-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDockerfile
More file actions
196 lines (158 loc) · 9.49 KB
/
Copy pathDockerfile
File metadata and controls
196 lines (158 loc) · 9.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
# syntax=docker/dockerfile:1
FROM bringauto/cpp-build-environment:latest AS cpp_build_base
ARG CMCONF_VERSION=master
RUN mkdir -p /home/bringauto/cmconf && \
wget -O /home/bringauto/cmconf/CMCONF_FLEET_PROTOCOLConfig.cmake \
https://github.com/bringauto/packager-fleet-protocol-context/raw/"$CMCONF_VERSION"/config/CMCONF_FLEET_PROTOCOLConfig.cmake
FROM cpp_build_base AS mission_module_builder
# NOTE: v2.0.0 tag is created only after mission-module PR #31 is merged
# (branch protection currently blocks self-merge — awaiting approval).
ARG MISSION_MODULE_VERSION=v2.0.1
WORKDIR /home/bringauto/modules
ARG CMLIB_REQUIRED_ENV_TMP_PATH=/home/bringauto/modules/cmlib_cache
RUN mkdir -p /home/bringauto/modules/cmake && \
wget -O CMakeLists.txt https://github.com/bringauto/mission-module/raw/"$MISSION_MODULE_VERSION"/CMakeLists.txt && \
wget -O CMLibStorage.cmake https://github.com/bringauto/mission-module/raw/"$MISSION_MODULE_VERSION"/CMLibStorage.cmake && \
wget -O cmake/Dependencies.cmake https://github.com/bringauto/mission-module/raw/"$MISSION_MODULE_VERSION"/cmake/Dependencies.cmake
WORKDIR /home/bringauto/modules/package_build
RUN cmake .. -DCMAKE_BUILD_TYPE=Release -DBRINGAUTO_GET_PACKAGES_ONLY=ON \
-DCMCONF_FLEET_PROTOCOL_DIR=/home/bringauto/cmconf
# Build mission module
WORKDIR /home/bringauto
ADD --chown=bringauto:bringauto https://github.com/bringauto/mission-module.git#$MISSION_MODULE_VERSION mission-module
WORKDIR /home/bringauto/mission-module/_build
RUN cmake -DCMAKE_BUILD_TYPE=Release -DBRINGAUTO_INSTALL=ON \
-DCMAKE_INSTALL_PREFIX=/home/bringauto/modules/mission_module/ \
-DFLEET_PROTOCOL_BUILD_MODULE_GATEWAY=OFF \
-DCMCONF_FLEET_PROTOCOL_DIR=/home/bringauto/cmconf .. && \
make install
FROM cpp_build_base AS io_module_builder
ARG IO_MODULE_VERSION=v1.3.6
WORKDIR /home/bringauto/modules
ARG CMLIB_REQUIRED_ENV_TMP_PATH=/home/bringauto/modules/cmlib_cache
RUN mkdir -p /home/bringauto/modules/cmake && \
wget -O CMakeLists.txt https://github.com/bringauto/io-module/raw/"$IO_MODULE_VERSION"/CMakeLists.txt && \
wget -O CMLibStorage.cmake https://github.com/bringauto/io-module/raw/"$IO_MODULE_VERSION"/CMLibStorage.cmake && \
wget -O cmake/Dependencies.cmake https://github.com/bringauto/io-module/raw/"$IO_MODULE_VERSION"/cmake/Dependencies.cmake
WORKDIR /home/bringauto/modules/package_build
RUN cmake .. -DCMAKE_BUILD_TYPE=Release -DBRINGAUTO_GET_PACKAGES_ONLY=ON \
-DCMCONF_FLEET_PROTOCOL_DIR=/home/bringauto/cmconf
# Build io module
WORKDIR /home/bringauto
ADD --chown=bringauto:bringauto https://github.com/bringauto/io-module.git#$IO_MODULE_VERSION io-module
WORKDIR /home/bringauto/io-module/_build
RUN cmake -DCMAKE_BUILD_TYPE=Release -DBRINGAUTO_INSTALL=ON \
-DCMAKE_INSTALL_PREFIX=/home/bringauto/modules/io_module/ \
-DFLEET_PROTOCOL_BUILD_MODULE_GATEWAY=OFF \
-DCMCONF_FLEET_PROTOCOL_DIR=/home/bringauto/cmconf .. && \
make install
FROM cpp_build_base AS transparent_module_builder
ARG TRANSPARENT_MODULE_VERSION=v1.0.6
WORKDIR /home/bringauto/modules
ARG CMLIB_REQUIRED_ENV_TMP_PATH=/home/bringauto/modules/cmlib_cache
RUN mkdir -p /home/bringauto/modules/cmake && \
wget -O CMakeLists.txt https://github.com/bringauto/transparent-module/raw/"$TRANSPARENT_MODULE_VERSION"/CMakeLists.txt && \
wget -O CMLibStorage.cmake https://github.com/bringauto/transparent-module/raw/"$TRANSPARENT_MODULE_VERSION"/CMLibStorage.cmake && \
wget -O cmake/Dependencies.cmake https://github.com/bringauto/transparent-module/raw/"$TRANSPARENT_MODULE_VERSION"/cmake/Dependencies.cmake
WORKDIR /home/bringauto/modules/package_build
RUN cmake .. -DCMAKE_BUILD_TYPE=Release -DBRINGAUTO_GET_PACKAGES_ONLY=ON \
-DCMCONF_FLEET_PROTOCOL_DIR=/home/bringauto/cmconf
# Build transparent module
WORKDIR /home/bringauto/
ADD --chown=bringauto:bringauto https://github.com/bringauto/transparent-module.git#$TRANSPARENT_MODULE_VERSION transparent-module
