fix: reduce sentinel docker build steps
This commit is contained in:
@@ -371,7 +371,7 @@ function sentinelImagePlan(spec: HwlabRuntimeLaneSpec, cicd: Record<string, unkn
|
||||
const baseImage = stringTarget(readWebProbeSentinelConfigRefTarget(spec, baseImageRef), baseImageRef);
|
||||
const entrypoint = stringAt(cicd, "source.entrypoint");
|
||||
const monitorWeb = monitorWebCicdPlan(cicd);
|
||||
const dockerfile = sentinelDockerfile(baseImage, entrypoint, stringAt(monitorWeb, "envReuseNodeDepsPath"));
|
||||
const dockerfile = sentinelDockerfile(baseImage, entrypoint);
|
||||
return {
|
||||
repository,
|
||||
tag,
|
||||
@@ -386,23 +386,13 @@ function sentinelImagePlan(spec: HwlabRuntimeLaneSpec, cicd: Record<string, unkn
|
||||
};
|
||||
}
|
||||
|
||||
function sentinelDockerfile(baseImage: string, entrypoint: string, envReuseNodeDepsPath: string): string {
|
||||
const nodeDepsPath = shellQuote(envReuseNodeDepsPath);
|
||||
function sentinelDockerfile(baseImage: string, entrypoint: string): string {
|
||||
return [
|
||||
`FROM ${baseImage}`,
|
||||
"ARG HTTP_PROXY",
|
||||
"ARG HTTPS_PROXY",
|
||||
"ARG ALL_PROXY",
|
||||
"ARG NO_PROXY",
|
||||
"ARG http_proxy",
|
||||
"ARG https_proxy",
|
||||
"ARG all_proxy",
|
||||
"ARG no_proxy",
|
||||
"WORKDIR /app",
|
||||
"COPY . /app",
|
||||
`RUN if [ -d ${nodeDepsPath} ]; then mkdir -p /app/node_modules; for dep in ${nodeDepsPath}/*; do ln -sf "$dep" "/app/node_modules/$(basename "$dep")"; done; fi`,
|
||||
"RUN printf '%s\\n' '#!/bin/sh' 'exec bun /app/scripts/ssh-cli.ts \"$@\"' > /usr/local/bin/trans && chmod 0755 /usr/local/bin/trans",
|
||||
"ENV NODE_ENV=production",
|
||||
"COPY .unidesk-sentinel-bin/trans /usr/local/bin/trans",
|
||||
"COPY . /app",
|
||||
`ENTRYPOINT ["bun", "${entrypoint}"]`,
|
||||
"",
|
||||
].join("\n");
|
||||
@@ -419,6 +409,7 @@ function monitorWebCicdPlan(cicd: Record<string, unknown>): Record<string, unkno
|
||||
envReuseMode: stringAtNullable(cicd, "monitorWeb.envReuse.mode") ?? "docker-layer-and-ci-node-deps",
|
||||
envReuseNodeDepsPath: stringAtNullable(cicd, "monitorWeb.envReuse.nodeDepsPath") ?? "/opt/hwlab-ci-node-deps/node_modules",
|
||||
verifyPhase: stringAtNullable(cicd, "monitorWeb.dockerBuild.verifyPhase") ?? "pre-docker-build",
|
||||
dockerBuildPackageMode: stringAtNullable(cicd, "monitorWeb.dockerBuild.packageMode") ?? "copy-only-dockerfile",
|
||||
dockerBuildNetworkMode: monitorWebDockerBuildNetworkMode(cicd),
|
||||
dockerBuildProxySource: stringAtNullable(cicd, "monitorWeb.dockerBuild.proxySource") ?? "node.networkProfile.dockerBuildProxy",
|
||||
dockerBuildContextIgnore: stringAtNullable(cicd, "monitorWeb.dockerBuild.contextIgnore") ?? "generated",
|
||||
@@ -1683,6 +1674,7 @@ function sentinelPublishShell(state: SentinelCicdState, jobName: string, publish
|
||||
const dockerfileB64 = Buffer.from(state.image.dockerfilePreview, "utf8").toString("base64");
