SPIKE: Ruby lite / generic containerised

[sanfrancrisko]

• [x] Use Ruby lite as a base container
• [x] Install the PDK runtime gems on top of this (including Puppet gem)
• [x] Ruby commands can be run within this container (called externally)
• [x] Document pros / cons for the PoC for evaluation from team after

[sanfrancrisko]

Experiment Notes 2021-09-15

Thanks to @michaeltlombardi for the prior work and write up on #164 , I was able to get a container up and running without too much hassle

I started with the Ruby 2.7-slim Dockerfile and then tweaked to:

• Install the following packages: build-essential, git
• Install the following gem: pdk
• Create an entrypoint to PDK

diff --git b/Dockerfile.original a/Dockerfile
index 1042aa3..ca4e68d 100644
--- a/Dockerfile.original
+++ b/Dockerfile
@@ -9,10 +9,8 @@ FROM debian:bullseye-slim
 RUN set -eux; \
        apt-get update; \
        apt-get install -y --no-install-recommends \
+               build-essential \
                bzip2 \
                ca-certificates \
+               git \
                libffi-dev \
                libgmp-dev \
                libssl-dev \
@@ -120,7 +118,3 @@ ENV BUNDLE_SILENCE_ROOT_WARNING=1 \
 ENV PATH $GEM_HOME/bin:$PATH
 # adjust permissions of a few directories for running "gem install" as an arbitrary user
 RUN mkdir -p "$GEM_HOME" && chmod 777 "$GEM_HOME"
+RUN gem install pdk
+
+ENTRYPOINT ["/usr/local/bundle/bin/pdk"]
+CMD ["validate"]

Following @michaeltlombardi's example, I then ran pdk validate on the puppetlabs-motd module:

docker run -v ${PWD}:/module -w /module pdkdocker

The image size (entirely unoptimized) is 422MB.

It is also possible to install any/all native compiled gems, including pry.

I also experimented with calling gem install puppet-strings puppet-lint, which then allowed me to call puppet strings and puppet-lint as expected.

Initial thoughts

• Miniminal effort to get up and running with a Linux container
• A Windows container would likely require more effort, although an example Dockerfile does exist
• A Mac container solution would likely require a more customised version. Containerised macOS instances still seem to be an enigma and unsupported.

Similar pros/cons @michaeltlombardi reported in #164 apply here, along with some unique issues:

• This will require that the end user have Docker and access to either the public docker repo or their own mirror
• This can be consumed neatly inside of a GitHub Action

Some unique cons to this solution:

• Ultimately, this is not using the same flavour of Ruby that the Puppet Agent is using
• One limitation to this solution is the fact that that the images with older Ruby versions are removed quicker than we may like:
  • 2021-06-25: Ruby 2.5 removed due to it being EOL'd
  • 2020-04-13: Ruby 2.4 removed due to it being EOL'd

Summary

This was a relatively simple solution to assemble, I think issue of upstream base images disappearing from us before we're ready to EOL support on our side, adds a bit more complexity compared to #164, however, the Ruby builds are still available here, the older Dockerfiles can be located here, so we could certainly continue to maintain these ourselves, if needs be.

The fact we're not using the same flavour of Ruby as the agent is probably going to be the question we need to answer before continuing in attempting to productionise this solution more.