-
Notifications
You must be signed in to change notification settings - Fork 0
/
build.sh
executable file
·105 lines (98 loc) · 3.23 KB
/
build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/usr/bin/env bash
# Shell script for building Docker image
# It is possible to set UID, GID, and username to the matching
# user on the host by building a local image from mambaorg/micromamba
# git clone https://github.com/mamba-org/micromamba-docker.git
# cd micromamba-docker
# docker build . -t micromamba_local_user --build-arg="MAMBA_USER=$USER" \
# --build-arg="MAMBA_USER_ID=$(id -u)" \
# --build-arg="MAMBA_USER_GID=$(id -g)"
# and then change the base image in the Dockerfile from e.g.
# mambaorg/micromamba:1.5.6
# to
# micromamba_local_user
# Images should use user:name:digest in order to avoid collisions
USERNAME=$USER
APPLICATION_ID="test_app"
NOTEBOOK_ID="notebook"
BUILD_NOTEBOOK=""
DIGEST=""
ENVIRONMENT_FILE="env.yaml"
usage ()
{
printf 'Builds the Docker image from the Dockerfile\n'
printf 'Usage: %s [OPTIONS] [<env_name>.yaml]\n\n' "$0"
printf 'Option(s):\n'
printf " -d: development mode (create $USER/$APPLICATION_ID:dev)\n"
printf ' -f: force fresh build, ignoring cached build stages (will e.g. update Python packages)\n'
printf " -n: Jupyter Notebook mode (create $USER/$NOTEBOOK_ID or $USER/$NOTEBOOK_ID:<env_name>)\n"
}
if [[ $1 = "--help" ]]; then
usage
exit 0
fi
while getopts ":dfn" opt; do
case ${opt} in
d)
if [ "$APPLICATION_ID" = "$NOTEBOOK_ID" ]; then
echo "ERROR: Incompatible options -d and -n. Aborting."
exit 1
else
echo "INFO: Building DEVELOPMENT image"
DIGEST="dev"
fi
;;
f)
echo "INFO: Force fresh build, ignoring cached build stages (will update Python packages and Debian packages)"
PARAMETERS="--no-cache"
;;
n)
if [ "$DIGEST" = "dev" ]; then
echo "ERROR: Incompatible options -d and -n. Aborting."
exit 1
else
echo "INFO: Building Jupyter NOTEBOOK image"
ENVIRONMENT_FILE="notebook.yaml"
APPLICATION_ID=$NOTEBOOK_ID
BUILD_NOTEBOOK="--build-arg NOTEBOOK_MODE=true"
fi
;;
?)
usage && exit 1
esac
done
# Remove processed arguments
shift $((OPTIND-1))
if [ $# -eq 0 ]; then
echo "INFO: Environment file = $ENVIRONMENT_FILE"
else
ENVIRONMENT_FILE="$1.yaml"
# user:test_app:env-dev
# user:test_app:env
# user:notebook:env
DIGEST="$1${DIGEST:+-$DIGEST}"
echo "INFO: Environment file = $ENVIRONMENT_FILE"
fi
# Test if environment file exists
if [ ! -f "$ENVIRONMENT_FILE" ]; then
echo "ERROR: Environment file $ENVIRONMENT_FILE not found. Aborting."
exit 1
fi
# Hint: ${DIGEST:+:$DIGEST} means add ":value" if variable DIGEST is set, nothing otherwise
IMAGE_NAME="${USER}/${APPLICATION_ID}${DIGEST:+:$DIGEST}"
echo INFO: Image tag = $IMAGE_NAME
docker build $PARAMETERS \
--build-arg="ENVIRONMENT_FILE=$ENVIRONMENT_FILE" \
$BUILD_NOTEBOOK \
--progress=plain --tag $IMAGE_NAME .
echo INFO: Writing lock file of installed packages for $ENVIRONMENT_FILE
docker run \
--security-opt seccomp=seccomp-default.json \
--security-opt=no-new-privileges \
--read-only --tmpfs /tmp \
--cap-drop all \
--rm \
$IMAGE_NAME \
micromamba env export -n base > $ENVIRONMENT_FILE.lock
# --explicit would give more details, but would be less portable
echo INFO: Build completed.