Python 3.13 + Images

(#50) * Python 3.13 * More Dockerfile * Image build/scan + badges in README
riverbed · Dec 20, 2024 · d8e6809 · d8e6809
1 parent 8b76d27
commit d8e6809
Show file tree

Hide file tree

Showing 12 changed files with 470 additions and 85 deletions.
diff --git a/.github/workflows/latest.yaml b/.github/workflows/latest.yaml
@@ -0,0 +1,78 @@
+# latest.yaml
+# version: 24.11.1
+
+name: latest
+# see extra configuration rule in /.grype.yaml
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Docker Setup Buildx
+      uses: docker/setup-buildx-action@v3
+
+    # Playground
+
+    - name: Build image - SteelScript playground (Dockerfile)
+      run:  docker build --tag steelscript:latest -f Dockerfile .
+
+    - name: Run - SteelScript playground
+      run: docker run steelscript:latest steel about -v
+
+    # Notebook
+
+    - name: Build image - SteelScript notebook (Dockerfile)
+      run:  docker build --tag steelscript.notebook -f Dockerfile.notebook .
+
+    - name: Run - SteelScript notebook
+      run: docker run steelscript:latest steel about -v      
+
+    # Workload
+
+    - name: Build image - SteelScript workload (Dockerfile.workload)
+      run:  docker build --tag steelscript.workload:latest -f Dockerfile.workload .
+
+    - name: Scan image - SteelScript workload
+      uses: anchore/scan-action@v3
+      with:
+        image: "steelscript.workload:latest"
+        severity-cutoff: critical
+        output-format: table
+
+    - name: Run image - SteelScript workload
+      run: docker run steelscript.workload:latest steel about -v
+
+    # Custom
+
+    - name: Build image - SteelScript custom (Dockerfile.custom)
+      run:  docker build --tag steelscript.custom:latest -f Dockerfile.custom .
+
+    - name: Run image - SteelScript custom
+      run: docker run steelscript.custom:latest steel about -v
+
+    # Slim
+
+    - name: Build image - SteelScript slim (Dockerfile.slim)
+      run:  docker build --tag steelscript.slim:latest -f Dockerfile.slim .
+
+    - name: Scan image - SteelScript slim
+      uses: anchore/scan-action@v3
+      with:
+        image: "steelscript.slim:latest"
+        severity-cutoff: critical
+        output-format: table          
+
+    - name: Run image - SteelScript slim
+      run: docker run steelscript.slim:latest steel about -v
+
+    # Extra
+
+    - name: Size images
+      run: docker images
+
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,35 @@
+# release.yaml
+# version: 24.11.1
+
+name: release
+# see extra configuration rule in /.grype.yaml
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Docker Setup Buildx
+      uses: docker/setup-buildx-action@v3
+
+
+    - name: Build image - SteelScript release (Dockerfile.release)
+      run:  docker build --progress=plain --tag localbuild/steelscript.release -f Dockerfile.release .
+
+    - name: Scan image - SteelScript release
+      uses: anchore/scan-action@v3
+      with:
+        image: "localbuild/steelscript.release"
+        severity-cutoff: critical
+        output-format: table
+
+    - name: Run image - SteelScript release
+      run: docker run localbuild/steelscript.release steel about -v
+
+    - name: Size image
+      run: docker images
diff --git a/.grype.yaml b/.grype.yaml
@@ -0,0 +1,6 @@
+# grype.yaml
+# version: 24.11.1
+
+# https://github.com/anchore/grype#specifying-matches-to-ignore
+ignore:
+  - fix-state: wont-fix
diff --git a/Dockerfile b/Dockerfile
@@ -1,36 +1,65 @@
 # Dockerfile
-# version: 24.10.1
+# version: 24.11.1
+#
+# Riverbed SteelScript, https://github.com/riverbed/steelscript
+#
+# Usage
+#   
+#   # Build
+#
+#       docker build --tag steelscript:latest -f Dockerfile .
+#
+#   # Run
+#
+#       docker run -it --rm steelscript:latest
+#
 
-FROM python:3.12
+# Use Python image for playground
+FROM python:3.13
 LABEL org.opencontainers.image.authors="Riverbed Community"
 LABEL org.opencontainers.image.source="https://github.com/riverbed/steelscript"
+LABEL org.opencontainers.image.title="SteelScript - playground image"
+LABEL org.opencontainers.image.version="24.11.1"
 
