mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
Thomas Kosiewski
5f9b3220b5
This PR replaces the hand-rolled `curl | tar | go install | cargo install` chains in the dogfood Ubuntu 22.04 and 26.04 Dockerfiles with a single `mise install` driven by a new repo-root `mise.toml`. The previous Dockerfiles installed ~25 CLIs across three multi-stage builds with versions hardcoded inline. Version bumps were scattered across the Dockerfiles, the root `mise.toml` (added in #24618 but otherwise unused at runtime), and CI's setup actions; build-time network failures came from a dozen distinct endpoints; and `mise` itself sat in the image with no manifest to install from. The new flow: - The repo's `mise.toml` is the single source of truth for image tool versions. The Dockerfiles `COPY` it to `/etc/mise/config.toml` and run a single `mise install` as the `coder` user. - Tools are installed into `/opt/mise/data` rather than the default `/home/coder/.local/share/mise`, so they live in the image (not on the persistent home volume) and reach every workspace on recreate. - Build context moves to the repo root so the Dockerfile can `COPY mise.toml`; an allowlist `.dockerignore` keeps the transferred context to ~24 kB. - Optional `--secret id=github_token` plumbing through the Makefile and `.github/workflows/dogfood.yaml` lifts aqua's GitHub API quota from 60/hr unauthenticated to 1000/hr with `secrets.GITHUB_TOKEN`. - `MISE_TRUSTED_CONFIG_PATHS=/home/coder:/etc/mise` is set as an ENV so users who clone the coder repo into their workspace home aren't prompted to `mise trust`. Net diff for the two Ubuntu Dockerfiles: -399 / +244 lines (~200 lines shorter each). The `FROM rust-utils`, `FROM go`, and `FROM proto` multi-stage builds are gone; so are the NVM/Node block, the bulk binary-install block (golangci-lint, helm, kubectx, syft, cosign, bun), the gh `.deb`/lazygit/doctl tarball installs, the gofmt `update-alternatives` line, and the `yq`→`yq4` rename (`scripts/lib.sh:267-275` already auto-detects either name). Both images were built and smoke-tested with Apple's `container` CLI on macOS — every migrated tool resolves to the expected pinned version including outside the cloned coder repo (e.g. `gh` from `/home/coder`, matching the workspace startup script in `dogfood/coder/main.tf`), `sqlc` runs (proving `CGO_ENABLED=1` was honoured at install), `yq --version` reports v4 for `scripts/lib.sh`'s detection, and `gofmt` resolves via the mise shim. Follow-ups (out of scope here): - Commit a multi-platform `mise.lock` so `gh = "latest"` and the other floating versions resolve deterministically across rebuilds and dev machines. - Migrate CI's `setup-go` / `setup-node` actions to consume `mise.toml` so image and CI versions stop being able to drift. --------- Signed-off-by: Thomas Kosiewski <tk@coder.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
29 lines
1.1 KiB
Plaintext
29 lines
1.1 KiB
Plaintext
# This file controls what docker/BuildKit may send to the daemon when
|
|
# the build context is the repository root. Today only the dogfood
|
|
# images at dogfood/coder/ubuntu-{22,26}.04/Dockerfile use the repo
|
|
# root as context; other docker builds in this repo (scripts/Dockerfile,
|
|
# scripts/Dockerfile.base, scripts/ironbank/Dockerfile) cd into a
|
|
# temporary directory and have their own contexts.
|
|
#
|
|
# We use an allowlist so the context stays small and predictable, and
|
|
# new top-level files added to the repo do not silently inflate every
|
|
# dogfood image build (depot.dev uploads the context over the network).
|
|
|
|
# Exclude everything by default; only the paths that the dogfood
|
|
# Dockerfiles actually consume are re-included below. Re-including a
|
|
# file under a directory requires re-including the directory itself.
|
|
**
|
|
|
|
# Re-allow paths the dogfood Dockerfiles consume.
|
|
!mise.toml
|
|
!mise.lock
|
|
!dogfood
|
|
!dogfood/coder
|
|
!dogfood/coder/ubuntu-22.04
|
|
!dogfood/coder/ubuntu-22.04/configure-chrome-flags.sh
|
|
!dogfood/coder/ubuntu-22.04/files
|
|
!dogfood/coder/ubuntu-22.04/files/**
|
|
!dogfood/coder/ubuntu-26.04
|
|
!dogfood/coder/ubuntu-26.04/files
|
|
!dogfood/coder/ubuntu-26.04/files/**
|