Skip to content

publish docker-in-docker (dind) image #4838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 4, 2025
Merged

publish docker-in-docker (dind) image #4838

merged 3 commits into from
Feb 4, 2025

Conversation

wdbaruni
Copy link
Member

@wdbaruni wdbaruni commented Feb 4, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • New Features

    • Enhanced Docker image workflows now support multi-platform builds and streamlined tagging for efficient image management.
    • Refined container startup processes for Docker-in-Docker environments, including improved execution checks and progress indicators.

  • Documentation

    • Added comprehensive guides for both base and Docker-in-Docker images, with clear usage examples, troubleshooting tips, and best practice instructions.

  • Chores

    • Performed several internal optimizations to improve overall build consistency and performance.

@linear Linear
Copy link

linear bot commented Feb 4, 2025

ENG-599 docker dind image

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 4, 2025
edited
Loading

Walkthrough

The changes update multiple components of the project. The custom dictionary file has been modified by adding and re-adding certain entries. The Makefile now supports new, granular Docker image build and push targets for multi-platform builds. A buildkite script has been revised with a renamed function and adjusted commands. New Dockerfiles and accompanying README documents have been introduced for both the Bacalhau Base and DinD images, and a new entrypoint script for the DinD image implements a startup sequence that checks for privileged mode. An obsolete Bacalhau image README file has been removed.

Changes

File(s) Summary
.cspell/custom-dictionary.txt Modified dictionary: removed ncltest, then re-added ncltest and added dind
Makefile Updated targets for building/pushing Docker images with multi-platform support; added new granular targets and adjusted tagging logic
buildkite/scripts/bacalhau_image.sh Renamed function from docker_context_create to setup_buildx, updated echo messages, and changed command from make push-bacalhau-image to make push-bacalhau-images
docker/bacalhau-base/Dockerfile
docker/bacalhau-base/README.md		 Introduced new environment variable and entrypoint in the Dockerfile; standardized label syntax; added documentation for the base image
docker/bacalhau-dind/Dockerfile
docker/bacalhau-dind/README.md
docker/bacalhau-dind/entrypoint.sh		 Created a new Dockerfile for DinD with a target platform argument, binary addition, and custom entrypoint script that checks for privileged mode; added corresponding documentation
docker/bacalhau-image/README.md Removed obsolete documentation file for the Bacalhau image

Sequence Diagram(s)

sequenceDiagram
    participant Container as Container
    participant EP as Entrypoint Script
    participant DD as Docker Daemon
    participant BC as Bacalhau Binary

    Container->>EP: Execute entrypoint.sh
    EP->>EP: Check for privileged mode (iptables access)
    alt Privileged mode detected
        EP->>DD: Start Docker daemon (background)
        loop Polling for readiness (up to 30s)
            EP->>DD: Request docker info
        end
        EP->>BC: Execute Bacalhau command with arguments
    else Not privileged
        EP->>Container: Output error message and exit
    end
Loading 
sequenceDiagram
    participant BK as Buildkite
    participant S as bacalhau_image.sh
    participant M as Makefile

    BK->>S: Trigger build process
    S->>S: Execute setup_buildx (renamed function)
    S->>S: Download artifacts (echo start message)
    alt BUILDKITE_TAG is present
        S->>M: Run "push-bacalhau-images" target
    else
        S->>S: Skip image build and echo status
    end
Loading

Poem

I'm a hopping rabbit, light on my feet,
Celebrating code changes so modern and neat.
Targets and scripts now dance in the flow,
Docker images built with a magical glow.
I nibble on updates with joy and delight,
Happy to see our project take flight! 🐇✨

Tip

🌐 Web search-backed reviews and chat
  • We have enabled web search-based reviews and chat for all users. This feature allows CodeRabbit to access the latest documentation and information on the web.
  • You can disable this feature by setting web_search: false in the knowledge_base settings.
  • Please share any feedback in the Discord discussion.
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Feb 4, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (4)
docker/bacalhau-base/Dockerfile (1)

8-8: Consider Using COPY Instead of ADD.
The Dockerfile uses an ADD instruction at line 8 to copy the binary into the image. Docker best practices generally recommend using COPY for local files since it has more predictable semantics. Consider switching to:

COPY bin/$TARGETPLATFORM/bacalhau /usr/local/bin/bacalhau
🧰 Tools
🪛 Hadolint (2.12.0)

[error] 8-8: Use COPY instead of ADD for files and folders

(DL3020)

docker/bacalhau-dind/Dockerfile (1)

12-14: Consider Replacing ADD with COPY.
At line 14 the Dockerfile uses:

ADD bin/$TARGETPLATFORM/bacalhau /usr/local/bin/bacalhau

Docker best practices advise using COPY for local files. If no special features of ADD are required, consider replacing it with:

COPY bin/$TARGETPLATFORM/bacalhau /usr/local/bin/bacalhau
🧰 Tools
🪛 Hadolint (2.12.0)

[error] 14-14: Use COPY instead of ADD for files and folders

(DL3020)

docker/bacalhau-dind/README.md (2)

16-18: Specify Language for Fenced Code Blocks.
For better syntax highlighting and clarity, consider adding a language identifier (e.g., bash) to fenced code blocks. For instance, change:
to: bash
This applies to the code block in lines 16–18 (and similar blocks throughout the document).