|
||||
const envReuseMode = stringAt(monitorWeb, "envReuseMode");
|
||||
const envReuseNodeDepsPath = stringAt(monitorWeb, "envReuseNodeDepsPath");
|
||||
const dockerBuildPackageMode = stringAt(monitorWeb, "dockerBuildPackageMode");
|
||||
const dockerBuildNetworkMode = stringAt(monitorWeb, "dockerBuildNetworkMode");
|
||||
const dockerBuildProxySource = stringAt(monitorWeb, "dockerBuildProxySource");
|
||||
const dockerBuildProxy = state.spec.networkProfile.dockerBuildProxy;
|
||||
@@ -1703,6 +1695,7 @@ function sentinelPublishShell(state: SentinelCicdState, jobName: string, publish
|
||||
`files_b64=${shellQuote(filesB64)}`,
|
||||
`env_reuse_mode=${shellQuote(envReuseMode)}`,
|
||||
`env_reuse_node_deps_path=${shellQuote(envReuseNodeDepsPath)}`,
|
||||
`docker_build_package_mode=${shellQuote(dockerBuildPackageMode)}`,
|
||||
`docker_build_network_mode=${shellQuote(dockerBuildNetworkMode)}`,
|
||||
`docker_build_proxy_source=${shellQuote(dockerBuildProxySource)}`,
|
||||
`docker_build_http_proxy=${shellQuote(dockerBuildProxy.http)}`,
|
||||
@@ -1755,6 +1748,12 @@ function sentinelPublishShell(state: SentinelCicdState, jobName: string, publish
|
||||
"cat /tmp/web-probe-sentinel-monitor-web-verify.log",
|
||||
"monitor_web_verify_finished_ms=$(node -e 'console.log(Date.now())')",
|
||||
"emit_stage monitor-web-verify succeeded \"$monitor_web_verify_started_ms\"",
|
||||
"mkdir -p .unidesk-sentinel-bin",
|
||||
"cat > .unidesk-sentinel-bin/trans <<'SH_TRANS'",
|
||||
"#!/bin/sh",
|
||||
"exec bun /app/scripts/ssh-cli.ts \"$@\"",
|
||||
"SH_TRANS",
|
||||
"chmod 0755 .unidesk-sentinel-bin/trans",
|
||||
"DOCKERFILE_B64=\"$dockerfile_b64\" node <<'NODE'",
|
||||
"const fs = require('node:fs');",
|
||||
"fs.writeFileSync('Dockerfile.web-probe-sentinel', Buffer.from(process.env.DOCKERFILE_B64 || '', 'base64'));",
|
||||
@@ -1843,11 +1842,11 @@ function sentinelPublishShell(state: SentinelCicdState, jobName: string, publish
|
||||
"fi",
|
||||
"gitops_finished_ms=$(node -e 'console.log(Date.now())')",
|
||||
"finished_ms=$(node -e 'console.log(Date.now())')",
|
||||
"node - \"$job_name\" \"$source_commit\" \"$mirror_commit\" \"$image_ref\" \"$digest_ref\" \"$gitops_commit\" \"$changed\" \"$file_count\" \"$started_ms\" \"$finished_ms\" \"$source_fetch_started_ms\" \"$source_fetch_finished_ms\" \"$monitor_web_verify_started_ms\" \"$monitor_web_verify_finished_ms\" \"$docker_build_started_ms\" \"$docker_build_finished_ms\" \"$docker_push_started_ms\" \"$docker_push_finished_ms\" \"$gitops_started_ms\" \"$gitops_finished_ms\" \"$env_reuse_mode\" \"$env_reuse_node_deps_path\" \"$env_reuse_node_deps_present\" \"$env_reuse_node_deps_entries\" \"$env_reuse_linked_node_deps\" \"$docker_build_cache_hits\" \"$docker_build_step_lines\" \"$docker_build_log_tail_b64\" \"$docker_build_network_mode\" \"$docker_build_proxy_source\" \"$docker_build_http_proxy_present\" \"$docker_build_https_proxy_present\" \"$docker_build_all_proxy_present\" \"$docker_build_no_proxy_present\" \"$docker_ignore_entries\" <<'NODE'",
