From ab2b1db7b25542bb086fe095965c685199ce609d Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 20 May 2024 10:32:09 +0000 Subject: [PATCH 1/3] ci: update workflows to go 1.22 --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/release.yaml | 2 +- README.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 44beb4e3..071f1d61 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -36,7 +36,7 @@ jobs: - uses: actions/setup-go@v5 with: - go-version: "~1.21" + go-version: "~1.22" - name: Test run: make test @@ -48,7 +48,7 @@ jobs: - uses: actions/setup-go@v5 with: - go-version: "~1.21" + go-version: "~1.22" - name: Generate docs run: make docs @@ -63,7 +63,7 @@ jobs: - uses: actions/setup-go@v5 with: - go-version: "~1.21" + go-version: "~1.22" - name: Check format run: ./scripts/check_fmt.sh diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 770a0094..3f03b2fd 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: - uses: actions/setup-go@v3 with: - go-version: "~1.21" + go-version: "~1.22" - name: Docker Login uses: docker/login-action@v2 diff --git a/README.md b/README.md index 9a1a008f..a0d57db8 100644 --- a/README.md +++ b/README.md @@ -293,7 +293,7 @@ On MacOS or Windows systems, we recommend either using a VM or the provided `.de **Additional Requirements:** -- `go 1.21` +- `go 1.22` - `make` - Docker daemon (for running tests) From 373653eaba88ffb534ea5e21622a2c2b10a39eaa Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 20 May 2024 12:21:46 +0000 Subject: [PATCH 2/3] chore: update README with ENVBUILDER_ prefix --- README.md | 70 +++++++++++++++++++++++++------------------------- docs/docker.md | 2 +- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index a0d57db8..a4c667f1 100644 --- a/README.md +++ b/README.md @@ -22,15 +22,15 @@ Build development environments from a Dockerfile on Docker, Kubernetes, and Open ## Quickstart -The easiest way to get started is to run the `envbuilder` Docker container that clones a repository, builds the image from a Dockerfile, and runs the `$INIT_SCRIPT` in the freshly built container. +The easiest way to get started is to run the `envbuilder` Docker container that clones a repository, builds the image from a Dockerfile, and runs the `$ENVBUILDER_INIT_SCRIPT` in the freshly built container. > `/tmp/envbuilder` directory persists demo data between commands. You can choose a different directory. ```bash docker run -it --rm \ -v /tmp/envbuilder:/workspaces \ - -e GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer \ - -e INIT_SCRIPT=bash \ + -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer \ + -e ENVBUILDER_INIT_SCRIPT=bash \ ghcr.io/coder/envbuilder ``` @@ -51,14 +51,14 @@ Exit the container, and re-run the `docker run` command... after the build compl > Envbuilder performs destructive filesystem operations! To guard against accidental data > loss, it will refuse to run if it detects that KANIKO_DIR is not set to a specific value. > If you need to bypass this behavior for any reason, you can bypass this safety check by setting -> `FORCE_SAFE=true`. +> `ENVBUILDER_FORCE_SAFE=true`. ### Git Branch Selection -Choose a branch using `GIT_URL` with a _ref/heads_ reference. For instance: +Choose a branch using `ENVBUILDER_GIT_URL` with a _ref/heads_ reference. For instance: ``` -GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer/#refs/heads/my-feature-branch +ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder-starter-devcontainer/#refs/heads/my-feature-branch ``` ## Container Registry Authentication @@ -77,7 +77,7 @@ After you have a configuration that resembles the following: } ``` -`base64` encode the JSON and provide it to envbuilder as the `DOCKER_CONFIG_BASE64` environment variable. +`base64` encode the JSON and provide it to envbuilder as the `ENVBUILDER_DOCKER_CONFIG_BASE64` environment variable. Alternatively, if running `envbuilder` in Kubernetes, you can create an `ImagePullSecret` and pass it into the pod as a volume mount. This