Reduce number of layers in main container image

ansible · Oct 3, 2024 · e8c17fc · e8c17fc
1 parent 0ac92f7
commit e8c17fc
Show file tree

Hide file tree

Showing 6 changed files with 102 additions and 46 deletions.
diff --git a/devspaces/context/setup.sh b/devspaces/context/setup.sh
@@ -29,7 +29,7 @@ dnf install -y \
     --exclude container-selinux
 dnf clean all
 
-/usr/bin/python${PYV} -m pip install --no-cache-dir -r requirements.txt
+/usr/bin/python${PYV} -m pip install -r requirements.txt
 
 ansible-galaxy collection install -r requirements.yml
 

diff --git a/final/Containerfile b/final/Containerfile
@@ -18,43 +18,8 @@ LABEL org.opencontainers.image.vendor="Red Hat"
 LABEL org.opencontainers.image.licenses="GPL-3.0"
 LABEL org.opencontainers.image.description="An execution environment targeted for Ansible content creators."
 
-
-RUN microdnf -y makecache && microdnf -y update
-RUN microdnf -y install shadow-utils
-RUN rpm --setcaps shadow-utils 2>/dev/null
-RUN \
-microdnf install -y \
-tar \
-echo \
-podman \
-fuse-overlayfs \
-openssh-clients \
-zsh \
-util-linux-user \
-which \
-git \
-nano \
-vim \
-dumb-init \
-# ansible-pylibssh, onigurumacffi/arm64 needs:
-gcc \
-git-core \
-libssh-devel \
-python3-markupsafe \
-# ansible-navigator needs:
-ncurses \
-oniguruma-devel \
-python3-bcrypt \
-python3-cffi \
-# onigurumacffi/arm64 needs:
-python3-devel \
-python3-pip \
-python3-pyyaml \
-python3-ruamel-yaml \
-python3-wheel \
---exclude container-selinux \
-    && microdnf clean all \
-    && ln -s /usr/bin/vim /usr/bin/vi
+WORKDIR /context
+RUN --mount=type=bind,target=. --mount=type=cache,dst=/var/cache/dnf --mount=type=cache,dst=/root/.cache/pip context/setup.sh
 
 ARG _REPO_URL="https://raw.githubusercontent.com/containers/image_build/main/podman"
 ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
@@ -110,7 +75,7 @@ RUN for dir in \
 # base ansible-dev-tools setup
 
 COPY dist/*.whl /tmp/dist
-RUN sh -ec -o pipefail "ls -1 /tmp/dist/*.whl | xargs -I '{}' python3 -m pip install --no-cache-dir '{}[server,lock]' && rm -rf /tmp/dist"
+RUN --mount=type=cache,dst=/root/.cache/pip sh -ec -o pipefail "ls -1 /tmp/dist/*.whl | xargs -I '{}' python3 -m pip install -q '{}[server,lock]' && rm -rf /tmp/dist"
 
 RUN \
 mkdir -p ~/.ansible/roles /usr/share/ansible/roles /etc/ansible/roles && \

diff --git a/final/context/setup.sh b/final/context/setup.sh
@@ -0,0 +1,39 @@
+#!/bin/bash -e
+# cspell: ignore onigurumacffi,makecache,euxo,libssh,overlayfs,setcaps
+set -euxo pipefail
+
+microdnf -q -y makecache
+microdnf -q -y update
+microdnf -q -y install shadow-utils
+rpm --setcaps shadow-utils 2>/dev/null
+
+microdnf remove -y subscription-manager dnf-plugin-subscription-manager
+microdnf install -q -y \
+tar \
+echo \
+podman \
+fuse-overlayfs \
+openssh-clients \
+zsh \
+util-linux-user \
+which \
+git \
+nano \
+vim \
+dumb-init \
+gcc \
+git-core \
+libssh-devel \
+python3-markupsafe \
+ncurses \
+oniguruma-devel \
+python3-bcrypt \
+python3-cffi \
+python3-devel \
+python3-pip \
+python3-pyyaml \
+python3-ruamel-yaml \
+python3-wheel \
+--exclude container-selinux \
+    && microdnf -q clean all \
+    && ln -s /usr/bin/vim /usr/bin/vi
diff --git a/final/setup.sh b/final/setup.sh
@@ -0,0 +1,42 @@
+#!/bin/bash -e
+# cspell: ignore onigurumacffi,makecache,euxo,libssh,overlayfs,setcaps
+set -euxo pipefail
+
+microdnf -q -y makecache && microdnf -q -y update
+microdnf -q -y install shadow-utils
+rpm --setcaps shadow-utils 2>/dev/null
+
+microdnf remove -y subscription-manager dnf-plugin-subscription-manager
+
+# gcc: for ansible-pylibssh, onigurumacffi/arm64
+# ncurses: for ansible-navigator
+# oniguruma-devel: onigurumacffi/arm64 (does not have binary)
+microdnf install -q -y \
+tar \
+echo \
+podman \
+fuse-overlayfs \
+openssh-clients \
+zsh \
+util-linux-user \
+which \
+git \
+nano \
+vim \
+dumb-init \
+gcc \
+git-core \
+libssh-devel \
+python3-markupsafe \
+ncurses \
+oniguruma-devel \
+python3-bcrypt \
+python3-cffi \
+python3-devel \
+python3-pip \
+python3-pyyaml \
+python3-ruamel-yaml \
+python3-wheel \
+--exclude container-selinux \
+    && microdnf -q clean all \
+    && ln -s /usr/bin/vim /usr/bin/vi
diff --git a/tools/image.sh b/tools/image.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+# cspell: ignore exuo,outdir
+set -exuo pipefail
+
+REPO_DIR=$(git rev-parse --show-toplevel)
+
+
+# BUILD_CMD="podman build --squash-all"
+BUILD_CMD="docker build --progress=plain"
+
+python -m build --outdir $REPO_DIR/final/dist/ --wheel $REPO_DIR
+ansible-builder create -f execution-environment.yml --output-filename Containerfile -v3
+$BUILD_CMD -f context/Containerfile context/ --tag community-ansible-dev-tools-base:latest
+$BUILD_CMD -f final/Containerfile final/ --tag community-ansible-dev-tools:test
+pytest --only-container --image-name community-ansible-dev-tools:test
diff --git a/tox.ini b/tox.ini
@@ -121,14 +121,9 @@ deps =
     setuptools # https://github.com/ansible/ansible-builder/issues/644
 commands_pre =
 commands =
-    python -m build --outdir {toxinidir}/final/dist/ --wheel {toxinidir}
-    ansible-builder create -f execution-environment.yml --output-filename Containerfile -v3
-    podman build --squash-all context/ --tag community-ansible-dev-tools-base:latest
-    podman build --squash-all final/ --tag community-ansible-dev-tools:test
-    pytest --only-container --image-name community-ansible-dev-tools:test
+    ./tools/image.sh
 allowlist_externals =
-    podman
-    pytest
+    ./tools/image.sh
 
 [testenv:test-image]
 description =