|
||||
"const [jobName, sourceCommit, mirrorCommit, imageRef, digestRef, gitopsCommit, changed, fileCount, startedMs, finishedMs, sourceFetchStartedMs, sourceFetchFinishedMs, monitorWebVerifyStartedMs, monitorWebVerifyFinishedMs, dockerBuildStartedMs, dockerBuildFinishedMs, dockerPushStartedMs, dockerPushFinishedMs, gitopsStartedMs, gitopsFinishedMs, envReuseMode, envReuseNodeDepsPath, envReuseNodeDepsPresent, envReuseNodeDepsEntries, envReuseLinkedNodeDeps, dockerBuildCacheHits, dockerBuildStepLines, dockerBuildLogTailB64, dockerBuildNetworkMode, dockerBuildProxySource, dockerBuildHttpProxyPresent, dockerBuildHttpsProxyPresent, dockerBuildAllProxyPresent, dockerBuildNoProxyPresent, dockerIgnoreEntries] = process.argv.slice(2);",
|
||||
"node - \"$job_name\" \"$source_commit\" \"$mirror_commit\" \"$image_ref\" \"$digest_ref\" \"$gitops_commit\" \"$changed\" \"$file_count\" \"$started_ms\" \"$finished_ms\" \"$source_fetch_started_ms\" \"$source_fetch_finished_ms\" \"$monitor_web_verify_started_ms\" \"$monitor_web_verify_finished_ms\" \"$docker_build_started_ms\" \"$docker_build_finished_ms\" \"$docker_push_started_ms\" \"$docker_push_finished_ms\" \"$gitops_started_ms\" \"$gitops_finished_ms\" \"$env_reuse_mode\" \"$env_reuse_node_deps_path\" \"$env_reuse_node_deps_present\" \"$env_reuse_node_deps_entries\" \"$env_reuse_linked_node_deps\" \"$docker_build_cache_hits\" \"$docker_build_step_lines\" \"$docker_build_log_tail_b64\" \"$docker_build_package_mode\" \"$docker_build_network_mode\" \"$docker_build_proxy_source\" \"$docker_build_http_proxy_present\" \"$docker_build_https_proxy_present\" \"$docker_build_all_proxy_present\" \"$docker_build_no_proxy_present\" \"$docker_ignore_entries\" <<'NODE'",
|
||||
"const [jobName, sourceCommit, mirrorCommit, imageRef, digestRef, gitopsCommit, changed, fileCount, startedMs, finishedMs, sourceFetchStartedMs, sourceFetchFinishedMs, monitorWebVerifyStartedMs, monitorWebVerifyFinishedMs, dockerBuildStartedMs, dockerBuildFinishedMs, dockerPushStartedMs, dockerPushFinishedMs, gitopsStartedMs, gitopsFinishedMs, envReuseMode, envReuseNodeDepsPath, envReuseNodeDepsPresent, envReuseNodeDepsEntries, envReuseLinkedNodeDeps, dockerBuildCacheHits, dockerBuildStepLines, dockerBuildLogTailB64, dockerBuildPackageMode, dockerBuildNetworkMode, dockerBuildProxySource, dockerBuildHttpProxyPresent, dockerBuildHttpsProxyPresent, dockerBuildAllProxyPresent, dockerBuildNoProxyPresent, dockerIgnoreEntries] = process.argv.slice(2);",
|
||||
"const elapsed = (start, finish) => Number(finish) - Number(start);",
|
||||
"const cacheHits = Number(dockerBuildCacheHits || 0);",
|
||||
