search

pandaman64 / satysfi-playground

satysfi-playground.vercel.app
11 stars 1 forks source link

Can we use a Docker environment with satyrographos snapshots? #3

Open na4zagin3 opened 2 years ago

na4zagin3 commented 2 years ago

Can we able to create a docker image where satyrographos-snapshot-stable is installed so that people can use libraries there (e.g., easytable)?

It should be technically possible because https://github.com/amutake/docker-satysfi contains opam, but I'm not sure how to with Nix.

pandaman64 commented 2 years ago

Thank you for your interest, and I definitely want to include those packages in the Playground environment!

I think it should be possible, but we need to figure out the best way to move forward. I can think of the following solutions:

Use docker-satysfi and install packages on top of it using opam

It's possible to use a Docker image with necessary packages built on top of docker-satysfi. But I'd like to keep the image minimal to reduce the attack vector. That's why I created an image only with satysfi binary from scratch using Nix instead of docker-satysfi.

Nix-based build steps for satyrographos-repo

One of the difficulties with Nix is that it dislikes other package managers😥 So if we want to proceed with Nix, we might need to reimplement satyrographos with Nix😖 So I have a question: does satyrographos support generating a tarball that bundles a whole package snapshot? If this is possible, we can just download and unpack to the desired location (if satysfi had an option for loading from whatever directory, it would be great, though).

pandaman64 commented 2 years ago

As for selecting environments, I would provide options among pre-built snapshots (like minimal, medium, full). But I do not plan to allow users to customize the execution environment arbitrarily like selecting only what they need because of the security concern.

na4zagin3 commented 2 years ago

As for selecting environments, I would provide options among pre-built snapshots (like minimal, medium, full). But I do not plan to allow users to customize the execution environment arbitrarily like selecting only what they need because of the security concern.

It makes sense. I cannot recommend running Satyrographos at runtime until I implement special treatments for unreliable inputs.

does satyrographos support generating a tarball that bundles a whole package snapshot?

Once you have OPAM, you can generate the tarball with the following steps:

# Add external repos
$ opam repo add satyrographos git+https://github.com/na4zagin3/satyrographos-repo.git
$ opam repo add satysfi-external git+https://github.com/gfngfn/satysfi-external-repo.git

# Install the latest stable snapshot to the current OPAM switch
$ opam install satyrographos-snapshot-stable

# Create a tarball
$ opam exec -- satyrographos install dist --copy
$ rm -rf dist/docs # I think docs are useless here
$ tar cf satysfi-dist.tar.xz dist/

You can use the distribution with SATySFi's --config option

# Extract the dist tar at some empty directory
$ mkdir satysfi-config
$ tar xf satysfi-dist.tar.xz -C satysfi-config

# You can make SATySFi read configuration from ./satysfi-config
$ satysfi --no-default-config --config ./satysfi-config document.saty
pandaman64 commented 2 years ago

@na4zagin3 I could make Playground work with Satyrographos packages. Thanks! However, catching up with the snapshot updates will be tedious for me. So, do you mind releasing each snapshot in satyrographos-repo? I feel like it should be possible to write a GitHub workflow that creates a release with snapshot tarball after a snapshot PR is merged, but I'm not sure how the GitHub actions are set up...

To create an appropriate tarball, this script works: https://github.com/pandaman64/satyrographos/blob/f74f6ba91443719080b35764789017ef75dbbb21/.github/workflows/release.yaml#L51-L56 Note that I created tarball/dist directory so that the unpacked directory will contain a directory named dist.