/gemrc -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. + +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.3.26 diff --git a/src/engines/jruby/9.3/Dockerfile.gnu b/src/engines/jruby/9.3/Dockerfile.gnu index 6e6a6ad..a45d381 100644 --- a/src/engines/jruby/9.3/Dockerfile.gnu +++ b/src/engines/jruby/9.3/Dockerfile.gnu @@ -59,16 +59,14 @@ ENV PATH /opt/jruby/bin:$PATH RUN mkdir -p /opt/jruby/etc \ && echo -e 'install: --no-document\nupdate: --no-document' >> /opt/jruby/etc/gemrc -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.3.26 diff --git a/src/engines/jruby/9.4/Dockerfile.gnu b/src/engines/jruby/9.4/Dockerfile.gnu index ca87f82..1ed9776 100644 --- a/src/engines/jruby/9.4/Dockerfile.gnu +++ b/src/engines/jruby/9.4/Dockerfile.gnu @@ -59,16 +59,14 @@ ENV PATH /opt/jruby/bin:$PATH RUN mkdir -p /opt/jruby/etc \ && echo -e 'install: --no-document\nupdate: --no-document' >> /opt/jruby/etc/gemrc -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.5.21 diff --git a/src/engines/ruby/2.1/Dockerfile.gnu b/src/engines/ruby/2.1/Dockerfile.gnu index fd941ac..17324c4 100644 --- a/src/engines/ruby/2.1/Dockerfile.gnu +++ b/src/engines/ruby/2.1/Dockerfile.gnu @@ -88,15 +88,14 @@ RUN set -ex \ # && gem install bundler --version "$BUNDLER_VERSION" --force \ # && rm -r /root/.gem/ -# install things globally, for great justice -# and don't create ".bundle" in all our apps +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" CMD [ "irb" ] @@ -144,16 +143,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 2.7.11 diff --git a/src/engines/ruby/2.2/Dockerfile.gnu b/src/engines/ruby/2.2/Dockerfile.gnu index 96b10e0..b305f56 100644 --- a/src/engines/ruby/2.2/Dockerfile.gnu +++ b/src/engines/ruby/2.2/Dockerfile.gnu @@ -92,15 +92,14 @@ RUN set -ex \ # && gem install bundler --version "$BUNDLER_VERSION" --force \ # && rm -r /root/.gem/ -# install things globally, for great justice -# and don't create ".bundle" in all our apps +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" CMD [ "irb" ] @@ -148,16 +147,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 2.7.11 diff --git a/src/engines/ruby/2.3/Dockerfile.gnu b/src/engines/ruby/2.3/Dockerfile.gnu index 21f9a5a..437b191 100644 --- a/src/engines/ruby/2.3/Dockerfile.gnu +++ b/src/engines/ruby/2.3/Dockerfile.gnu @@ -49,16 +49,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.3.26 diff --git a/src/engines/ruby/2.4/Dockerfile.gnu b/src/engines/ruby/2.4/Dockerfile.gnu index f853a41..990feb5 100644 --- a/src/engines/ruby/2.4/Dockerfile.gnu +++ b/src/engines/ruby/2.4/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.3.26 diff --git a/src/engines/ruby/2.5/Dockerfile.gnu b/src/engines/ruby/2.5/Dockerfile.gnu index c67562a..044c3ae 100644 --- a/src/engines/ruby/2.5/Dockerfile.gnu +++ b/src/engines/ruby/2.5/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.3.26 diff --git a/src/engines/ruby/2.6/Dockerfile.gnu b/src/engines/ruby/2.6/Dockerfile.gnu index 7c1ef80..907bd97 100644 --- a/src/engines/ruby/2.6/Dockerfile.gnu +++ b/src/engines/ruby/2.6/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.3.26 diff --git a/src/engines/ruby/2.7/Dockerfile.gnu b/src/engines/ruby/2.7/Dockerfile.gnu index 427a566..af6412a 100644 --- a/src/engines/ruby/2.7/Dockerfile.gnu +++ b/src/engines/ruby/2.7/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.3.26 diff --git a/src/engines/ruby/3.0/Dockerfile.gnu b/src/engines/ruby/3.0/Dockerfile.gnu index 5015153..9e14f9b 100644 --- a/src/engines/ruby/3.0/Dockerfile.gnu +++ b/src/engines/ruby/3.0/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.5.21 diff --git a/src/engines/ruby/3.1/Dockerfile.gnu b/src/engines/ruby/3.1/Dockerfile.gnu index 0c14e39..5972528 100644 --- a/src/engines/ruby/3.1/Dockerfile.gnu +++ b/src/engines/ruby/3.1/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.5.21 diff --git a/src/engines/ruby/3.2/Dockerfile.gnu b/src/engines/ruby/3.2/Dockerfile.gnu index e3a5fd6..a069069 100644 --- a/src/engines/ruby/3.2/Dockerfile.gnu +++ b/src/engines/ruby/3.2/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.5.21 diff --git a/src/engines/ruby/3.3/Dockerfile.gnu b/src/engines/ruby/3.3/Dockerfile.gnu index 67208a0..cd42095 100644 --- a/src/engines/ruby/3.3/Dockerfile.gnu +++ b/src/engines/ruby/3.3/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.5.21 diff --git a/src/engines/ruby/3.4/Dockerfile.gnu b/src/engines/ruby/3.4/Dockerfile.gnu index 425805e..8a907e0 100644 --- a/src/engines/ruby/3.4/Dockerfile.gnu +++ b/src/engines/ruby/3.4/Dockerfile.gnu @@ -45,16 +45,14 @@ ENV LANGUAGE en_US:en # Ensure consistent timezone RUN ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime -# Install things at a specific path and create ".bundle" in there as well: -# This prevents pollution of an app volume and makes the bundle path mountable -# as a volume as well. +# don't create ".bundle" in all our apps ENV GEM_HOME /usr/local/bundle -ENV BUNDLE_BIN="$GEM_HOME/bin" \ - BUNDLE_SILENCE_ROOT_WARNING=1 \ +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ BUNDLE_APP_CONFIG="$GEM_HOME" -ENV PATH $BUNDLE_BIN:$PATH -RUN mkdir -p "$GEM_HOME" "$BUNDLE_BIN" \ - && chmod 777 "$GEM_HOME" "$BUNDLE_BIN" +ENV PATH $GEM_HOME/bin:$PATH + +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" ## Install a pinned RubyGems and Bundler RUN gem update --system 3.5.21 diff --git a/tasks/docker.rake b/tasks/docker.rake index a482931..60bfcb7 100644 --- a/tasks/docker.rake +++ b/tasks/docker.rake @@ -13,6 +13,10 @@ namespace :docker do NINETYEIGHTY end + def repro_run_key + @repro_run_key ||= File.exist?(".repro_run_key") ? Integer(File.read(".repro_run_key").strip) : 0 + end + def repository # TODO: rename to registry/registry host/user/path "ghcr.io/datadog/images-rb" end @@ -283,7 +287,7 @@ namespace :docker do next if !force && satisfied?(-> { image_time("#{image}:#{tag}") }, deps) - sh "docker buildx build --platform #{platforms.join(",")} --cache-from=type=registry,ref=#{image}:#{tag} --output=type=image,push=#{push} --build-arg SOURCE_DATE_EPOCH=#{source_date_epoch} --build-arg BUILDKIT_INLINE_CACHE=1 -f #{dockerfile} -t #{image}:#{tag} #{context}" + sh "docker buildx build --platform #{platforms.join(",")} --cache-from=type=registry,ref=#{image}:#{tag} --output=type=image,push=#{push} --build-arg REPRO_RUN_KEY=#{repro_run_key} --build-arg SOURCE_DATE_EPOCH=#{source_date_epoch} --build-arg BUILDKIT_INLINE_CACHE=1 -f #{dockerfile} -t #{image}:#{tag} #{context}" end end