WORKDIR /home/bringauto/transparent-module/_build
RUN cmake .. -DCMAKE_BUILD_TYPE=Release -DBRINGAUTO_INSTALL=ON \
-DCMAKE_INSTALL_PREFIX=/home/bringauto/modules/transparent_module/ \
-DFLEET_PROTOCOL_BUILD_MODULE_GATEWAY=OFF \
-DCMCONF_FLEET_PROTOCOL_DIR=/home/bringauto/cmconf && \
make install
# ============================================================================
# teleop module builder
#
# teleop-module lives on a PRIVATE gitlab.bringauto.com repo, so it is cloned
# with the TeamCity gitlab access token. The token is passed as a BuildKit
# secret (NOT a build ARG/ENV) so it is never written into an image layer or
# `docker history`.
#
# TeamCity wiring (see teamcity-settings, drafted alongside this change):
# * The build exposes the shared gitlab access token
# (credentialsJSON:fb400766-9fbe-4c3d-967c-6158545b143e, the same
# "gitlabAccessToken" used by the VCS features) as the secure env var
# BA_GITLAB_TOKEN, following the existing Hardware_LightDBW precedent.
# * The "Docker build" step passes it to BuildKit as a secret:
# --secret id=gitlab_token,env=BA_GITLAB_TOKEN
# (requires BuildKit; the Dockerfile already opts in via the top
# `# syntax=docker/dockerfile:1` directive).
# * Local equivalent:
# DOCKER_BUILDKIT=1 docker build \
# --secret id=gitlab_token,env=BA_GITLAB_TOKEN \
# -t external-server .
#
# Verified locally with GCC 13.3.0 that teleop-module v1.0.4 builds the
# external-server shared lib against gitea packages (incl. ba-logger v2.0.0),
# producing libteleop-external-server-shared.so. The clone form
# (https://oauth2:<token>@gitlab.bringauto.com/...) was verified against the
# real private repo. NOTE: the library is copied into the final image below and
# registered as module id 3 in config/for_docker.json (confirm api_url/car_name
# for your deployment).
# ============================================================================
FROM cpp_build_base AS teleop_module_builder
ARG TELEOP_MODULE_VERSION=v1.1.0
ARG TELEOP_MODULE_REPO_HOST=gitlab.bringauto.com
ARG TELEOP_MODULE_REPO_PATH=bring-auto/teleoperation/control/teleop-module
WORKDIR /home/bringauto
ARG CMLIB_REQUIRED_ENV_TMP_PATH=/home/bringauto/modules/cmlib_cache
# Clone the private repo at the release tag using the mounted token. Using a
# shallow clone of the working tree (rather than wget of raw files +
# `ADD <git-url>`) keeps the credential in a single secret-mounted step and out
# of the image. The clone (incl. its tokenised remote URL in .git/config) lives
# only in this builder stage, which is discarded — the final image copies just
# /home/bringauto/modules.
RUN --mount=type=secret,id=gitlab_token,required=true,uid=5000 \
BA_GITLAB_TOKEN="$(cat /run/secrets/gitlab_token)" && \
git clone --depth 1 --branch "$TELEOP_MODULE_VERSION" \