-# separate out steelhead package to it picks up already installed dependencies
-RUN set -ex \
-        && buildDeps=' \
+# Install tools and deps for build
+RUN set -ex && \
+        tools=' \
+                git \
+                nano \
+                vim \
+        ' && \
+        buildDeps=' \
                 libpcap-dev \
-        ' \
-        && apt-get update && apt-get install -y $buildDeps --no-install-recommends && rm -rf /var/lib/apt/lists/* \
-        \
-        && pip install --src /src \
-            -e git+https://github.com/riverbed/steelscript#egg=steelscript \
-            -e git+https://github.com/riverbed/steelscript-netprofiler#egg=steelscript-netprofiler \
-            -e git+https://github.com/riverbed/steelscript-wireshark#egg=steelscript-wireshark \
-            -e git+https://github.com/riverbed/steelscript-cmdline#egg=steelscript-cmdline \
-            -e git+https://github.com/riverbed/steelscript-scc#egg=steelscript-scc \
-            -e git+https://github.com/riverbed/steelscript-appresponse#egg=steelscript-appresponse \
-            -e git+https://github.com/riverbed/steelscript-netim.git#egg=steelscript-netim \
-            -e git+https://github.com/riverbed/steelscript-client-accelerator-controller#egg=steelscript-cacontroller \
-        && pip install --src /src \
-            -e git+https://github.com/riverbed/steelscript-steelhead#egg=steelscript-steelhead \
-            -e git+https://github.com/riverbed/steelscript-packets.git@master#egg=steelscript-packets \
-        && rm -f /src/pip-delete-this-directory.txt \
-        && rm -rf ~/.cache
+        ' && \
+        apt-get update && \ 
+        apt-get upgrade -y && \ 
+        apt-get install -y $tools $buildDeps --no-install-recommends && \
+        rm -rf /var/lib/apt/lists/*
 
-RUN set -ex \
-        && steel mkworkspace -d /root/steelscript-workspace
+# Install SteelScript and modules, latest versions 
+RUN set -ex && \
+        pip install --no-cache-dir --upgrade pip && \
+        pip install --no-cache-dir --src /src \
+        -e git+https://github.com/riverbed/steelscript#egg=steelscript \
+        -e git+https://github.com/riverbed/steelscript-netprofiler#egg=steelscript-netprofiler \
+        -e git+https://github.com/riverbed/steelscript-wireshark#egg=steelscript-wireshark \
+        -e git+https://github.com/riverbed/steelscript-cmdline#egg=steelscript-cmdline \
+        -e git+https://github.com/riverbed/steelscript-scc#egg=steelscript-scc \
+        -e git+https://github.com/riverbed/steelscript-appresponse#egg=steelscript-appresponse \
+        -e git+https://github.com/riverbed/steelscript-netim#egg=steelscript-netim \
+        -e git+https://github.com/riverbed/steelscript-client-accelerator-controller#egg=steelscript-cacontroller \
+        -e git+https://github.com/riverbed/steelscript-steelhead#egg=steelscript-steelhead \
+        -e git+https://github.com/riverbed/steelscript-packets#egg=steelscript-packets 
 
-WORKDIR /root/steelscript-workspace
+# Cleanup
+RUN set -ex && \           
+        apt-get autoremove && \
+        apt-get clean && \
+        rm -rf ~/.cache
+
+# Create SteelScript workspace
+RUN set -ex && steel mkworkspace -d /steelscript/workspace
+WORKDIR /steelscript/workspace
 
