Add a Dockerfile for the Pulumi CLI
This introduces a Dockerfile for the Pulumi CLI. This makes it
easier to develop and test the engine in a self-contained environment,
in addition to being suitable for running the actual CLI itself.
For instance,
$ docker run pulumi/pulumi -e "PULUMI_ACCESS_TOKEN=x" up
will run the Pulumi program mounted under the /app volume. This will
be used in some upcoming CI/CD scenarios.
This uses multi-stage builds, and Debian Stretch as the base, for
relatively fast and lean build times and resulting images. We are
intentional about restoring dep packages independent of the actual
source code so that we don't end up needlessly re-depping, which can
consume quite a bit of time. After fixing
https://github.com/pulumi/pulumi/issues/1986, we should explore an
Alpine base image option.
I made the decision to keep this image scoped to just the Go builds.
Therefore, none of the actual SDK packages themselves are built, just
the engine, CLI, and language plugins for Node.js, Python, and Go.
It's possible to create a mega-container that has all of these full
environments so that we can rebuild them too, but for now I figured
it was better to rely on package management for them.
Another alternative would have been to install released binaries,
rather than building them. To keep the useful flow for development,
however, I decided to go the build route for now. If we build at the
same hashes, the resulting binaries "should" be ~identical anyhow.
I've created a pulumi/pulumi Docker Hub repo that we can publish this
into. For now, there is no CI publishing of the image.
This fixes pulumi/pulumi#1991.
2018-09-29 20:43:35 +02:00
|
|
|
# Build the image in a distinct stage so we don't need the Golang SDK.
|
|
|
|
FROM golang:1.11-stretch as builder
|
|
|
|
|
2018-09-29 23:36:34 +02:00
|
|
|
# Change directories and place the minimal build scripts we need to start installing things.
|
|
|
|
WORKDIR /go/src/github.com/pulumi/pulumi
|
|
|
|
COPY ./build/ ./build/
|
|
|
|
|
Add a Dockerfile for the Pulumi CLI
This introduces a Dockerfile for the Pulumi CLI. This makes it
easier to develop and test the engine in a self-contained environment,
in addition to being suitable for running the actual CLI itself.
For instance,
$ docker run pulumi/pulumi -e "PULUMI_ACCESS_TOKEN=x" up
will run the Pulumi program mounted under the /app volume. This will
be used in some upcoming CI/CD scenarios.
This uses multi-stage builds, and Debian Stretch as the base, for
relatively fast and lean build times and resulting images. We are
intentional about restoring dep packages independent of the actual
source code so that we don't end up needlessly re-depping, which can
consume quite a bit of time. After fixing
https://github.com/pulumi/pulumi/issues/1986, we should explore an
Alpine base image option.
I made the decision to keep this image scoped to just the Go builds.
Therefore, none of the actual SDK packages themselves are built, just
the engine, CLI, and language plugins for Node.js, Python, and Go.
It's possible to create a mega-container that has all of these full
environments so that we can rebuild them too, but for now I figured
it was better to rely on package management for them.
Another alternative would have been to install released binaries,
rather than building them. To keep the useful flow for development,
however, I decided to go the build route for now. If we build at the
same hashes, the resulting binaries "should" be ~identical anyhow.
I've created a pulumi/pulumi Docker Hub repo that we can publish this
into. For now, there is no CI publishing of the image.
This fixes pulumi/pulumi#1991.
2018-09-29 20:43:35 +02:00
|
|
|
# Install pre-reqs.
|
|
|
|
# - Update apt-get sources
|
|
|
|
RUN apt-get update -y
|
|
|
|
# - Dep, for Go package management
|
2018-09-29 23:36:34 +02:00
|
|
|
RUN . ./build/tool-versions.sh && \
|
|
|
|
curl -L -o "$(go env GOPATH)/bin/dep" \
|
|
|
|
https://github.com/golang/dep/releases/download/v${DEP_VERSION}/dep-linux-amd64 && \
|
|
|
|
chmod +x "$(go env GOPATH)/bin/dep"
|
Add a Dockerfile for the Pulumi CLI
This introduces a Dockerfile for the Pulumi CLI. This makes it
easier to develop and test the engine in a self-contained environment,
in addition to being suitable for running the actual CLI itself.
For instance,
$ docker run pulumi/pulumi -e "PULUMI_ACCESS_TOKEN=x" up
will run the Pulumi program mounted under the /app volume. This will
be used in some upcoming CI/CD scenarios.