"console.log(JSON.stringify({ ok:true, status:'succeeded', jobName, sourceCommit, mirrorCommit, imageRef, digestRef, gitopsCommit: gitopsCommit || null, changed: changed === 'true', fileCount: Number(fileCount || 0), elapsedMs: elapsed(startedMs, finishedMs), stageTimings: { sourceFetchMs: elapsed(sourceFetchStartedMs, sourceFetchFinishedMs), monitorWebVerifyMs: elapsed(monitorWebVerifyStartedMs, monitorWebVerifyFinishedMs), dockerBuildMs: elapsed(dockerBuildStartedMs, dockerBuildFinishedMs), dockerPushMs: elapsed(dockerPushStartedMs, dockerPushFinishedMs), gitopsMs: elapsed(gitopsStartedMs, gitopsFinishedMs), totalMs: elapsed(startedMs, finishedMs), valuesRedacted:true }, envReuse: { mode: envReuseMode, nodeDepsPath: envReuseNodeDepsPath, nodeDepsPresent: envReuseNodeDepsPresent === 'true', nodeDepsEntries: Number(envReuseNodeDepsEntries || 0), linkedNodeDeps: Number(envReuseLinkedNodeDeps || 0), dependencyReuse: envReuseNodeDepsPresent === 'true' ? 'hit' : 'miss', valuesRedacted:true }, dockerBuild: { cacheHitLines: cacheHits, stepLines: Number(dockerBuildStepLines || 0), layerCache: cacheHits > 0 ? 'hit' : 'unknown-or-miss', networkMode: dockerBuildNetworkMode, proxySource: dockerBuildProxySource, proxy: { httpProxyPresent: dockerBuildHttpProxyPresent === 'true', httpsProxyPresent: dockerBuildHttpsProxyPresent === 'true', allProxyPresent: dockerBuildAllProxyPresent === 'true', noProxyPresent: dockerBuildNoProxyPresent === 'true', valuesRedacted:true }, dockerIgnoreEntries: Number(dockerIgnoreEntries || 0), verifyLocation: 'pre-docker-build', logTail: Buffer.from(dockerBuildLogTailB64 || '', 'base64').toString('utf8'), valuesRedacted:true }, completedStages: ['source-fetch', 'monitor-web-verify', 'docker-build', 'docker-push', gitopsCommit ? 'gitops' : 'gitops-skipped'], valuesRedacted:true }));",
|
||||
"console.log(JSON.stringify({ ok:true, status:'succeeded', jobName, sourceCommit, mirrorCommit, imageRef, digestRef, gitopsCommit: gitopsCommit || null, changed: changed === 'true', fileCount: Number(fileCount || 0), elapsedMs: elapsed(startedMs, finishedMs), stageTimings: { sourceFetchMs: elapsed(sourceFetchStartedMs, sourceFetchFinishedMs), monitorWebVerifyMs: elapsed(monitorWebVerifyStartedMs, monitorWebVerifyFinishedMs), dockerBuildMs: elapsed(dockerBuildStartedMs, dockerBuildFinishedMs), dockerPushMs: elapsed(dockerPushStartedMs, dockerPushFinishedMs), gitopsMs: elapsed(gitopsStartedMs, gitopsFinishedMs), totalMs: elapsed(startedMs, finishedMs), valuesRedacted:true }, envReuse: { mode: envReuseMode, nodeDepsPath: envReuseNodeDepsPath, nodeDepsPresent: envReuseNodeDepsPresent === 'true', nodeDepsEntries: Number(envReuseNodeDepsEntries || 0), linkedNodeDeps: Number(envReuseLinkedNodeDeps || 0), dependencyReuse: envReuseNodeDepsPresent === 'true' ? 'hit' : 'miss', valuesRedacted:true }, dockerBuild: { cacheHitLines: cacheHits, stepLines: Number(dockerBuildStepLines || 0), layerCache: cacheHits > 0 ? 