From a469ca04610de779fe938629e139b0e3de8260a8 Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Sun, 29 Aug 2021 20:01:38 +0200 Subject: [PATCH 1/3] Move docker healthcheck into dedicated script. --- Dockerfile | 24 +++++++++++++----------- docker/healthcheck.sh | 13 +++++++++++++ 2 files changed, 26 insertions(+), 11 deletions(-) create mode 100644 docker/healthcheck.sh diff --git a/Dockerfile b/Dockerfile index 68dce3f3..f4b176f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,25 +7,29 @@ # Alpine build image to build Conduit's statically compiled binary FROM alpine:3.14 as builder -# Specifies if the local project is build or if Conduit gets build -# from the official git repository. Defaults to the git repo. -ARG LOCAL=false -# Specifies which revision/commit is build. Defaults to HEAD -ARG GIT_REF=origin/master - # Install packages needed for building all crates RUN apk add --no-cache \ cargo \ openssl-dev +# Specifies if the local project is build or if Conduit gets build +# from the official git repository. Defaults to the git repo. +ARG LOCAL=false +# Specifies which revision/commit is build. Defaults to HEAD +ARG GIT_REF=origin/master # Copy project files from current folder COPY . . # Build it from the copied local files or from the official git repository RUN if [[ $LOCAL == "true" ]]; then \ + mv ./docker/healthcheck.sh . ; \ + echo "Building from local source..." ; \ cargo install --path . ; \ else \ - cargo install --git "https://gitlab.com/famedly/conduit.git" --rev ${GIT_REF}; \ + echo "Building revision '${GIT_REF}' from online source..." ; \ + cargo install --git "https://gitlab.com/famedly/conduit.git" --rev ${GIT_REF} ; \ + echo "Loadings healthcheck script from online source..." ; \ + wget "https://gitlab.com/famedly/conduit/-/raw/${GIT_REF#origin/}/docker/healthcheck.sh" ; \ fi ########################## RUNTIME IMAGE ########################## @@ -64,6 +68,7 @@ EXPOSE 6167 # /srv/conduit and create data folder for database RUN mkdir -p /srv/conduit/.local/share/conduit COPY --from=builder /root/.cargo/bin/conduit /srv/conduit/ +COPY --from=builder ./healthcheck.sh /srv/conduit/ # Add www-data user and group with UID 82, as used by alpine # https://git.alpinelinux.org/aports/tree/main/nginx/nginx.pre-install @@ -82,10 +87,7 @@ RUN apk add --no-cache \ libgcc # Test if Conduit is still alive, uses the same endpoint as Element -HEALTHCHECK --start-period=5s \ - CMD curl --fail -s "http://localhost:$(grep -m1 -o 'port\s=\s[0-9]*' conduit.toml | grep -m1 -o '[0-9]*')/_matrix/client/versions" || \ - curl -k --fail -s "https://localhost:$(grep -m1 -o 'port\s=\s[0-9]*' conduit.toml | grep -m1 -o '[0-9]*')/_matrix/client/versions" || \ - exit 1 +HEALTHCHECK --start-period=5s --interval=60s CMD ./healthcheck.sh # Set user to www-data USER www-data diff --git a/docker/healthcheck.sh b/docker/healthcheck.sh new file mode 100644 index 00000000..568838ec --- /dev/null +++ b/docker/healthcheck.sh @@ -0,0 +1,13 @@ +#!/bin/sh + +# If the port is not specified as env var, take it from the config file +if [ -z ${CONDUIT_PORT} ]; then + CONDUIT_PORT=$(grep -m1 -o 'port\s=\s[0-9]*' conduit.toml | grep -m1 -o '[0-9]*') +fi + +# The actual health check. +# We try to first get a response on HTTP and when that fails on HTTPS and when that fails, we exit with code 1. +# TODO: Change this to a single curl call. Do we have a config value that we can check for that? +curl --fail -s "http://localhost:${CONDUIT_PORT}/_matrix/client/versions" || \ + curl -k --fail -s "https://localhost:${CONDUIT_PORT}/_matrix/client/versions" || \ + exit 1 From 9ded40e98329a02c1d504ae328c7ce4b8ca951da Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Mon, 30 Aug 2021 09:14:08 +0200 Subject: [PATCH 2/3] Change healthcheck in ci dockerfile --- docker/ci-binaries-packaging.Dockerfile | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docker/ci-binaries-packaging.Dockerfile b/docker/ci-binaries-packaging.Dockerfile index 797ef0cf..1fe85bf4 100644 --- a/docker/ci-binaries-packaging.Dockerfile +++ b/docker/ci-binaries-packaging.Dockerfile @@ -53,10 +53,7 @@ RUN apk add --no-cache \ libgcc # Test if Conduit is still alive, uses the same endpoint as Element -HEALTHCHECK --start-period=5s \ - CMD curl --fail -s "http://localhost:$(grep -m1 -o 'port\s=\s[0-9]*' conduit.toml | grep -m1 -o '[0-9]*')/_matrix/client/versions" || \ - curl -k --fail -s "https://localhost:$(grep -m1 -o 'port\s=\s[0-9]*' conduit.toml | grep -m1 -o '[0-9]*')/_matrix/client/versions" || \ - exit 1 +HEALTHCHECK --start-period=5s --interval=60s CMD ./healthcheck.sh # Set user to www-data USER www-data @@ -68,3 +65,4 @@ ENTRYPOINT [ "/srv/conduit/conduit" ] # Copy the Conduit binary into the image at the latest possible moment to maximise caching: COPY ./conduit-x86_64-unknown-linux-musl /srv/conduit/conduit +COPY ./docker/healthcheck.sh /srv/conduit/ From a08ea1569599fa12e31f1ac45bc24374cf9dacaf Mon Sep 17 00:00:00 2001 From: Daniel Wiesenberg Date: Tue, 31 Aug 2021 18:03:44 +0200 Subject: [PATCH 3/3] Use `$CI_COMMIT_SHORT_SHA` for `GIT_REF` Using `$CI_COMMIT_REF_NAME` means we get `master` for every image build, which is not very useful/informative. Using `$CI_COMMIT_SHORT_SHA`, on the other hand, makes it possible to see exactly from which commit an image was built. --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6f6f56f0..75bdfd68 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -217,7 +217,7 @@ build:docker:main: --context $CI_PROJECT_DIR --build-arg CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) - --build-arg "GIT_REF=$CI_COMMIT_REF_NAME" + --build-arg "GIT_REF=$CI_COMMIT_SHORT_SHA" --dockerfile "$CI_PROJECT_DIR/docker/ci-binaries-packaging.Dockerfile" --destination "$CI_REGISTRY_IMAGE/conduit:latest" --destination "$CI_REGISTRY_IMAGE/conduit:alpine"