Split Dockerfile into multiple stages per package to be built.

2023-03-13 03:25:41 +01:00 · 2023-03-13 03:25:41 +01:00 · 2396d6fb62
parent 7572f594e7
commit 2396d6fb62
1 changed files with 293 additions and 20 deletions
--- a/icedreammusic/ndi-feeder/Dockerfile
+++ b/icedreammusic/ndi-feeder/Dockerfile
@ -1,11 +1,102 @@
-FROM busybox
+# syntax=docker/dockerfile:1.2.1

-WORKDIR /target/usr/local/bin/
-COPY *.sh .
-RUN dos2unix *.sh
-RUN chmod -v +x *.sh
+FROM alpine AS rootfs
+
+RUN apk add --no-cache gnupg
+
+RUN wget -O- https://raw.githubusercontent.com/archlinuxarm/archlinuxarm-keyring/master/archlinuxarm.gpg | gpg --import
+
+WORKDIR /target/
+ARG ALARM_ROOTFS_URL=http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-2-latest.tar.gz
+RUN wget "${ALARM_ROOTFS_URL}" -O/tmp/rootfs.tar.gz
+RUN wget "${ALARM_ROOTFS_URL}.sig" -O/tmp/rootfs.tar.gz.sig
+RUN gpg --verify /tmp/rootfs.tar.gz.sig
+RUN tar -xvpzf /tmp/rootfs.tar.gz

 ###
+# PREPARE LAYER FOR UPDATES AND GENERAL PACKAGE INSTALLATION
+
+# FROM scratch AS image-base
+
+# COPY --from=rootfs /target/ /
+
+FROM archlinux AS image-base
+
+# Make powerpill not act up later, placing this early for validation consistency
+RUN sed -i 's,SigLevel\s\+=\s\+Required,SigLevel = PackageRequired,' /etc/pacman.conf
+
+RUN pacman -Sy --noconfirm
+RUN pacman-key --init
+
+# Install core keyring (https://archlinuxarm.org/about/package-signing)
+# RUN pacman -S --needed --noconfirm archlinuxarm-keyring
+# RUN pacman-key --populate archlinuxarm
+RUN pacman-key --populate archlinux
+RUN pacman -S --needed --noconfirm archlinux-keyring
+RUN pacman-key --populate archlinux
+
+# ###
+# # INSTALL FILESYSTEM PACKAGE UPDATES
+# # We have to do this with an alternative root since /etc/{hosts,resolv.conf}
+# # are mounted read-only by Docker.
+
+# FROM image-base AS updated-filesystem-base
+
+# COPY --from=image-base / /target/
+
+FROM image-base AS updated-filesystem-base
+
+# RUN \
+# 	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+# 	--mount=type=cache,target=/tmp/build/.cache \
+# 	pacman -r /target/ -S --noconfirm --needed filesystem
+
+# ###
+# # LAYER USED FOR INSTALLING UPDATES AND ADDITIONAL PACKAGES USED IN FINAL IMAGE
+
+# FROM scratch AS base
+
+# COPY --from=updated-filesystem-base /target/ /
+
+FROM updated-filesystem-base AS base
+
+# # Install updates
+# # NOTE - we install fsck helpers for fat and ext4 in this stage to save on time spent on /boot updates
+# RUN \
+# 	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+# 	--mount=type=cache,target=/tmp/build/.cache \
+# 	pacman -Suu --noconfirm --needed dosfstools e2fsprogs
+
+###
+# LAYER USED TO COMPILE STUFF
+
+FROM image-base AS base-devel
+
+RUN pacman -S --noconfirm base-devel git
+
+#RUN pacman -S --noconfirm --needed sudo
+RUN (echo "" && echo "%wheel ALL=(ALL) NOPASSWD: ALL") >> /etc/sudoers
+
+RUN useradd -r -N -m -G wheel -d /tmp/build -k /var/empty build
+
+RUN sed -i \
+	-e 's,#MAKEFLAGS=.*,MAKEFLAGS="-j$(getconf _NPROCESSORS_ONLN)",g' \
+	/etc/makepkg.conf
+
+RUN \
+	--mount=type=cache,target=/tmp/build/.cache \
+	chown -Rv build /tmp/build /tmp/build/.cache
+
+RUN echo "ParallelDownloads = 5" >>/etc/pacman.conf
+
+USER build
+
+# Needed for anything commits
+RUN git config --global user.email "$(whoami)@localhost"
+RUN git config --global user.name "Build"
+
+###
+# FAKESILENCE

