From 726987651b5524d67630526e80ea3766a30a5f5c Mon Sep 17 00:00:00 2001 From: Spotandjake Date: Fri, 11 Apr 2025 21:06:07 -0400 Subject: [PATCH 1/2] chore: Update docker workflow --- .dockerignore | 2 ++ .github/workflows/docker-publish.yml | 24 ++++++++++++------------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/.dockerignore b/.dockerignore index a3f73d624f..f1cf6c07df 100644 --- a/.dockerignore +++ b/.dockerignore @@ -2,6 +2,8 @@ # to do this for some reason: # $ go get -v -u github.com/pwaller/docker-show-context main +*.gro +**/*.gro *.mashtree **/*.mashtree *.swp diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 5ad55e295f..10974f9f60 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Parse tag # This step converts Grain tags into standard semver, i.e. grain-v1.2.3 -> v1.2.3 @@ -48,7 +48,7 @@ jobs: ssh-private-key: ${{ secrets.AWS_SSH_PRIVATE_KEY }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.0.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Set up remote builder run: | @@ -61,7 +61,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v3.6.0 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: | grainlang/grain @@ -72,20 +72,20 @@ jobs: type=semver,pattern={{major}}.{{minor}},value=${{ steps.vars.outputs.tag }} - name: Login to DockerHub - uses: docker/login-action@v2.0.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Github Container Registry - uses: docker/login-action@v2.0.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push image - uses: docker/build-push-action@v2.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . file: Dockerfile @@ -100,7 +100,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout project - uses: actions/checkout@v3 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Parse tag # This step converts Grain tags into standard semver, i.e. grain-v1.2.3 -> v1.2.3 @@ -128,7 +128,7 @@ jobs: ssh-private-key: ${{ secrets.AWS_SSH_PRIVATE_KEY }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2.0.0 + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 - name: Set up remote builder run: | @@ -141,7 +141,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v3.6.0 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: flavor: | suffix=-slim,onlatest=true @@ -154,20 +154,20 @@ jobs: type=semver,pattern={{major}}.{{minor}},value=${{ steps.vars.outputs.tag }} - name: Login to DockerHub - uses: docker/login-action@v2.0.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to Github Container Registry - uses: docker/login-action@v2.0.0 + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push slim image - uses: docker/build-push-action@v2.7.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . file: Dockerfile-slim From b1659cf8e0e0fb03d0f416e92d62fe1a54f88b67 Mon Sep 17 00:00:00 2001 From: Oscar Spencer Date: Sat, 1 Nov 2025 15:31:52 -0400 Subject: [PATCH 2/2] Upgrade to esy 0.9.2 --- Dockerfile | 8 ++------ Dockerfile-slim | 8 ++------ 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 092d7e75d2..0a117990cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # This Dockerfile constructs an environment in which the Grain compiler can be built and used. -FROM ospencer/esy:alpine AS esy +FROM ospencer/esy:0.9.2 AS esy FROM node:22 LABEL name="Grain" @@ -16,11 +16,7 @@ WORKDIR /grain # Install dependencies but don't allow esy's postinstall script to run RUN npm ci --ignore-scripts -# This line is technically incorrect on amd64, but docker does not support -# conditional copies and the arm64 folder is ignored on amd64 anyway -COPY --from=esy /app/_release /grain/node_modules/esy/platform-linux-arm64 -# Manually run esy's postinstall script -RUN cd node_modules/esy && npm run postinstall +COPY --from=esy /usr/local /grain/node_modules/esy # Necessary because we disabled scripts during the original install RUN npm run prepare diff --git a/Dockerfile-slim b/Dockerfile-slim index f544e0e03e..0fb4f2740f 100644 --- a/Dockerfile-slim +++ b/Dockerfile-slim @@ -1,7 +1,7 @@ # This Dockerfile constructs a minimal environment in which Grain programs can be compiled. # The environment is only meant to build Grain programs, not develop the compiler. -FROM ospencer/esy:alpine AS esy +FROM ospencer/esy:0.9.2 AS esy FROM node:22 AS builder LABEL name="Grain" @@ -17,11 +17,7 @@ WORKDIR /grain # Install dependencies but don't allow esy's postinstall script to run RUN npm ci --ignore-scripts -# This line is technically incorrect on amd64, but docker does not support -# conditional copies and the arm64 folder is ignored on amd64 anyway -COPY --from=esy /app/_release /grain/node_modules/esy/platform-linux-arm64 -# Manually run esy's postinstall script -RUN cd node_modules/esy && npm run postinstall +COPY --from=esy /usr/local /grain/node_modules/esy # Necessary because we disabled scripts during the original install RUN npm run prepare