example will work for all registries. @@ -131,7 +131,7 @@ ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjog Provide the encoded JSON config to envbuilder: ```env -DOCKER_CONFIG_BASE64=ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo= +ENVBUILDER_DOCKER_CONFIG_BASE64=ewoJImF1dGhzIjogewoJCSJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CgkJCSJhdXRoIjogImJhc2U2NCBlbmNvZGVkIHRva2VuIgoJCX0KCX0KfQo= ``` ### Docker-in-Docker @@ -145,17 +145,17 @@ Two methods of authentication are supported: ### HTTP Authentication -If the `GIT_URL` supplied starts with `http://` or `https://`, envbuilder will -supply HTTP basic authentication using `GIT_USERNAME` and `GIT_PASSWORD`, if set. +If `ENVBUILDER_GIT_URL` starts with `http://` or `https://`, envbuilder will +authenticate with `ENVBUILDER_GIT_USERNAME` and `ENVBUILDER_GIT_PASSWORD`, if set. For access token-based authentication, follow the following schema (if empty, there's no need to provide the field): -| Provider | `GIT_USERNAME` | `GIT_PASSWORD` | -| ------------ | -------------- | -------------- | -| GitHub | [access-token] | | -| GitLab | oauth2 | [access-token] | -| BitBucket | x-token-auth | [access-token] | -| Azure DevOps | [access-token] | | +| Provider | `ENVBUILDER_GIT_USERNAME` | `ENVBUILDER_GIT_PASSWORD` | +| ------------ | ------------------------- | ------------------------- | +| GitHub | [access-token] | | +| GitLab | oauth2 | [access-token] | +| BitBucket | x-token-auth | [access-token] | +| Azure DevOps | [access-token] | | If using envbuilder inside of [Coder](https://github.com/coder/coder), you can use the `coder_external_auth` Terraform resource to automatically provide this token on workspace creation: @@ -166,27 +166,27 @@ data "coder_external_auth" "github" { resource "docker_container" "dev" { env = [ - GIT_USERNAME = data.coder_external_auth.github.access_token, + ENVBUILDER_GIT_USERNAME = data.coder_external_auth.github.access_token, ] } ``` ### SSH Authentication -If the `GIT_URL` supplied does not start with `http://` or `https://`, +If `ENVBUILDER_GIT_URL` does not start with `http://` or `https://`, envbuilder will assume SSH authentication. You have the following options: -1. Public/Private key authentication: set `GIT_SSH_KEY_PATH` to the path of an +1. Public/Private key authentication: set `ENVBUILDER_GIT_SSH_KEY_PATH` to the path of an SSH private key mounted inside the container. Envbuilder will use this SSH key to authenticate. Example: ```bash docker run -it --rm \ -v /tmp/envbuilder:/workspaces \ - -e GIT_URL=git@example.com:path/to/private/repo.git \ - -e GIT_SSH_KEY_PATH=/.ssh/id_rsa \ + -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \ + -e ENVBUILDER_INIT_SCRIPT=bash \ + -e ENVBUILDER_GIT_SSH_KEY_PATH=/.ssh/id_rsa \ -v /home/user/id_rsa:/.ssh/id_rsa \ - -e INIT_SCRIPT=bash \ ghcr.io/coder/envbuilder ``` @@ -195,8 +195,8 @@ envbuilder will assume SSH authentication. You have the following options: ```bash docker run -it --rm \ -v /tmp/envbuilder:/workspaces \ - -e GIT_URL=git@example.com:path/to/private/repo.git \ - -e INIT_SCRIPT=bash \ + -e ENVBUILDER_GIT_URL=git@example.com:path/to/private/repo.git \ + -e ENVBUILDER_INIT_SCRIPT=bash \ -e SSH_AUTH_SOCK=/tmp/ssh-auth-sock \ -v $SSH_AUTH_SOCK:/tmp/ssh-auth-sock \ ghcr.io/coder/envbuilder @@ -252,38 +252,38 @@ A sample script to pre-fetch a number of images can be viewed [here](./examples/ ## Setup Script -The `SETUP_SCRIPT` environment variable dynamically configures the user and init command (PID 1) after the container build process. +The `ENVBUILDER_SETUP_SCRIPT` environment variable dynamically configures the user and init command (PID 1) after the container build process. > [!NOTE] -> `TARGET_USER` is passed to the setup script to specify who will execute `INIT_COMMAND` (e.g., `code`). +> `TARGET_USER` is passed to the setup script to specify who will execute `ENVBUILDER_INIT_COMMAND` (e.g., `code`). Write the following to `$ENVBUILDER_ENV` to shape the container's init process: -- `TARGET_USER`: Identifies the `INIT_COMMAND` executor (e.g.