garethr/multi-stage-build-example garethr/multi-stage-build-example

  • Stars
    star
    119
  • Rank 297,930 (Top 6 %)
  • Language Makefile
  • License
    Other
  • Created about 6 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
garethr/multi-stage-build-example
github

garethr

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Example repository to accompany my talk at Velocity 2018

Multi-stage build example for Velocity 2018

This repository contains a working example for the talk at Velocity 2018 in London on Advanced Docker image build patterns. The focus is on the Dockerfile, with other tooling or code included to make that example actually work. The application is written in Python, but hopefully the ideas should be pretty generally applicable. The Makefile is included as much as documentation as for actual usage. I've included an annotated version of the Dockerfile below.

# We name the `base` stage so we can refence it in multiple later
# stages but only need to update it in one place if we change it
FROM python:3-alpine AS base

WORKDIR /app
RUN pip install pipenv==2018.10.13

COPY Pipfile /app/
COPY Pipfile.lock /app/

RUN pipenv install --system --deploy


# The `app` stage is used as the base for images that don't
# need the development dependencies
FROM base AS app
COPY src /app


# The `test-base` stage is used as the base for images that require
# the development dependencies. The duplication of the COPY instruction
# avoids breaking the cache for that later when the Pipfile changes 
FROM base AS test-base
RUN pipenv install --system --deploy --dev
COPY src /app


# The `Test` stage runs the application unit tests, the build will fail
# if the tests fail. Note this stage name is capitalised, this is purely
# a convetion for stages which result in useful images. Think of it like
# hint that this is a public interface
FROM test-base AS Test
RUN pytest --black


# The `Check` stage runs a check of the package dependencies against a list
# of known security vulnerabilities. The build will fail if vulnerabilities
# are found
FROM test-base AS Check
RUN safety check


# The `Security` stage checks the application for security vulnerabilities using the 
# Aqua MicroScanner. This requires providing a build-arg with your MicroScanner token
FROM app AS Security
ARG MICROSCANNER
RUN wget -O /microscanner https://get.aquasec.com/microscanner && chmod +x /microscanner
RUN /microscanner $MICROSCANNER --full-output


# The `Docs` stage builds documentation from the application source code
# and serves that on a simple web server
FROM test-base AS Docs
RUN pycco -i *.py
WORKDIR /app/docs
EXPOSE 8000
CMD ["python", "-m", "http.server"]


# `Shell` will build an image that, when run, drops you into a 
# python shell with the application context loaded
FROM app AS Shell
CMD ["flask", "shell"]


# `release` acts as the basis for images which will actually run the application 
FROM app AS release
EXPOSE 5000


# `Dev` runs the application using the development web server, and enables
# developer tools like the debugger and interactive expcetions
FROM release AS Dev
ENV FLASK_ENV=development
CMD ["python", "app.py"]


# The `Prod` stage is the default stage if the Dockerfile is run without 
# a target stage set. The resulting image will run the application using a
# production webserver and configuration
FROM release As Prod
CMD ["gunicorn", "-b", ":5000", "app:app"]

Google Cloud Build

The above Dockerfile is also used for running the tests in Google Cloud Build. See the accompanying cloudbuild.yaml file for details. The plan is to mechanically generate this file from the Dockerfile.

GitHub Actions

The Dockerfile is also used for running on GitHub with GitHub Actions. If you're thinking this duplicates the Google Cloud Build example you'd be right. This repository is intended as an example and playground. As with the cloudbuild.yaml file above it should be possible to mechanically generate this too.

workflow "Quality" {
   on = "push"
   resolves = ["check", "test", "lint", "security", "validate"]
 }

 action "check" {
   uses = "actions/docker/cli@master"
   args = "build --target check ."
 }

 action "test" {
   uses = "actions/docker/cli@master"
   args = "build --target test ."
 }

 action "security" {
   uses = "actions/docker/cli@master"
   secrets = ["MICROSCANNER"]
   args = "build --target security --build-arg MICROSCANNER=${MICROSCANNER} ."
 }

 action "lint" {
   uses = "actions/docker/cli@master"
   args = "run -i hadolint/hadolint hadolint --ignore SC2035 - < Dockerfile"
 }

 action "build" {
   uses = "actions/docker/cli@master"
   args = "build -t sample ."
 }

 action "validate" {
   uses = "docker://gcr.io/gcp-runtimes/container-structure-test"
   needs = "build"
   args = "test --image sample --config structure-tests.yaml"
 }

Knative Build

Knative Build is a CRD for Kubernetes which supports building in a cluster. I've also included a sample buildtemplate.yaml which demonstrates using Knative Build to run the above checks as well. This template uses a local Docker socket for demonstration purposes but could be converted to a different builder if needed.

