hasura/graphql-engine
1
0
Fork 0
mirror of https://github.com/hasura/graphql-engine.git synced 2024-12-14 08:02:15 +03:00
Code Issues Projects Releases Wiki Activity

Allow adding extra packages to individual Docker builds (#1403)

Browse Source 
<!-- The PR description should answer 2 important questions: -->

### What

Historically we've had a few extra deps we've needed in our Docker
containers, and they've been added to all of them. However we now need
to add `curl` to the artifact server, which somewhat increases the
capacities of any attacker, so let's be more granular and only add the
extra packages each image needs.

### How

Some (hopefully reasonably self-explanatory) Nix.

V3_GIT_ORIGIN_REV_ID: 0b5dd6bda92223c9c2261b47fda7773d19ccfe79
This commit is contained in:
Daniel Harvey 2024-12-02 11:42:47 +00:00 committed by hasura-bot
parent c6e34aff72
commit 533fcbfcb3
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
v3/flake.nix
View File

@ -60,6 +60,13 @@
ExposedPorts = { "3050/tcp" = { }; };
};
};
# for adding extra packages inside the Docker container
dockerExtraContents = {
"engine" = [ pkgs.cacert ]; # so local dev can use SSH
"multitenant-engine" = [ pkgs.bash pkgs.coreutils ]; # to run sleep in a healthcheck, we should remove this soon
"artifact-server" = [ pkgs.curl ];
};
in
{
formatter = pkgs.nixpkgs-fmt;
@ -120,6 +127,7 @@
architecture = dockerArchitectures.${targetSystem};
image-name = "build.internal/${binaryName}-${targetSystem}";
extraConfig = dockerConfig.${binaryName} or { };
extraContents = dockerExtraContents.${binaryName} or [ ];
}
else null;
})

3
v3/nix/docker.nix
View File

@ -6,6 +6,7 @@
, pkgs
, architecture ? null
, tag ? null # defaults to the output hash
, extraContents ? [ ] # extra packages to include in this Docker image
, extraConfig ? { } # see config options at: https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions
}:
@ -13,7 +14,7 @@ let
args = {
name = image-name;
created = "now";
contents = [ pkgs.cacert pkgs.bash pkgs.coreutils package ];
contents = [ package ] ++ extraContents;
config = {
Entrypoint = [
"/bin/${package.pname}"