search

alphagov / cyber-security-concourse-base-image

1 stars 3 forks source link

Create an `amazonlinux:2` based tag of the base image, with Python 3.8 #25

Closed denizgenc closed 4 years ago

denizgenc commented 4 years ago

Summary

This PR represents a new base image that has Python 3.8 only (therefore it would break existing pipelines). It is based on the amazonlinux:2 Docker image, and creates a new task in the pipeline to build based on the amazonlinux2 branch (the one this PR is originating from).

Notes

This is part of the work to migrate the Cyber Security API to Lambda + ALB using Terraform, as seen in this issue: alphagov/cyber-security-api/issues/60 and this PR: alphagov/cyber-security-api/pull/61

In our particular use case, the building and testing of the application was made far simpler by using Amazon Linux based images. Deployment using Terraform didn't really change that much.

I have opened a draft PR because the Dockerfile shouldn't be merged as is. The pipeline.yml configuration actually points at the amazonlinux2 branch in this repo, so merging this to master will not only break pipelines that rely on Python 3.7 and/or Ubuntu behaviour, but it would break the build of this amazonlinux2 tag of the image, since the branch would be deleted.

This draft PR therefore exists to create discussion on how to handle this additional tag. Do we just create a new subdirectory in the repo root and build off that? I'm not too sure.

Please also note the fact that we've moved the installation of Terraform from the Dockerfile to an external shell script. This was required to actually get the Dockerfile to build, as the RUN commands for the Terraform installation would not complete. Regardless I think it's a good change that should be added to the Ubuntu build as well, as it improves readability.

denizgenc commented 4 years ago

The 2 commits above move the amazonlinux2 Dockerfile (and the related install_terraform.sh script) to its own amazonlinux2 Dockerfile.

It's important to note that, as of the above changes, the pipeline still uploads the image to the amazonlinux2 tag of gdscyber/cyber-security-concourse-base-image on Docker Hub.

I highlight this because it might be desired to upload this to its own repository, like we do with all of the other images defined in the pipeline.yml. Comments and suggestions are appreciated.