More Repositories

1

vagrantboxes-heroku

Repository for http://www.vagrantbox.es
1,281
star
2

garethr-docker

Puppet module for managing docker
Ruby
397
star
3

puppet-module-skeleton

A pretty opinionated skeleton for writing your own puppet modules
HTML
312
star
4

kubetest

Write unit tests for your Kubernetes configurations
Go
310
star
5

kubernetes-json-schema

A set of JSON schemas for various Kubernetes versions, extracted from the OpenAPI definitions
250
star
6

pentesting-playground

Code for installing various security minded tools onto Vagrant powered virtual machines
Puppet
172
star
7

django-timelog

Performance logging middlware and analysis tools for Django
Python
152
star
8

django-test-extensions

A set of custom assertions and examples for use testing django applications
Python
145
star
9

serf-master

A small python framework for writing Serf handlers
Python
126
star
10

django-project-templates

A set of Paster templates for Django projects, including a fabric deployment script
Python
124
star
11

logstash-patterns

A collection of grok patterns for use with logstash
Ruby
98
star
12

cloth

EC2 tasks for Fabric
Python
97
star
13

packer-serverspec-example

Using Serverspec tests to verify images built using Packer
Ruby
96
star
14

prodder

An opinionated test suite focused on generally applicable web application security rules
Ruby
94
star
15

docker-label-inspector

Docker Label Inspector is a tool to help ensure you're providing your Docker images with the metadata they will need out in the wilds of the internet.
Python
80
star
16

ansible-provisioner

A Digital Ocean specific provisioning and orchestration tool built around Ansible
Python
76
star
17

zapr

Easy to use command line security scanner
Ruby
59
star
18

appengine-image-host

Simple image resizing and hosting application
Python
45
star
19

hiera-etcd

A hiera backend for use with the etcd distributed configuration store
Ruby
44
star
20

policykit

A set of utilities and classes for working with Open Policy Agent based tools, including Gatekeeper and Conftest
Python
39
star
21

ruby-vagrantboxes

Ruby gem for interacting with the vagrantbox.es api from inside vagrant
Ruby
37
star
22

riemann-vagrant

A vagrantfile and puppet setup to get playing with Riemann quickly
Ruby
37
star
23

packages

Scripts for building and maintaining a debian package repository using Vagrant
CSS
37
star
24

kubernetes-webhook-examples

Python examples of mutating and validating kubernetes webhook admission controllers
Python
36
star
25

puppet-docker-example

An example of using the Puppet Docker module to manage containers, including Consul for service discovery
Ruby
35
star
26

Asteroid

A simple web interface for running scripts and recording the results
Python
35
star
27

django-clue

A collection of useful development middleware for Django packaged under a custom runserver command
Python
33
star
28

garethr-key_value_config

Puppet type and providers for managing configuration in key/value stores
Ruby
30
star
29

puppet-docker-swarm-example

An example using Puppet to launch a Swarm cluster using Consul
Ruby
30
star
30

sinatra-hello-world

A Hello World style application demonstrating the Sinatra Ruby framework
Ruby
28
star
31

garethr-kubernetes

Puppet types and provider for managing Pods, ReplicationControllers, Services and more in Kubernetes
Ruby
28
star
32

appengine-imified

Example of providing an Instant Messaging interface to App Engine application
Python
24
star
33

web-puppet

A tiny ruby rack application which exposes the data from puppet as JSON over HTTP
Ruby
23
star
34

openshift-json-schema

A set of JSON schemas for various OpenShift versions, extracted from the OpenAPI definitions
Shell
23
star
35

django-googlecalendar

A Django application which provides a front end to one or more Google Calendars
23
star
36

capistrano-puppet

Get capistrano hosts from puppet
Ruby
21
star
37

bolt

A script runner
Ruby
19
star
38

localbuilder

Python script for monitoring a given directory for changes and running a command when something changes
Python
19
star
39

pycnab

Python library for manipulating Cloud Native Application Bundles
Python
19
star
40

garethr-iaas

Experiment with Puppet types and providers for managing virtual machines from an IaaS
Ruby
17
star
41

appengine-bugs

Super simple issue tracker for Google AppEngine, the code behind GitBug
Python
16
star
42

garethr-riemann

Puppet module for Riemann, published on the Puppet Forge
Ruby
16
star
43

snyk-sbom-examples

Examples of using Snyk's SBOM APIs.
Python
15
star
44

sensu-playground

A demo of a vagrant powered multi-node sensu setup, using the sensu puppet module
Puppet
15
star
45

docker-app-cnab-examples

Examples originally for the KubeCon workshop at Microsoft Reactor
Makefile
14
star
46

appengine-uptime

site monitoring utility hosted on Google App Engine
Python
14
star
47

helm-travis-testing-example

Smarty
14
star
48

kubernetes-tools

Python
13
star
49

devopsweekly

Content for the Devops Weekly site
HTML
12
star
50

snyky

A known vulnerable Flask app with an excessive amount of automated testing
Open Policy Agent
12
star
51

tk-demo-puppet

A working example of using Test Kitchen for integration testing of puppet manifests and modules
Ruby
12
star
52

librarian-puppet-vagrant

Vagrant middleware to run librarian puppet before each vagrant up and vagrant provision
Ruby
12
star
53

jenkins-build-list

A very simple Clojure/Noir application which hits the Jenkins API and lists recent builds for a particular job.
Clojure
12
star
54

docker-spec-example

An example of testing docker image builds
Ruby
12
star
55

snyk-tekton

A set of Tekton Tasks for using Snyk to check for vulnerabilities in your pipelines
HTML
11
star
56

booky

script to build compile a book from text file
Python
11
star
57

puppet-swagger-generator

Generate Puppet types and providers from Swagger specifications
Ruby
11
star
58

snykctl

A CLI tool for interacting with the Snyk API.
Crystal
11
star
59

appengine-queue

Simple Queue for App Engine
Python
10
star
60

garethr-kibana

Puppet module to install and configure the kibana logstash interface
Puppet
10
star
61

nginx-json-proxy

An experiment with openresty, lua and nginx
Nginx
10
star
62

chef-repo

Personal cookbooks
Ruby
10
star
63

appengine-books

AppEngine book listing webservice, web site and admin
Python
10
star
64

vagrant-cucumber-host

Vagrant plugin to run cucumber acceptance tests for Vagrant boxes
Ruby
10
star
65

garethr-diamond

Puppet module for the Diamond stats collection daemon
Ruby
9
star
66

cloud-native-tools

A database of activity around various Cloud Native tools
Makefile
9
star
67

gmetric-web

Simple HTTP interface for adding custom time metrics to Ganglia.
Python
9
star
68

serverspec-puppetdb

Example using PuppetDB to generate Serverspec tests
Ruby
9
star
69

garethr-nginx

A very un-opinionated nginx module for Puppet which focuses on installation and NOT configuration
Ruby
9
star
70

dockerfilepp

Library for writing your own Dockerfile pre-processors
Go
8
star
71

urltest

A simple DSL for writing url based tests for WSGI applications
Python
8
star
72

garethr-graphite

Puppet module for the Graphite monitoring tool
Puppet
8
star
73

snyksh

An interactive shell for exploring the Snyk API
Python
8
star
74

garethr-erlang

Puppet module for managing erlang from official package repository
Ruby
7
star
75

web-facter

Expose facts from Facter as JSON over HTTP
Ruby
7
star
76

findcve

Find CVEs from a list of packages in different formats
Python
7
star
77

dockerfilepp-labels

A dockerfile pre-processor for adding dynamic labels
Go
7
star
78

appengine-seller

Sample App Engine integration with PayPal
Python
7
star
79

epydoc-themes

Application to support alternative stylesheets for epydoc
7
star
80

digitalocean-expect

Experiments in testing an IaaS
Clojure
7
star
81

fixmysite

Like FixMyStreet but for Websites, or like GetSatisfaction but for the UK Government Online
Python
7
star
82

garethr-mirageos

Puppet module to install Mirage and it's dependencies
Ruby
7
star
83

puppet-mesos-example

An example of using Puppet to manage a Mesos, Chronos and Marathon cluster
Ruby
7
star
84

garethr-digitalocean

Puppet module to manage droplets on digitalocean IaaS
Ruby
7
star
85

lastbot

A simple search bot for last.fm created during the last.fm hackday
Python
7
star
86

django-http-debug

Simple HTTP logging server, useful for debugging HTTP clients of various types
Python
6
star
87

garethr-sysdig

Puppet module for installing sysdig
Ruby
6
star
88

inboxer

Putting the web in your inbox
Ruby
6
star
89

appengine-template

Quick start template for App Engine projects based on webapp
6
star
90

puppetdb-expect

Experiment writing tests against data in PuppetDB
Clojure
6
star
91

do-test-kitchen

An example, ideal for a CI environment, of using the Test Kitchen Digital Ocean driver and the new shell provisioner
Ruby
6
star
92

docker-applications

A set of example Docker Apps
6
star
93

django-train

Django blogging application based around generic views, flatpages and tagging
Python
5
star
94

django-linklist

Django application for managing a set of ordered lists of links
Python
5
star
95

knb

Proof-of-concept Knative Build user interface
Python
5
star
96

dockerfilepp-puppet

A small experiment in Dockerfile pre-processing
Makefile
5
star
97

jruby-embedded-jetty

Simple example of creating an executable war file with an embedded jetty
Ruby
5
star
98

graylogtail

Use logtail to push log files into Graylog2
Python
5
star
99

gatling-demo

Simple demo of using Gatling assertions
Scala
5
star
100

nash

Nagios dashboard
Ruby
5
star