get-bridge / docker-base-images Goto Github PK
View Code? Open in Web Editor NEWOfficial Bridge docker base images
License: MIT License
Official Bridge docker base images
License: MIT License
I believe due to the parallel nature of our build that it's quite easy to encounter 429 Too Many Requests
type of errors if multiple builds all push simultaneously. The error looks like:
time="2023-04-20T14:38:37Z" level=debug msg="fetch response received" digest="sha256:702cb5449b90e2a8266de4e8657555f853562299a86db791914c8c4ff546bccd" mediatype=application/vnd.oci.image.index.v1+json response.header.content-length=66 response.header.content-type="application/json; charset=utf-8" response.header.date="Thu, 20 Apr 2023 14:38:37 GMT" response.header.docker-distribution-api-version=registry/2.0 response.header.sizes=1609.000000 response.status="429 Too Many Requests" size=1609 spanID=b6092497712d9853 traceID=cbc430f25bc270ed87775f5873240a87 url="https://127178877223.dkr.ecr.us-east-2.amazonaws.com/v2/get-bridge/node/manifests/16-slim"
One solution is to cap the parallelization in the workflow.
if: github.ref == 'refs/heads/main'
)Need to modify the build so that (at least on the main branch) the clojure image is able to be built with the java image it depends on. Currently it is built with whatever is available in the registry, which could have changed in the same branch.
We need a way to publish branch tagged images to use in CI.
Currently, if we change an image that another image depends on, the downstream image pulls from the canonical upstream source. This could lead to issues when developing dependent images.
Right now, because core image changes are immediately reflected in all downstream images there's no way to prevent a situation where a tag like -jammy
is actually a lunar core image. I think we can repurpose a rake task to generate every tag and then use that to created a build where each image is checked against a known list of core images to ensure a downstream image isn't accidentally upgraded and labelled incorrectly.
Maybe we can repurpose the manifest to be exhaustive check against all tags ever pushed to ECR? That might be paranoid, but it would give a safety net for long term maintenance.
The reason for this issue is that I'm currently unravelling this exact situation manually.
There's a bunch of warning about apt
not having a stable API so we should instead use apt-get
.
Per the best practices doc, it is recommend we avoid using sudo
inside containers:
Avoid installing or using sudo as it has unpredictable TTY and signal-forwarding behavior that can cause problems. If you absolutely need functionality similar to sudo, such as initializing the daemon as root but running it as non-root, consider using “gosu”.
I'm unable to see any obvious hard constraint on requiring sudo in these images so I'm also inclined to remove it.
This will help visibility of available versions on GitHub as well as potentially give a speed boost to CI since their servers are expected to have faster transfer speeds than pulling from AWS ECR.
proxy | 2023/04/12 18:29:49 [026] GET https://127178877223.dkr.ecr.us-east-2.amazonaws.com:443/v2/get-bridge/java/tags/list
proxy | 2023/04/12 18:29:49 [026] * authenticating docker ecr request (host: 127178877223.dkr.ecr.us-east-2.amazonaws.com)
proxy | 2023/04/12 18:29:49 [026] 403 https://127178877223.dkr.ecr.us-east-2.amazonaws.com:443/v2/get-bridge/java/tags/list
updater | 2023/04/12 18:29:49 INFO <job_644081773> Handled error whilst updating get-bridge/java: private_source_authentication_failure {:source=>"127178877223.dkr.ecr.us-east-2.amazonaws.com"}
updater | 2023/04/12 18:29:49 INFO <job_644081773> Finished job processing
updater | 2023/04/12 18:29:49 INFO Results:
updater | Dependabot encountered '1' error(s) during execution, please check the logs for more details.
updater | +---------------------------------------------------------+
updater | | Dependencies failed to update |
updater | +-----------------+---------------------------------------+
updater | | get-bridge/java | private_source_authentication_failure |
updater | +-----------------+---------------------------------------+
ref: https://github.com/get-bridge/docker-base-images/network/updates/644081773
Implement a workflow that fails the build if templates are modified but corresponding rake tasks have not generated the artifacts.
This is already present in the Dockerfile, we should add it to the bake files as well.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.