68-69: Improve Error Message Wording.
The section beginning with "If you see this error:" could be strengthened by rephrasing to "If you encounter this error:" to provide a more assertive tone.

🧰 Tools
🪛 LanguageTool

[style] ~68-~68: Consider an alternative verb to strengthen your wording.
Context: ...n't allowed ## Troubleshooting If you see this error: ``` ERROR: This container m...

(IF_YOU_HAVE_THIS_PROBLEM)

🪛 markdownlint-cli2 (0.17.2)

69-69: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 33c617a and 0e50271.

📒 Files selected for processing (9)
  • .cspell/custom-dictionary.txt (1 hunks)
  • Makefile (1 hunks)
  • buildkite/scripts/bacalhau_image.sh (2 hunks)
  • docker/bacalhau-base/Dockerfile (1 hunks)
  • docker/bacalhau-base/README.md (1 hunks)
  • docker/bacalhau-dind/Dockerfile (1 hunks)
  • docker/bacalhau-dind/README.md (1 hunks)
  • docker/bacalhau-dind/entrypoint.sh (1 hunks)
  • docker/bacalhau-image/README.md (0 hunks)
💤 Files with no reviewable changes (1)
  • docker/bacalhau-image/README.md
✅ Files skipped from review due to trivial changes (2)
  • .cspell/custom-dictionary.txt
  • docker/bacalhau-base/README.md
🧰 Additional context used
🪛 LanguageTool
docker/bacalhau-dind/README.md

[style] ~68-~68: Consider an alternative verb to strengthen your wording.
Context: ...n't allowed ## Troubleshooting If you see this error: ``` ERROR: This container m...

(IF_YOU_HAVE_THIS_PROBLEM)

🪛 markdownlint-cli2 (0.17.2)
docker/bacalhau-dind/README.md

69-69: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

🪛 Hadolint (2.12.0)
docker/bacalhau-dind/Dockerfile

[error] 14-14: Use COPY instead of ADD for files and folders

(DL3020)

⏰ Context from checks skipped due to timeout of 90000ms (9)
  • GitHub Check: build / Build Binary (windows, amd64)
  • GitHub Check: build / Build Binary (darwin, arm64)
  • GitHub Check: build / Build Binary (darwin, amd64)
  • GitHub Check: build / Build Binary (linux, armv6)
  • GitHub Check: build / Build Binary (linux, armv7)
  • GitHub Check: build / Build Binary (linux, arm64)
  • GitHub Check: lint / lint
  • GitHub Check: lint / go-lint (ubuntu-latest)
  • GitHub Check: build / Build Binary (linux, amd64)
🔇 Additional comments (23)
docker/bacalhau-base/Dockerfile (1)

10-18: Standardizing PATH, ENTRYPOINT, and LABEL Instructions.
The updates set the ENV PATH (line 10) to include both /usr/local/bin and /usr/bin and define the container’s entrypoint to run bacalhau (line 12). The LABEL instructions (lines 14–18) are also reformatted to use the = for assignment, which improves consistency. Ensure that the bacalhau binary is present at the expected location.

docker/bacalhau-dind/entrypoint.sh (4)

1-8: Privileged Mode Check Implemented Correctly.
The script correctly verifies privileged mode by testing access to iptables. The error messages provide clear guidance on how to run the container properly.

10-12: Docker Daemon Startup.
The Docker daemon is launched in the background using dockerd-entrypoint.sh dockerd &. Double-check that the dockerd-entrypoint.sh script is available in the image’s PATH.

13-19: Effective Timeout Mechanism.
The use of timeout with a polling loop to check for docker info provides a clear and practical way to wait for the Docker daemon. The subsequent check of the exit status (lines 16–19) properly handles timeout failures.

21-28: Delegating to Bacalhau Correctly.
Extracting the bacalhau binary path from the first argument and using exec to run it (lines 23–28) is an effective pattern that replaces the shell with the intended process.

docker/bacalhau-dind/Dockerfile (3)

4-8: Installing Essential Packages.
The Dockerfile installs necessary utilities such as curl, bash, and coreutils from Alpine's repositories using apk. This ensures the image contains all needed dependencies.

17-19: Configuring the Custom Entrypoint.
Copying the custom entrypoint script into /usr/local/bin/ (line 17) and making it executable (line 18) is correctly implemented.

20-26: Entrypoint and Metadata Setup.
The ENTRYPOINT directive (line 20) passes bacalhau as an argument to the custom script, ensuring the proper command is executed. Additionally, the metadata LABELs (lines 22–26) provide clear project details.

buildkite/scripts/bacalhau_image.sh (3)

14-17: Renamed Buildx Setup Function.
The function formerly known as docker_context_create is now renamed to setup_buildx (lines 14–17), which more accurately reflects its purpose. The logic for creating and selecting the Docker Buildx context is clear.

