chore: Dockerfile remove redundant directives
#3914
Conversation
|
|
|
Given the past associated issues were neglected, I am not too keen to invest more time than necessary. I'll give the CLA a look and the other checklist items if this PR actually gets acknowledged with interest to merge it. The scratch image seems redundant, you've got a replacement image now with the rough equivalent via Google distroless base image. You might as well drop it? The main difference apart from noted issues in the scratch Dockerfile is also a lack of the sqlite support. Your alpine vs sqlite (alpine) images are effectively the same too, except for the |
There was a problem hiding this comment.
Given the past associated issues were neglected, I am not too keen to invest more time than necessary.
No problem!
The scratch image seems redundant, you've got a replacement image now with the rough equivalent via Google distroless base image. You might as well drop it? The main difference apart from noted issues in the scratch Dockerfile is also a lack of the sqlite support.
Some dockerfiles are only used in the repo itself (for dev purposes) and some are being pushed to our docker registry. You can find the files used for prod distribution in the goreleaser config. Generally not too keen to deprecate image variants because someone always complains about it.
Your alpine vs sqlite (alpine) images are effectively the same too, except for the sqlite package and slightly different default CMD. Probably no need or benefit maintaining the two with such a low distinction?
That makes sense but please in another pr
| # NOTE: This is broken already. Even though this image provides a shell, you'd need to configure it with | ||
| # `SHELL ["/busybox/sh", "-c"]`, however `apt-get` does not exist either in a distroless image. | ||
| # This was original an Alpine image, the refactoring was not verified properly in this commit: | ||
| # https://github.com/ory/hydra/commit/c1e1a569621d88365dceee7372ca49ecd119f939#diff-ae54bef08e3587b28ad8e93eb253a9a5cd9ea6f4251977e35b88dc6b42329e25L31 |
There was a problem hiding this comment.
The HSM image is really just to run some e2e hsm tests. It's not being distributed and should not be used.
There was a problem hiding this comment.
Yeah, e2e tests are now failing. Probably just revert the changes here
https://github.com/ory/hydra/actions/runs/12523819546/job/34933781514?pr=3914
/etc/nsswitch.confworkaround.VOLUMEdirectives.Related issue(s)
The associated issues have been ignored for over a year. They've now been marked as stale, this PR attempts to address them for this repo.
#3685
#3683
See the issues for detailed justification of the summarized changes.
Checklist
vulnerability. If this pull request addresses a security vulnerability, I
confirm that I got the approval (please contact
[email protected]) from the maintainers to push
the changes.
Further Comments
These changes should be rather straight-forward. The bulk of the changeset is just noise repeating the same lines across several Dockerfiles, but I did notice inconsistencies which hint that these files may need to be revisited by someone more familiar with them.
Especially with the HSM image which appears to have had the
runnerstage broken since this June 2023 PR. though only earlier stages are built with the Makefile:hydra/Makefile
Lines 89 to 96 in 8e71f91
The HSM quickstart compose example should attempt to build the
runnerstage and fail:hydra/quickstart-hsm.yml
Line 16 in 8e71f91