"https://oauth2:${BA_GITLAB_TOKEN}@${TELEOP_MODULE_REPO_HOST}/${TELEOP_MODULE_REPO_PATH}.git" \
/home/bringauto/teleop-module
# Pre-fetch dependency packages (mirrors the other module stages); reuse the
# cmake files from the clone instead of re-downloading them.
RUN mkdir -p /home/bringauto/modules/cmake && \
cp /home/bringauto/teleop-module/CMakeLists.txt /home/bringauto/modules/CMakeLists.txt && \
cp /home/bringauto/teleop-module/CMLibStorage.cmake /home/bringauto/modules/CMLibStorage.cmake && \
cp /home/bringauto/teleop-module/cmake/Dependencies.cmake /home/bringauto/modules/cmake/Dependencies.cmake && \
cp /home/bringauto/teleop-module/version.txt /home/bringauto/modules/version.txt
WORKDIR /home/bringauto/modules/package_build
RUN cmake .. -DCMAKE_BUILD_TYPE=Release -DBRINGAUTO_GET_PACKAGES_ONLY=ON \
-DCMCONF_FLEET_PROTOCOL_DIR=/home/bringauto/cmconf
# Build teleop module
WORKDIR /home/bringauto/teleop-module/_build
RUN cmake .. -DCMAKE_BUILD_TYPE=Release -DBRINGAUTO_INSTALL=ON \
-DCMAKE_INSTALL_PREFIX=/home/bringauto/modules/teleop_module/ \
-DFLEET_PROTOCOL_BUILD_MODULE_GATEWAY=OFF \
-DCMCONF_FLEET_PROTOCOL_DIR=/home/bringauto/cmconf && \
make install
FROM bringauto/python-environment:latest
# Keeps Python from buffering stdout and stderr to avoid situations where
# the application crashes without emitting any logs due to buffering.
ENV PYTHONUNBUFFERED=1
WORKDIR /home/bringauto
# Install Python dependencies while ignoring overriding system packages inside the container
COPY requirements.txt /home/bringauto/external_server/requirements.txt
COPY --chown=bringauto:bringauto lib /home/bringauto/external_server/lib/
# Workdir needs to be set before installing requirements because of the local protobuf package
WORKDIR /home/bringauto/external_server
RUN "$PYTHON_ENVIRONMENT_PYTHON3" -m pip install --no-cache-dir -r /home/bringauto/external_server/requirements.txt
# Copy project files into the docker image
COPY external_server /home/bringauto/external_server/external_server/
COPY config/for_docker.json /home/bringauto/external_server/config/for_docker.json
# Copy module libraries
COPY --from=mission_module_builder /home/bringauto/modules /home/bringauto/modules
COPY --from=io_module_builder /home/bringauto/modules /home/bringauto/modules
COPY --from=transparent_module_builder /home/bringauto/modules /home/bringauto/modules
COPY --from=teleop_module_builder /home/bringauto/modules /home/bringauto/modules
USER 5000:5000
RUN mkdir -p /home/bringauto/log/
# Set the entrypoint
# "bash" and "-c" have to be used to be able to use environment variables
# $0 and $@ are needed to pass arguments to the script
ENTRYPOINT [ "bash", "-c", "$PYTHON_ENVIRONMENT_PYTHON3 -m external_server $0 $@" ]
CMD [ "/home/bringauto/external_server/config/for_docker.json" ]