32-38: Improved Artifact Download Logging.
The updated echo statement at the start of the download_artifacts function (line 33) improves clarity by indicating when artifact downloading commences. The subsequent artifact download and extraction logic is well-structured.

44-53: Refined Main Function for Image Build and Push.
Within the main function, the echo message on line 45 now explicitly announces the start of image building and pushing when a BUILDKITE_TAG is present. Furthermore, the call to make push-bacalhau-images (line 50) aligns with updated Makefile targets. The alternative branch for cases without a tag is clearly communicated (line 52).

docker/bacalhau-dind/README.md (1)

1-77: Comprehensive Documentation Provided.
The README thoroughly explains the purpose, usage, features, and troubleshooting procedures for the Bacalhau DinD image. The structure is well-organized, making it easy for users to understand when and how to deploy this image.

🧰 Tools
🪛 LanguageTool

[style] ~68-~68: Consider an alternative verb to strengthen your wording.
Context: ...n't allowed ## Troubleshooting If you see this error: ``` ERROR: This container m...

(IF_YOU_HAVE_THIS_PROBLEM)

🪛 markdownlint-cli2 (0.17.2)

69-69: Fenced code blocks should have a language specified
null

(MD040, fenced-code-language)

Makefile (11)

236-240: Review of "build-http-gateway-image" target:
The inclusion of the --load flag enables the built image to be immediately available locally. However, note that when building for multiple platforms (i.e. linux/amd64,linux/arm64), --load will only load the image for the current host’s architecture. Please verify that this behavior is acceptable for your use case.

241-247: Review of "push-http-gateway-image" target:
The push target is correctly configured using --push along with the multi-platform flag. This ensures that the image is pushed to the registry for all specified architectures.

253-261: Validation of Semver Tag Condition:
The conditional block using grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$$' effectively checks for a valid semver tag, and then assigns additional tags (latest and latest-dind). Confirm that all tags in your repository adhere to this semver format to avoid any unintended behavior.

263-267: Review of BACALHAU_IMAGE_FLAGS Definition:
The BACALHAU_IMAGE_FLAGS now includes a label for the image version (org.opencontainers.image.version). This is a useful addition for tracking image metadata. Please ensure that the dynamic timestamp and version values are as expected when the build is executed.

268-275: Review of "build-bacalhau-base-image" target:
This target builds the Bacalhau base image using docker buildx build --load along with caching and tagging options. One point to note is that using --load may restrict multi-platform support to the local platform. Verify that building locally (without explicit multi-platform output) meets your requirements for testing or development.

276-283: Review of "build-bacalhau-dind-image" target:
Similar to the base image target, the dind image build uses --load while applying the appropriate dind-specific tags and caching mechanisms. Consider whether limiting the loaded image to the host architecture is intentional, or if a multi-platform build is desired for local usage.

284-293: Review of "push-bacalhau-base-image" target:
The push target for the base image is well-structured, employing docker buildx build --push with the multi-platform flag and caching options. This setup should efficiently publish the image for all supported architectures.

294-302: Review of "push-bacalhau-dind-image" target:
The dind push target mirrors the base image push configuration and correctly handles multi-platform image publishing with caching. It is consistent and clear in its implementation.

303-306: Review of Combined Build Target "build-bacalhau-images":
Consolidating the build of both the Bacalhau base and dind images into a single target improves usability and simplifies the build workflow. This abstraction is clear and aligns with the goal of granular target operations.

307-309: Review of Combined Push Target "push-bacalhau-images":
Grouping the push targets for the base and dind images under a combined target increases clarity and ease-of-use. This approach maintains consistency with the granularity introduced by the new targets.

310-312: Review of "push-docker-images" target:
The updated push-docker-images target now delegates to push-http-gateway-image, reflecting the new target structure. Ensure that any documentation or dependent scripts referencing this target are updated accordingly to avoid confusion.

jamlo
jamlo approved these changes Feb 4, 2025
View reviewed changes
Copy link
Contributor

@jamlo jamlo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.
My only concern is that push-bacalhau-base-image and push-bacalhau-dind-image are just one Make command to push an image.
Maybe a confirmation check to protect against accidental push ?

@wdbaruni
Copy link
Member Author

wdbaruni commented Feb 4, 2025

My only concern is that push-bacalhau-base-image and push-bacalhau-dind-image are just one Make command to push an image.
Maybe a confirmation check to protect against accidental push ?

I hear your point. The thing is this is what we call in buildkite to publish the images and we can't ask for approval. The good thing is we only tag these images with latest if they are part of a release. Trying to push locally will just add a tag such as v1.6.2-2-g33c617ae7

@wdbaruni wdbaruni merged commit e1bdc53 into main Feb 4, 2025
14 checks passed
@wdbaruni wdbaruni deleted the eng-599-docker-dind-image branch February 4, 2025 17:39
@jamlo
Copy link
Contributor

jamlo commented Feb 4, 2025

@wdbaruni I was thinking of having a "-y" flag to support script usage. But that is only a detail .

@coderabbitai coderabbitai bot mentioned this pull request Feb 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@jamlo jamlo jamlo approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wdbaruni @jamlo