This uses multi-stage builds, and Debian Stretch as the base, for
relatively fast and lean build times and resulting images. We are
intentional about restoring dep packages independent of the actual
source code so that we don't end up needlessly re-depping, which can
consume quite a bit of time. After fixing
https://github.com/pulumi/pulumi/issues/1986, we should explore an
Alpine base image option.
I made the decision to keep this image scoped to just the Go builds.
Therefore, none of the actual SDK packages themselves are built, just
the engine, CLI, and language plugins for Node.js, Python, and Go.
It's possible to create a mega-container that has all of these full
environments so that we can rebuild them too, but for now I figured
it was better to rely on package management for them.
Another alternative would have been to install released binaries,
rather than building them. To keep the useful flow for development,
however, I decided to go the build route for now. If we build at the
same hashes, the resulting binaries "should" be ~identical anyhow.
I've created a pulumi/pulumi Docker Hub repo that we can publish this
into. For now, there is no CI publishing of the image.
This fixes pulumi/pulumi#1991.
2018-09-29 20:43:35 +02:00
|
|
|
|
|
|
|
# Copy the source code over, restore dependencies, and get ready to build everything. We copy the Gopkg
|
|
|
|
# files explicitly first to avoid excessive rebuild times when dependencies did not change.
|
|
|
|
COPY Gopkg.* ./
|
|
|
|
RUN dep ensure -v --vendor-only
|
|
|
|
COPY . .
|
|
|
|
|
|
|
|
# Build the CLI itself.
|
|
|
|
RUN make install
|
|
|
|
|
|
|
|
# Build the plguins for each of the language hosts (Go, Node.js, Python). This just builds Go code, and
|
|
|
|
# specifically avoids building the packages, since those are distributed using package managers.
|
|
|
|
RUN cd sdk/go && make install_plugin
|
|
|
|
RUN cd sdk/nodejs && make install_plugin
|
|
|
|
RUN cd sdk/python && make install_plugin
|
|
|
|
|
2018-09-29 23:36:34 +02:00
|
|
|
# Install and run in Debian Stretch (to match the builder stage).
|
|
|
|
# TODO[pulumi/pulumi#1986]: consider switching to, or supporting, Alpine Linux for smaller image sizes.
|
Add a Dockerfile for the Pulumi CLI
This introduces a Dockerfile for the Pulumi CLI. This makes it
easier to develop and test the engine in a self-contained environment,
in addition to being suitable for running the actual CLI itself.
For instance,
$ docker run pulumi/pulumi -e "PULUMI_ACCESS_TOKEN=x" up
will run the Pulumi program mounted under the /app volume. This will
be used in some upcoming CI/CD scenarios.
This uses multi-stage builds, and Debian Stretch as the base, for
relatively fast and lean build times and resulting images. We are
intentional about restoring dep packages independent of the actual
source code so that we don't end up needlessly re-depping, which can
consume quite a bit of time. After fixing
https://github.com/pulumi/pulumi/issues/1986, we should explore an
Alpine base image option.
I made the decision to keep this image scoped to just the Go builds.
Therefore, none of the actual SDK packages themselves are built, just
the engine, CLI, and language plugins for Node.js, Python, and Go.
It's possible to create a mega-container that has all of these full
environments so that we can rebuild them too, but for now I figured
it was better to rely on package management for them.
Another alternative would have been to install released binaries,
rather than building them. To keep the useful flow for development,
however, I decided to go the build route for now. If we build at the
same hashes, the resulting binaries "should" be ~identical anyhow.
I've created a pulumi/pulumi Docker Hub repo that we can publish this
into. For now, there is no CI publishing of the image.
This fixes pulumi/pulumi#1991.
2018-09-29 20:43:35 +02:00
|
|
|
FROM debian:stretch
|
|
|
|
|
2018-09-30 16:09:58 +02:00
|
|
|
# Install some runtime pre-reqs.
|
|
|
|
RUN apt-get update -y
|
2018-10-01 22:14:51 +02:00
|
|
|
RUN apt-get install -y ca-certificates curl gnupg jq
|
2018-09-30 16:09:58 +02:00
|
|
|
|
2018-09-30 16:34:11 +02:00
|
|
|
# Install the necessary runtimes.
|
|
|
|
# - Node.js 10.x
|
|
|
|
RUN curl -sL https://deb.nodesource.com/setup_10.x | bash - && \
|
2018-09-30 17:20:29 +02:00
|
|
|
apt-get install -y nodejs build-essential
|
2018-09-30 16:34:11 +02:00
|
|
|
|
2018-09-30 17:07:36 +02:00
|
|
|
# Copy the entrypoint script.
|
|
|
|
COPY ./scripts/docker-entry.sh /usr/bin/run-pulumi
|
|
|
|
|
Add a Dockerfile for the Pulumi CLI
This introduces a Dockerfile for the Pulumi CLI. This makes it
easier to develop and test the engine in a self-contained environment,
in addition to being suitable for running the actual CLI itself.