`root`). -- `INIT_COMMAND`: Defines the command executed by `TARGET_USER` (e.g. `/bin/bash`). -- `INIT_ARGS`: Arguments provided to `INIT_COMMAND` (e.g. `-c 'sleep infinity'`). +- `TARGET_USER`: Identifies the `ENVBUILDER_INIT_COMMAND` executor (e.g.`root`). +- `ENVBUILDER_INIT_COMMAND`: Defines the command executed by `TARGET_USER` (e.g. `/bin/bash`). +- `ENVBUILDER_INIT_ARGS`: Arguments provided to `ENVBUILDER_INIT_COMMAND` (e.g. `-c 'sleep infinity'`). ```bash # init.sh - change the init if systemd exists if command -v systemd >/dev/null; then echo "Hey 👋 $TARGET_USER" - echo INIT_COMMAND=systemd >> $ENVBUILDER_ENV + echo ENVBUILDER_INIT_COMMAND=systemd >> $ENVBUILDER_ENV else - echo INIT_COMMAND=bash >> $ENVBUILDER_ENV + echo ENVBUILDER_INIT_COMMAND=bash >> $ENVBUILDER_ENV fi # run envbuilder with the setup script docker run -it --rm \ -v ./:/some-dir \ - -e SETUP_SCRIPT=/some-dir/init.sh \ + -e ENVBUILDER_SETUP_SCRIPT=/some-dir/init.sh \ ... ``` ## Custom Certificates -- [`SSL_CERT_FILE`](https://go.dev/src/crypto/x509/root_unix.go#L19): Specifies the path to an SSL certificate. -- [`SSL_CERT_DIR`](https://go.dev/src/crypto/x509/root_unix.go#L25): Identifies which directory to check for SSL certificate files. -- `SSL_CERT_BASE64`: Specifies a base64-encoded SSL certificate that will be added to the global certificate pool on start. +- [`ENVBUILDER_SSL_CERT_FILE`](https://go.dev/src/crypto/x509/root_unix.go#L19): Specifies the path to an SSL certificate. +- [`ENVBUILDER_SSL_CERT_DIR`](https://go.dev/src/crypto/x509/root_unix.go#L25): Identifies which directory to check for SSL certificate files. +- `ENVBUILDER_SSL_CERT_BASE64`: Specifies a base64-encoded SSL certificate that will be added to the global certificate pool on start. # Local Development diff --git a/docs/docker.md b/docs/docker.md index d11eb4d3..4ed032e3 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -23,7 +23,7 @@ docker run -it --rm \ -e ENVBUILDER_GIT_URL=https://github.com/coder/envbuilder \ -e ENVBUILDER_DEVCONTAINER_DIR=/workspaces/envbuilder/examples/docker/01_dood \ -e ENVBUILDER_INIT_SCRIPT=bash \ - -v /var/run/docker.socket:/var/run/docker.socket \ + -v /var/run/docker.sock:/var/run/docker.sock \ ghcr.io/coder/envbuilder:latest ``` From 26c4a007d5aae00c171abb8a1a2d15ae08789af8 Mon Sep 17 00:00:00 2001 From: Cian Johnston Date: Mon, 20 May 2024 12:23:21 +0000 Subject: [PATCH 3/3] fixup! chore: update README with ENVBUILDER_ prefix --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index a4c667f1..7ae3de4b 100644 --- a/README.md +++ b/README.md @@ -209,18 +209,18 @@ envbuilder will assume SSH authentication. You have the following options: ## Layer Caching -Cache layers in a container registry to speed up builds. To enable caching, [authenticate with your registry](#container-registry-authentication) and set the `CACHE_REPO` environment variable. +Cache layers in a container registry to speed up builds. To enable caching, [authenticate with your registry](#container-registry-authentication) and set the `ENVBUILDER_CACHE_REPO` environment variable. ```bash CACHE_REPO=ghcr.io/coder/repo-cache ``` -To experiment without setting up a registry, use `LAYER_CACHE_DIR`: +To experiment without setting up a registry, use `ENVBUILDER_LAYER_CACHE_DIR`: ```bash docker run -it --rm \ -v /tmp/envbuilder-cache:/cache \ - -e LAYER_CACHE_DIR=/cache + -e ENVBUILDER_LAYER_CACHE_DIR=/cache ... ``` @@ -243,7 +243,7 @@ docker run --rm \ # Run envbuilder with the local image cache. docker run -it --rm \ -v /tmp/kaniko-cache:/image-cache:ro \ - -e BASE_IMAGE_CACHE_DIR=/image-cache + -e ENVBUILDER_BASE_IMAGE_CACHE_DIR=/image-cache ``` In Kubernetes, you can pre-populate a persistent volume with the same warmer image, then mount it into many workspaces with the [`ReadOnlyMany` access mode](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes).