From 26b6f97176da8a278b19d1cba2e318d1b2164f5a Mon Sep 17 00:00:00 2001 From: Mischa Taylor Date: Tue, 31 Dec 2024 10:09:13 -0500 Subject: [PATCH] Add noble images for ruby 3.1 --- .github/workflows/ci.yml | 2 + ruby/3.1/jammy/Containerfile | 20 ++--- ruby/3.1/noble/Containerfile | 91 +++++++++++++++++++++ ruby/3.1/noble/docker-bake.hcl | 38 +++++++++ ruby/3.1/slim-jammy/Containerfile | 19 ++--- ruby/3.1/slim-noble/Containerfile | 118 ++++++++++++++++++++++++++++ ruby/3.1/slim-noble/docker-bake.hcl | 38 +++++++++ 7 files changed, 303 insertions(+), 23 deletions(-) create mode 100644 ruby/3.1/noble/Containerfile create mode 100644 ruby/3.1/noble/docker-bake.hcl create mode 100644 ruby/3.1/slim-noble/Containerfile create mode 100644 ruby/3.1/slim-noble/docker-bake.hcl diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 016b75bf..4b126c1d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -97,7 +97,9 @@ jobs: pulumi/pulumi-python: 'pulumi/pulumi-python/**' redis/7.2/jammy: 'redis/7.2/jammy/**' ruby/3.1/jammy: 'ruby/3.1/jammy/**' + ruby/3.1/noble: 'ruby/3.1/noble/**' ruby/3.1/slim-jammy: 'ruby/3.1/slim-jammy/**' + ruby/3.1/slim-noble: 'ruby/3.1/slim-noble/**' ruby/3.2/jammy: 'ruby/3.2/jammy/**' ruby/3.2/slim-jammy: 'ruby/3.2/slim-jammy/**' ruby/3.3/jammy: 'ruby/3.3/jammy/**' diff --git a/ruby/3.1/jammy/Containerfile b/ruby/3.1/jammy/Containerfile index 071be5c1..c166f484 100644 --- a/ruby/3.1/jammy/Containerfile +++ b/ruby/3.1/jammy/Containerfile @@ -2,20 +2,17 @@ ARG BASE_IMAGE=docker.io/polymathrobotics/buildpack-deps:jammy FROM $BASE_IMAGE -# skip installing gem documentation +# skip installing gem documentation with `gem install`/`gem update` RUN set -eux; \ mkdir -p /usr/local/etc; \ - { \ - echo 'install: --no-document'; \ - echo 'update: --no-document'; \ - } >> /usr/local/etc/gemrc + echo 'gem: --no-document' >> /usr/local/etc/gemrc -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # https://www.ruby-lang.org/en/news/2024/05/29/ruby-3-1-6-released/ -ENV RUBY_VERSION 3.1.6 -ENV RUBY_DOWNLOAD_URL https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.6.tar.xz -ENV RUBY_DOWNLOAD_SHA256 597bd1849f252d8a6863cb5d38014ac54152b508c36dca156f6356a9e63c6102 +ENV RUBY_VERSION=3.1.6 +ENV RUBY_DOWNLOAD_URL=https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.6.tar.xz +ENV RUBY_DOWNLOAD_SHA256=597bd1849f252d8a6863cb5d38014ac54152b508c36dca156f6356a9e63c6102 # some of ruby's build scripts are written in ruby # we purge system ruby later to make sure our final image uses what we just built @@ -63,10 +60,9 @@ RUN set -eux; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark > /dev/null; \ find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1 || so == "/usr/local/src/ruby/libruby.so.3.1") { next }; gsub("^/(usr/)?", "", so); if (so != "src/ruby/libruby.so.3.1") printf "*%s\n", so }' \ | sort -u \ - | grep -vE '^/usr/local/lib/' \ - | xargs -r sh -c "dpkg-query --search || true" \ + | xargs -r dpkg-query --search \ | cut -d: -f1 \ | sort -u \ | xargs -r apt-mark manual \ diff --git a/ruby/3.1/noble/Containerfile b/ruby/3.1/noble/Containerfile new file mode 100644 index 00000000..408c509f --- /dev/null +++ b/ruby/3.1/noble/Containerfile @@ -0,0 +1,91 @@ +# syntax=docker/dockerfile:1 +ARG BASE_IMAGE=docker.io/polymathrobotics/buildpack-deps:noble +FROM $BASE_IMAGE + +# skip installing gem documentation with `gem install`/`gem update` +RUN set -eux; \ + mkdir -p /usr/local/etc; \ + echo 'gem: --no-document' >> /usr/local/etc/gemrc + +ENV LANG=C.UTF-8 + +# https://www.ruby-lang.org/en/news/2024/05/29/ruby-3-1-6-released/ +ENV RUBY_VERSION=3.1.6 +ENV RUBY_DOWNLOAD_URL=https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.6.tar.xz +ENV RUBY_DOWNLOAD_SHA256=597bd1849f252d8a6863cb5d38014ac54152b508c36dca156f6356a9e63c6102 + +# some of ruby's build scripts are written in ruby +# we purge system ruby later to make sure our final image uses what we just built +# hadolint ignore=DL3003,SC2086,DL4006 +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + bison \ + dpkg-dev \ + libgdbm-dev \ + ruby \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + wget -O ruby.tar.xz "$RUBY_DOWNLOAD_URL"; \ + echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict; \ + \ + mkdir -p /usr/src/ruby; \ + tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1; \ + rm ruby.tar.xz; \ + \ + cd /usr/src/ruby; \ + \ +# hack in "ENABLE_PATH_CHECK" disabling to suppress: +# warning: Insecure world writable dir + { \ + echo '#define ENABLE_PATH_CHECK 0'; \ + echo; \ + cat file.c; \ + } > file.c.new; \ + mv file.c.new file.c; \ + \ + autoconf; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + ./configure \ + --build="$gnuArch" \ + --disable-install-doc \ + --enable-shared \ + ; \ + make -j "$(nproc)"; \ + make install; \ + \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark > /dev/null; \ + find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1 || so == "/usr/local/src/ruby/libruby.so.3.1") { next }; gsub("^/(usr/)?", "", so); if (so != "src/ruby/libruby.so.3.1") printf "*%s\n", so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | grep -v "diversion by" \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + cd /; \ + rm -r /usr/src/ruby; \ +# verify we have no "ruby" packages installed + if dpkg -l | grep -i ruby; then exit 1; fi; \ + [ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \ +# rough smoke test + ruby --version; \ + gem --version; \ + bundle --version + +# don't create ".bundle" in all our apps +ENV GEM_HOME /usr/local/bundle +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ + BUNDLE_APP_CONFIG="$GEM_HOME" +ENV PATH $GEM_HOME/bin:$PATH +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" + +CMD [ "irb" ] diff --git a/ruby/3.1/noble/docker-bake.hcl b/ruby/3.1/noble/docker-bake.hcl new file mode 100644 index 00000000..7e096707 --- /dev/null +++ b/ruby/3.1/noble/docker-bake.hcl @@ -0,0 +1,38 @@ +variable "TAG_PREFIX" { + default = "docker.io/polymathrobotics/ruby" +} + +variable "VERSION" { + default = "3.1.6" +} + +# There's no darwin-based Docker, so if we're running on macOS, change the platform to linux +variable "LOCAL_PLATFORM" { + default = regex_replace("${BAKE_LOCAL_PLATFORM}", "^(darwin)", "linux") +} + +target "_common" { + dockerfile = "Containerfile" + tags = [ + "${TAG_PREFIX}:${VERSION}-noble", + "${TAG_PREFIX}:${join(".", slice(split(".", "${VERSION}"), 0, 2))}-noble", + ] + labels = { + "org.opencontainers.image.source" = "https://github.com/polymathrobotics/oci" + "org.opencontainers.image.licenses" = "Apache-2.0" + "org.opencontainers.image.description" = "Ruby is a dynamic, reflective, object-oriented, general-purpose, open-source programming language." + "org.opencontainers.image.title" = "${TAG_PREFIX}" + "org.opencontainers.image.created" = "${timestamp()}" + "dev.polymathrobotics.image.readme-filepath" = "ruby/README.md" + } +} + +target "local" { + inherits = ["_common"] + platforms = ["${LOCAL_PLATFORM}"] +} + +target "default" { + inherits = ["_common"] + platforms = ["linux/amd64", "linux/arm64/v8"] +} \ No newline at end of file diff --git a/ruby/3.1/slim-jammy/Containerfile b/ruby/3.1/slim-jammy/Containerfile index abd19f4c..09b5ed23 100644 --- a/ruby/3.1/slim-jammy/Containerfile +++ b/ruby/3.1/slim-jammy/Containerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1 -ARG BASE_IMAGE=docker.io/ubuntu:jammy-20240808 +ARG BASE_IMAGE=docker.io/ubuntu:jammy-20240911.1 FROM $BASE_IMAGE RUN set -eux; \ @@ -16,20 +16,17 @@ RUN set -eux; \ ; \ rm -rf /var/lib/apt/lists/* -# skip installing gem documentation +# skip installing gem documentation with `gem install`/`gem update` RUN set -eux; \ mkdir -p /usr/local/etc; \ - { \ - echo 'install: --no-document'; \ - echo 'update: --no-document'; \ - } >> /usr/local/etc/gemrc + echo 'gem: --no-document' >> /usr/local/etc/gemrc -ENV LANG C.UTF-8 +ENV LANG=C.UTF-8 # https://www.ruby-lang.org/en/news/2024/05/29/ruby-3-1-6-released/ -ENV RUBY_VERSION 3.1.6 -ENV RUBY_DOWNLOAD_URL https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.6.tar.xz -ENV RUBY_DOWNLOAD_SHA256 597bd1849f252d8a6863cb5d38014ac54152b508c36dca156f6356a9e63c6102 +ENV RUBY_VERSION=3.1.6 +ENV RUBY_DOWNLOAD_URL=https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.6.tar.xz +ENV RUBY_DOWNLOAD_SHA256=597bd1849f252d8a6863cb5d38014ac54152b508c36dca156f6356a9e63c6102 # some of ruby's build scripts are written in ruby # we purge system ruby later to make sure our final image uses what we just built @@ -90,7 +87,7 @@ RUN set -eux; \ apt-mark auto '.*' > /dev/null; \ apt-mark manual $savedAptMark > /dev/null; \ find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \ - | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1 || so == "/usr/local/src/ruby/libruby.so.3.1") { next }; gsub("^/(usr/)?", "", so); if (so != "src/ruby/libruby.so.3.1") printf "*%s\n", so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ diff --git a/ruby/3.1/slim-noble/Containerfile b/ruby/3.1/slim-noble/Containerfile new file mode 100644 index 00000000..2041f039 --- /dev/null +++ b/ruby/3.1/slim-noble/Containerfile @@ -0,0 +1,118 @@ +# syntax=docker/dockerfile:1 +ARG BASE_IMAGE=docker.io/ubuntu:noble-20241118.1 +FROM $BASE_IMAGE + +RUN set -eux; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + bzip2 \ + ca-certificates \ + libffi-dev \ + libgmp-dev \ + libssl-dev \ + libyaml-dev \ + procps \ + zlib1g-dev \ + ; \ + rm -rf /var/lib/apt/lists/* + +# skip installing gem documentation with `gem install`/`gem update` +RUN set -eux; \ + mkdir -p /usr/local/etc; \ + echo 'gem: --no-document' >> /usr/local/etc/gemrc + +ENV LANG=C.UTF-8 + +# https://www.ruby-lang.org/en/news/2024/05/29/ruby-3-1-6-released/ +ENV RUBY_VERSION=3.1.6 +ENV RUBY_DOWNLOAD_URL=https://cache.ruby-lang.org/pub/ruby/3.1/ruby-3.1.6.tar.xz +ENV RUBY_DOWNLOAD_SHA256=597bd1849f252d8a6863cb5d38014ac54152b508c36dca156f6356a9e63c6102 + +# some of ruby's build scripts are written in ruby +# we purge system ruby later to make sure our final image uses what we just built +# hadolint ignore=DL3003,SC2086,DL4006 +RUN set -eux; \ + \ + savedAptMark="$(apt-mark showmanual)"; \ + apt-get update; \ + apt-get install -y --no-install-recommends \ + bison \ + dpkg-dev \ + libgdbm-dev \ + ruby \ + autoconf \ + g++ \ + gcc \ + libbz2-dev \ + libgdbm-compat-dev \ + libglib2.0-dev \ + libncurses-dev \ + libreadline-dev \ + libxml2-dev \ + libxslt-dev \ + make \ + wget \ + xz-utils \ + ; \ + rm -rf /var/lib/apt/lists/*; \ + \ + wget -O ruby.tar.xz "$RUBY_DOWNLOAD_URL"; \ + echo "$RUBY_DOWNLOAD_SHA256 *ruby.tar.xz" | sha256sum --check --strict; \ + \ + mkdir -p /usr/src/ruby; \ + tar -xJf ruby.tar.xz -C /usr/src/ruby --strip-components=1; \ + rm ruby.tar.xz; \ + \ + cd /usr/src/ruby; \ + \ +# hack in "ENABLE_PATH_CHECK" disabling to suppress: +# warning: Insecure world writable dir + { \ + echo '#define ENABLE_PATH_CHECK 0'; \ + echo; \ + cat file.c; \ + } > file.c.new; \ + mv file.c.new file.c; \ + \ + autoconf; \ + gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ + ./configure \ + --build="$gnuArch" \ + --disable-install-doc \ + --enable-shared \ + ; \ + make -j "$(nproc)"; \ + make install; \ + \ + apt-mark auto '.*' > /dev/null; \ + apt-mark manual $savedAptMark > /dev/null; \ + find /usr/local -type f -executable -not \( -name '*tkinter*' \) -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1 || so == "/usr/local/src/ruby/libruby.so.3.1") { next }; gsub("^/(usr/)?", "", so); if (so != "src/ruby/libruby.so.3.1") printf "*%s\n", so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | grep -v "diversion by" \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + ; \ + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ + \ + cd /; \ + rm -r /usr/src/ruby; \ +# verify we have no "ruby" packages installed + if dpkg -l | grep -i ruby; then exit 1; fi; \ + [ "$(command -v ruby)" = '/usr/local/bin/ruby' ]; \ +# rough smoke test + ruby --version; \ + gem --version; \ + bundle --version + +# don't create ".bundle" in all our apps +ENV GEM_HOME /usr/local/bundle +ENV BUNDLE_SILENCE_ROOT_WARNING=1 \ + BUNDLE_APP_CONFIG="$GEM_HOME" +ENV PATH $GEM_HOME/bin:$PATH +# adjust permissions of a few directories for running "gem install" as an arbitrary user +RUN mkdir -p "$GEM_HOME" && chmod 1777 "$GEM_HOME" + +CMD [ "irb" ] diff --git a/ruby/3.1/slim-noble/docker-bake.hcl b/ruby/3.1/slim-noble/docker-bake.hcl new file mode 100644 index 00000000..56f6421a --- /dev/null +++ b/ruby/3.1/slim-noble/docker-bake.hcl @@ -0,0 +1,38 @@ +variable "TAG_PREFIX" { + default = "docker.io/polymathrobotics/ruby" +} + +variable "VERSION" { + default = "3.1.6" +} + +# There's no darwin-based Docker, so if we're running on macOS, change the platform to linux +variable "LOCAL_PLATFORM" { + default = regex_replace("${BAKE_LOCAL_PLATFORM}", "^(darwin)", "linux") +} + +target "_common" { + dockerfile = "Containerfile" + tags = [ + "${TAG_PREFIX}:${VERSION}-slim-noble", + "${TAG_PREFIX}:${join(".", slice(split(".", "${VERSION}"), 0, 2))}-slim-noble", + ] + labels = { + "org.opencontainers.image.source" = "https://github.com/polymathrobotics/oci" + "org.opencontainers.image.licenses" = "Apache-2.0" + "org.opencontainers.image.description" = "Ruby is a dynamic, reflective, object-oriented, general-purpose, open-source programming language." + "org.opencontainers.image.title" = "${TAG_PREFIX}" + "org.opencontainers.image.created" = "${timestamp()}" + "dev.polymathrobotics.image.readme-filepath" = "ruby/README.md" + } +} + +target "local" { + inherits = ["_common"] + platforms = ["${LOCAL_PLATFORM}"] +} + +target "default" { + inherits = ["_common"] + platforms = ["linux/amd64", "linux/arm64/v8"] +} \ No newline at end of file