 FROM golang:1 AS fakesilence

@ -15,27 +106,209 @@ RUN go install -v -ldflags "-s -w" github.com/icedream/fakesilence@"${FAKESILENC
 RUN cp -v "$GOPATH"/bin/* /usr/local/bin

 ###
+# YAY

-# yay build
+FROM base-devel AS yay

-FROM archlinux
+WORKDIR /usr/src/yay
+RUN git clone --recursive https://aur.archlinux.org/yay.git .
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	makepkg -sr --noconfirm --nocheck

-WORKDIR /usr/src/ndi-feeder/
-RUN pacman --noconfirm -Sy git sudo make binutils fakeroot base-devel
-RUN echo "" && echo "%wheel ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
-RUN useradd -UMr -d /usr/src/ndi-feeder/ -G wheel app
-RUN chown -R app .
+###
+# BASE DEVEL (YAY)

-USER app
-RUN git clone --recursive https://aur.archlinux.org/yay.git yay/
-RUN cd yay && makepkg --noconfirm -si && cd .. && rm -r yay
-RUN yay --noconfirm -S pod2man && sudo rm -r ~/.cache /var/cache/pacman/*
-RUN yay --noconfirm -S ndi-advanced-sdk && sudo rm -r ~/.cache /var/cache/pacman/*
-RUN yay --noconfirm -S ffmpeg-ndi && sudo rm -r ~/.cache /var/cache/pacman/*
+FROM base-devel AS base-devel-yay
+
+USER root
+COPY --from=yay /usr/src/yay/*.pkg.* /tmp/
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	pacman --noconfirm -U /tmp/*.pkg.* && rm /tmp/*.pkg.*
+
+USER build
+
+###
+# POD2MAN
+
+FROM base-devel-yay AS pod2man
+
+WORKDIR /usr/src/pod2man
+
+RUN git clone --recursive https://aur.archlinux.org/pod2man.git .
+
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	(. ./PKGBUILD && yay -S --noconfirm --asdeps --provides --needed $(yay -T "${depends[@]}") && (mv -v ~/.cache/yay/*/*.pkg.* . || true))
+RUN makepkg -sr --noconfirm
+
+###
+# NDI-SDK-EMBEDDED
+
+FROM base-devel-yay AS ndi-sdk-embedded
+
+WORKDIR /usr/src/ndi-sdk-embedded
+
+RUN git clone --recursive https://aur.archlinux.org/ndi-sdk-embedded.git .
+
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	(. ./PKGBUILD && yay -S --noconfirm --asdeps --provides --needed $(yay -T "${depends[@]}") && (mv -v ~/.cache/yay/*/*.pkg.* . || true))
+RUN makepkg -sr --noconfirm
+
+###
+# NDI-SDK
+
+FROM base-devel-yay AS ndi-sdk
+
+WORKDIR /usr/src/ndi-sdk
+RUN git clone --recursive https://aur.archlinux.org/ndi-sdk.git .
+
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	(. ./PKGBUILD && yay -S --noconfirm --asdeps --provides --needed $(yay -T "${depends[@]}") && (mv -v ~/.cache/yay/*/*.pkg.* . || true))
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	(. ./PKGBUILD && yay -S --noconfirm --asdeps --provides --needed $(yay -T "${makedepends[@]}"))
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	makepkg -sr --noconfirm
+
+###
+# NDI-ADVANCED-SDK
+
+FROM base-devel-yay AS ndi-advanced-sdk
+
+WORKDIR /usr/src/ndi-advanced-sdk
+RUN git clone --recursive https://aur.archlinux.org/ndi-advanced-sdk.git .
+
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	(. ./PKGBUILD && yay -S --noconfirm --asdeps --provides --needed $(yay -T "${depends[@]}") && (mv -v ~/.cache/yay/*/*.pkg.* . || true))
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	(. ./PKGBUILD && yay -S --noconfirm --asdeps --provides --needed $(yay -T "${makedepends[@]}"))