'hit' : 'unknown-or-miss', packageMode: dockerBuildPackageMode, networkMode: dockerBuildNetworkMode, proxySource: dockerBuildProxySource, proxy: { httpProxyPresent: dockerBuildHttpProxyPresent === 'true', httpsProxyPresent: dockerBuildHttpsProxyPresent === 'true', allProxyPresent: dockerBuildAllProxyPresent === 'true', noProxyPresent: dockerBuildNoProxyPresent === 'true', valuesRedacted:true }, dockerIgnoreEntries: Number(dockerIgnoreEntries || 0), verifyLocation: 'pre-docker-build', logTail: Buffer.from(dockerBuildLogTailB64 || '', 'base64').toString('utf8'), valuesRedacted:true }, completedStages: ['source-fetch', 'monitor-web-verify', 'docker-build', 'docker-push', gitopsCommit ? 'gitops' : 'gitops-skipped'], valuesRedacted:true }));",
|
||||
"NODE",
|
||||
"trap - EXIT",
|
||||
].join("\n");
|
||||
@@ -2677,7 +2676,8 @@ function renderPublishResult(publish: Record<string, unknown>): string {
|
||||
lines.push(
|
||||
"",
|
||||
"PUBLISH_BUILD",
|
||||
table(["NETWORK", "PROXY", "IGNORE", "CACHE", "CACHE_LINES", "STEP_LINES", "SOURCE_MS", "VERIFY_MS", "BUILD_MS", "PUSH_MS", "GITOPS_MS", "TOTAL_MS"], [[
|
||||
table(["PACKAGE", "NETWORK", "PROXY", "IGNORE", "CACHE", "CACHE_LINES", "STEP_LINES", "SOURCE_MS", "VERIFY_MS", "BUILD_MS", "PUSH_MS", "GITOPS_MS", "TOTAL_MS"], [[
|
||||
dockerBuild.packageMode ?? "-",
|
||||
dockerBuild.networkMode ?? "-",
|
||||
proxySummary,
|
||||
dockerBuild.dockerIgnoreEntries ?? "-",
|
||||
@@ -2742,7 +2742,7 @@ function renderImageResult(result: Record<string, unknown>): string {
|
||||
"",
|
||||
table(["IMAGE", "BASE", "ENTRYPOINT", "DOCKERFILE"], [[image.ref, image.baseImage, image.entrypoint, short(image.dockerfileSha256)]]),
|
||||
"",
|
||||
Object.keys(monitorWeb).length === 0 ? "MONITOR_WEB\n-" : table(["STACK", "MODE", "ASSETS", "VERIFY", "ENV_REUSE", "BUILD_NET", "CTX_IGNORE"], [[monitorWeb.stack, monitorWeb.runtimeMode, monitorWeb.assetRoot, monitorWeb.verifyCommand, `${monitorWeb.envReuseMode}:${monitorWeb.envReuseNodeDepsPath}`, monitorWeb.dockerBuildNetworkMode, monitorWeb.dockerBuildContextIgnore]]),
|
||||
Object.keys(monitorWeb).length === 0 ? "MONITOR_WEB\n-" : table(["STACK", "MODE", "ASSETS", "VERIFY", "ENV_REUSE", "BUILD_PKG", "BUILD_NET", "CTX_IGNORE"], [[monitorWeb.stack, monitorWeb.runtimeMode, monitorWeb.assetRoot, monitorWeb.verifyCommand, `${monitorWeb.envReuseMode}:${monitorWeb.envReuseNodeDepsPath}`, monitorWeb.dockerBuildPackageMode, monitorWeb.dockerBuildNetworkMode, monitorWeb.dockerBuildContextIgnore]]),
|
||||
"",
|
||||
Object.keys(registry).length === 0 ? "REGISTRY\n-" : table(["PROBED", "PRESENT", "DIGEST"], [[record(registry.probe).url ?? "-", record(registry.probe).present ?? "-", short(record(registry.probe).digest)]]),
|
||||
"",
|
||||
|
||||
Reference in New Issue
Block a user