 # Configure container startup
 CMD ["/bin/bash"]
diff --git a/Dockerfile.custom b/Dockerfile.custom
@@ -0,0 +1,31 @@
+# Dockerfile.custom
+# version: 24.11.1
+#
+# Riverbed SteelScript, https://github.com/riverbed/steelscript
+#
+# Usage
+#
+#   # Build the SteelScript Optimized image
+#
+#       docker build --tag steelscript.workload:latest -f Dockerfile.workload .
+#   
+#   # Build your SteelScript custom image
+#
+#       docker build --tag steelscript.your_custom_workload -f Dockerfile.custom .
+#
+#   # Run
+#       
+#      docker run --rm steelscript.your_custom_workload:latest python your_script.py
+
+FROM steelscript.workload:latest
+LABEL org.opencontainers.image.authors="Riverbed Community"
+LABEL org.opencontainers.image.source="https://github.com/riverbed/steelscript"
+LABEL org.opencontainers.image.title="SteelScript - custom workload"
+LABEL org.opencontainers.image.version="24.11.1"
+
+# Copy local script to the steelscript workdir (default: /steelscript)
+COPY *.py .
+
+
+# TODO: set the name of your script
+CMD ["python", "your_script.py"]
diff --git a/Dockerfile.dev b/Dockerfile.dev
@@ -1,9 +1,19 @@
 # Dockerfile.dev
-# version: 24.10.1
-
-FROM python:3.12
+# version: 24.11.1
+#
+# Riverbed SteelScript, https://github.com/riverbed/steelscript
+#
+# Usage
+#   
+#   # Build
+#
+#   docker build --tag steelscript.dev:latest -f Dockerfile.dev .
+
+FROM python:3.13
 LABEL org.opencontainers.image.authors="Riverbed Community"
 LABEL org.opencontainers.image.source="https://github.com/riverbed/steelscript"
+LABEL org.opencontainers.image.title="SteelScript - development"
+LABEL org.opencontainers.image.version="24.11.1"
 
 COPY steelscript /src-dev/steelscript 
 COPY steelscript-netprofiler /src-dev/steelscript-netprofiler
@@ -23,9 +33,10 @@ RUN set -ex \
                 libpcap-dev \
         ' \
         && apt-get update && apt-get install -y $buildDeps --no-install-recommends && rm -rf /var/lib/apt/lists/* 
-
-RUN set -ex \
-        && pip install --src /src \
+
+RUN set -ex && \
+        pip install --no-cache-dir --upgrade pip && \
+        pip install --src /src \
             -e /src-dev/steelscript \
             -e /src-dev/steelscript-netprofiler \
             -e /src-dev/steelscript-wireshark \
@@ -34,16 +45,13 @@ RUN set -ex \
             -e /src-dev/steelscript-appresponse \
             -e /src-dev/steelscript-netim \
             -e /src-dev/steelscript-client-accelerator-controller \
-        && pip install --src /src \
             -e /src-dev/steelscript-steelhead \
-            -e /src-dev/steelscript-packets \
-        && rm -f /src/pip-delete-this-directory.txt \
-        && rm -rf ~/.cache
+            -e /src-dev/steelscript-packets
 
 RUN set -ex \
-        && steel mkworkspace -d /root/steelscript-workspace
+        && steel mkworkspace -d /steelscript/workspace
 
-WORKDIR /root/steelscript-workspace
+WORKDIR /steelscript/workspace
 
 # Configure container startup
 CMD ["/bin/bash"]
diff --git a/Dockerfile.notebook b/Dockerfile.notebook
@@ -1,22 +1,31 @@
 # Dockerfile.notebook
-# version: 24.9.1
+# version: 24.11.1
+#
+# Riverbed SteelScript, https://github.com/riverbed/steelscript
 #
 # Usage
+#
+#   # Build the SteelScript for playground as a base image
+#
+#       docker build --tag steelscript:latest -f Dockerfile .
 #   
-#   # Build
-#   docker build --tag steelscript.notebook -f Dockerfile.notebook .
+#   # Build the SteelScript notebook image
+#
+#       docker build --tag steelscript.notebook -f Dockerfile.notebook .
 # 
 #   # Run with --init (tini)
-#   docker run --init --rm -p 8888:8888 --name=steelscript.notebook steelscript.notebook
+#
+#       docker run --init --rm -p 8888:8888 --name=steelscript.notebook steelscript.notebook
 
 FROM steelscript:latest
 LABEL org.opencontainers.image.authors="Riverbed Community"
 LABEL org.opencontainers.image.source="https://github.com/riverbed/steelscript"
+LABEL org.opencontainers.image.title="SteelScript - notebook playground image"
+LABEL org.opencontainers.image.version="24.11.1"
 
 RUN set -ex \
         && pip install ipython jupyter
 
 EXPOSE 8888
-WORKDIR /root/steelscript-workspace
 
 CMD ["/usr/local/bin/jupyter", "notebook", "--no-browser", "--allow-root", "--ip=0.0.0.0"]