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	makepkg -sr --noconfirm
+
+###
+# FFMPEG-NDI
+
+FROM base-devel-yay AS ffmpeg-ndi
+
+WORKDIR /usr/src/ffmpeg-ndi
+
+USER root
+# COPY --from=ndi-sdk-embedded /usr/src/ndi-sdk-embedded/*.pkg.* /tmp/
+COPY --from=ndi-sdk /usr/src/ndi-sdk/*.pkg.* /tmp/
+COPY --from=pod2man /usr/src/pod2man/*.pkg.* /tmp/
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	yay --noconfirm -U /tmp/*.pkg.* && rm /tmp/*.pkg.*
+
+USER build
+RUN git clone --recursive https://aur.archlinux.org/ffmpeg-ndi.git .
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	(\
+	. ./PKGBUILD &&\
+	if [ "${#depends[@]}" -eq 0 ]; then exit; fi &&\
+	packages=$(yay -T "${depends[@]}" 2>/dev/null|| true) &&\
+	if [ -z "$packages" ]; then exit; fi &&\
+	yay -S --noconfirm --asdeps --provides --needed $packages &&\
+	find ~/.cache/yay/ -mindepth 2 -maxdepth 2 -name \*.pkg.\* -exec mv {} . \;\
+	)
+# RUN (. ./PKGBUILD && yay -S --noconfirm --asdeps --provides --needed $(yay -T "${optdepends[@]}") && (mv -v ~/.cache/yay/*/*.pkg.* . || true))
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	(\
+	. ./PKGBUILD &&\
+	if [ "${#makedepends[@]}" -eq 0 ]; then exit; fi &&\
+	packages=$(yay -T "${makedepends[@]}" 2>/dev/null|| true) &&\
+	if [ -z "$packages" ]; then exit; fi &&\
+	yay -S --noconfirm --asdeps --provides --needed $packages \
+	)
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	makepkg -sr --noconfirm --nocheck
+
+###
+# PERMISSIONS FOR FINAL IMAGE FILES
+
+FROM busybox AS files
+
+WORKDIR /target/usr/local/bin/
+COPY *.sh .
+RUN dos2unix *.sh
+RUN chmod -v +x *.sh
+
+###
+# PACKAGES
+
+FROM scratch as packages
+
+COPY --from=ndi-sdk /usr/src/ndi-sdk/*.pkg.* /packages/
+COPY --from=ffmpeg-ndi /usr/src/ffmpeg-ndi/*.pkg.* /packages/
+COPY --from=fakesilence /usr/local/bin/fakesilence /target/usr/local/bin/
+
+###
+# PACKAGE INSTALL
+
+FROM base AS install
+
+USER root
+# COPY --from=powerpill /usr/src/powerpill/*.pkg.* /tmp/
+# RUN \
+# 	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+# 	--mount=type=cache,target=/tmp/build/.cache \
+# 	pacman --noconfirm -U /tmp/*.pkg.*; rm /tmp/*.pkg.*
+
+#COPY --from=yay /usr/src/yay/*.pkg.* /tmp/
+COPY --from=ndi-sdk /usr/src/ndi-sdk/*.pkg.* /tmp/
+COPY --from=ffmpeg-ndi /usr/src/ffmpeg-ndi/*.pkg.* /tmp/
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	rm -f /var/cache/pacman/pkg/cache.lck; pacman --noconfirm -U /tmp/*.pkg.*; rm /tmp/*.pkg.*
+
+RUN \
+	--mount=type=cache,target=/var/cache/pacman/pkg,sharing=locked \
+	--mount=type=cache,target=/tmp/build/.cache \
+	rm -f /var/cache/pacman/pkg/cache.lck; pacman -S --noconfirm --needed sudo realtime-privileges

 COPY --from=fakesilence /usr/local/bin/fakesilence /usr/local/bin/

-COPY --from=0 /target/ /
-CMD ["ndi-feeder.sh"]
+COPY --from=files /target/ /

+RUN rm -rf /var/cache/pacman/pkg/*
+
+###
+# FINAL IMAGE
+
+FROM base AS final-image
+
+# squash all the package installation into a single
+COPY --from=install / /
+
+RUN useradd -m -u 1000 -G wheel,realtime,audio,video ndi-feeder
+RUN echo "ndi-feeder:ndi-feeder" | chpasswd
+
+USER ndi-feeder
+CMD ["ndi-feeder.sh"]
 STOPSIGNAL SIGTERM