For instance,
$ docker run pulumi/pulumi -e "PULUMI_ACCESS_TOKEN=x" up
will run the Pulumi program mounted under the /app volume. This will
be used in some upcoming CI/CD scenarios.
This uses multi-stage builds, and Debian Stretch as the base, for
relatively fast and lean build times and resulting images. We are
intentional about restoring dep packages independent of the actual
source code so that we don't end up needlessly re-depping, which can
consume quite a bit of time. After fixing
https://github.com/pulumi/pulumi/issues/1986, we should explore an
Alpine base image option.
I made the decision to keep this image scoped to just the Go builds.
Therefore, none of the actual SDK packages themselves are built, just
the engine, CLI, and language plugins for Node.js, Python, and Go.
It's possible to create a mega-container that has all of these full
environments so that we can rebuild them too, but for now I figured
it was better to rely on package management for them.
Another alternative would have been to install released binaries,
rather than building them. To keep the useful flow for development,
however, I decided to go the build route for now. If we build at the
same hashes, the resulting binaries "should" be ~identical anyhow.
I've created a pulumi/pulumi Docker Hub repo that we can publish this
into. For now, there is no CI publishing of the image.
This fixes pulumi/pulumi#1991.
2018-09-29 20:43:35 +02:00
|
|
|
# Copy over the binaries built during the prior stage.
|
2018-09-30 16:49:52 +02:00
|
|
|
COPY --from=builder /opt/pulumi/* /usr/bin/
|
Add a Dockerfile for the Pulumi CLI
This introduces a Dockerfile for the Pulumi CLI. This makes it
easier to develop and test the engine in a self-contained environment,
in addition to being suitable for running the actual CLI itself.
For instance,
$ docker run pulumi/pulumi -e "PULUMI_ACCESS_TOKEN=x" up
will run the Pulumi program mounted under the /app volume. This will
be used in some upcoming CI/CD scenarios.
This uses multi-stage builds, and Debian Stretch as the base, for
relatively fast and lean build times and resulting images. We are
intentional about restoring dep packages independent of the actual
source code so that we don't end up needlessly re-depping, which can
consume quite a bit of time. After fixing
https://github.com/pulumi/pulumi/issues/1986, we should explore an
Alpine base image option.
I made the decision to keep this image scoped to just the Go builds.
Therefore, none of the actual SDK packages themselves are built, just
the engine, CLI, and language plugins for Node.js, Python, and Go.
It's possible to create a mega-container that has all of these full
environments so that we can rebuild them too, but for now I figured
it was better to rely on package management for them.
Another alternative would have been to install released binaries,
rather than building them. To keep the useful flow for development,
however, I decided to go the build route for now. If we build at the
same hashes, the resulting binaries "should" be ~identical anyhow.
I've created a pulumi/pulumi Docker Hub repo that we can publish this
into. For now, there is no CI publishing of the image.
This fixes pulumi/pulumi#1991.
2018-09-29 20:43:35 +02:00
|
|
|
|
|
|
|
# The app directory should contain the Pulumi program and is the pwd for the CLI.
|
|
|
|
WORKDIR /app
|
|
|
|
VOLUME ["/app"]
|
|
|
|
|
|
|
|
# The app.pulumi.com access token is specified as an environment variable. You can create a new
|
|
|
|
# access token on your account page at https://app.pulumi.com/account. Please override this when
|
|
|
|
# running the Docker container using `docker run pulumi/pulumi -e "PULUMI_ACCESS_TOKEN=a1b2c2def9"`.
|
|
|
|
# ENV PULUMI_ACCESS_TOKEN
|
|
|
|
|
2018-10-02 01:30:44 +02:00
|
|
|
# Add some fixed labels for various integrations.
|
|
|
|
LABEL "com.github.actions.name"="Pulumi"
|
|
|
|
LABEL "com.github.actions.description"="Deploy apps and infra to any cloud!"
|
|
|
|
LABEL "com.github.actions.icon"="cloud-lightning"
|
|
|
|
LABEL "com.github.actions.color"="purple"
|
|
|
|
|
2018-09-30 17:07:36 +02:00
|
|
|
# This image uses a thin wrapper over the Pulumi CLI as its entrypoint. As a result, you may run commands
|
|
|
|
# simply by running `docker run pulumi/pulumi up` to run the program mounted in the `/app` volume location.
|
|
|
|
ENTRYPOINT ["run-pulumi", "--non-interactive"]
|